ECB 4493 Cryptography and Network Security

Outline

Introduction to hash functions

Properties of cryptographic hash functions
Applications of cryptographic hash functions
Message Digest (MD)
Secure Hash Algorithm (SHA)
Hash Function

A hash function H accepts a variable-length block of data M as input and

produces a fixed-size hash value
h = H(M)
Principal object is data integrity

(a) a data object

that maps to a pre-
specified hash result
An algorithm for (the one-way
which it is property) Cryptographic
computationally
infeasible to find (b) two data objects Hash Function
either that map to the
same hash result
(the collision-free
property)
Cryptographic Hash Function

= ()
Attacks against Hash Function
 Two Simple Hash Function
Consider two simple
insecure hash The input is viewed as a
sequence of n-bit blocks
functions that
The input is processed one block
operate using the at a time in an iterative fashion to
following general produce an n-bit hash function
principles:

Ci = bi1 xor bi2 xor . . . xor bim

Bit-by-bit exclusive- Produces a simple parity for each
bit position and is known as a
OR (XOR) of every longitudinal redundancy check
block Reasonably effective for random
data as a data integrity check

Perform a one-bit
circular shift on the Has the effect of randomizing
the input more completely and
hash value after overcoming any regularities that
each block is appear in the input
processed
Outline

Introduction to hash functions

Properties of cryptographic hash functions

Applications of cryptographic hash functions
Message Digest (MD)
Secure Hash Algorithm (SHA)
Requirements and Security

x is the preimage of h for a hash value h = H(x)

Is a data block whose hash function, using the
function H, is h
Because H is a many-to-one mapping, for any
given hash value h, there will in general be
multiple preimages

Occurs if we have x y and H(x) = H(y)

Because we are using hash functions for data
integrity, collisions are clearly undesirable
 H can be applied
to a block of data
of any size
Variable
input size

Output of H meets H produces a fixed

standard tests for
Pseudoran- Fixed
length output
pseudorandomness domness output size

Requirements
for H(x) is relatively
Collision Cryptographic easy to compute for
It is computationally resistance
infeasible to find any Hash Function any given x, making
(strong Efficiency both software &
pair (x,y) such that H(x)
collision hardware
= H(y)
resistance) implementations
practical

Second
For any given block x, it preimage Preimage For any given hash h, it is
is computationally resistance resistance computationally
infeasible to find y x, (weak (one-way infeasible to find y such
with H(y) = H(x) collision property) that H(y) = h
resistance)
Relationship among Hash Function
Properties

Second Preimage
resistant

Preimage Collision
resistant resistant
Hash Function Resistance Properties
Required for Various Data Integrity
Applications
Second
Preimage Collision
preimage
Resistant resistant
resistant
Hash + Digital Signature Yes Yes Yes*
Intrusion and virus
Yes
detection
Hash + symmetric
encryption
One-way password Yes

MAC Yes Yes Yes*

* Resist ance required if attacker is able t o mount a chosen message attack
Attacks on Hash Functions

Does not
depend on the
specific
algorithm, only
depends on bit
length

Brute-
force
Method is to Attack In the case of a
hash function,
pick values at
attack depends
random and try
only on the bit
each one until a
length of the
collision occurs
hash value
Attacks on Hash Functions

Seek to exploit
An attack based some property of
on weaknesses in the algorithm to
a particular Cryptanalysis perform some
cryptographic attack other than
algorithm an exhaustive
search
 For a collision resistant attack, an adversary wishes to find two
messages or data blocks that yield the same hash function

Birthday Attacks The effort required is explained by a mathematical result

referred to as the birthday paradox

The source (A) is

prepared to sign a
legitimate message x
by appending the
appropriate m-bit hash
code and encrypting
that hash code with As
private key

Because the two variations

The opponent offers
have the same hash code, Opponent generates
the valid variation to A
they will produce the same 2m/2 variations x of x,
for signature which can
signature and the opponent all with essentially the
then be attached to
is assured of success even same meaning, and
the fraudulent variation
though the encryption key is stores the messages
for transmission to the
and their hash values
not known intended recipient

Opponent generates a
Two sets of messages
fraudulent message y
are compared to find a
for which As signature
pair with the same hash
is desired
Outline

Introduction to hash functions

Properties of cryptographic hash functions

Applications of cryptographic hash functions

Message Digest
Secure Hash Algorithm (SHA)
Message Authentication Code (MAC)

Also known as a keyed hash function

Typically used between two parties that share a secret key to authenticate
information exchanged between those parties

Takes as input a If the integrity of the An attacker who

secret key and a message needs to alters the
data block and be checked, the message will be
produces a hash MAC function can unable to alter
value (MAC) be applied to the the associated
which is message and the MAC value
associated with result compared without
the protected with the associated knowledge of the
message MAC value secret key
Simplified Examples of Use of a Hash
Function for Message Authentication
Simplified Examples of Use of a Hash
Function for Message Authentication
 Digital Signature

Operation is similar to that of the MAC

Anyone who knows An attacker who Implications of

The hash value of a
the users public wishes to alter the digital signatures
message is
key can verify the message would go beyond just
encrypted with a
integrity of the need to know the message
users private key
message users private key authentication
Simplified Examples of Digital
Signatures
 Other Hash Function Uses
When a user enters a password, the hash of that
password is compared to the stored hash value for
Commonly used to create a verification
one-way password file This approach to password protection is used by most
operating systems

Store H(F) for each file on a system and secure the

hash values
Can be used for intrusion One can later determine if a file has been modified
and virus detection by re-computing H(F)
An intruder would need to change F without
changing H(F)

Can be used to construct a

pseudorandom function A common application for a hash-based PRF is for the
(PRF) or a pseudorandom generation of symmetric keys
number generator (PRNG)