Modern Cryptography: Cryptography Hashes

1 / 29

# Modern Cryptography: Cryptography Hashes - PowerPoint PPT Presentation

Modern Cryptography: Cryptography Hashes. Message Digests. Overview. Cryptographic hash functions are functions that: Map an arbitrary-length (but finite) input to a fixed-size output. Are one-way (hard to invert).

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about 'Modern Cryptography: Cryptography Hashes' - kuame-rodriquez

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Modern Cryptography:

Cryptography Hashes

Overview
• Cryptographic hash functions are functions that:
• Map an arbitrary-length (but finite) input to a fixed-size output.
• Are one-way (hard to invert).
• Are collision-resistant (difficult to find two values that produce the same output).
• Examples:
• Message digest functions - protect the integrity of data by creating a fingerprint of a digital document.
• Message Authentication Codes (MAC) - protect both the integrity and authenticity of data by creating a fingerprint based on both the digital document and a secret key.
Checksums vs. Message Digests
• Checksums:
• Used to produce a compact representation of a message.
• If the message changes the checksum will probably not match.
• Good: accidental changes to a message can be detected.
• Bad: easy to purposely alter a message without changing the checksum.
• Message digests:
• Used to produce a compact representation (called the fingerprint or digest) of a message.
• If the message changes the digest will probably not match.
• Good: accidental changes to a message can be detected.
• Good: difficult to alter a message without changing the digest.
Hash Functions
• Message digest functions are hash functions:
• A hash function, H(M)=h, takes an arbitrary-length input, M, and produces a fixed-length output, h.
• Example hash function:
• H = sum all the letters of an input word modulo 26.
• Input: a word.
• Output: a number between 0 and 25, inclusive.
• Example:
• H(“Elvis”) = ((‘E’ + ‘L’ + ‘V’ + ‘I’ + ‘S’) mod 26)
• H(“Elvis”) = ((5+12+22+9+19) mod 26)
• H(“Elvis”) = (67 mod 26)
• H(“Elvis”) = 15
Collisions
• For the hash function:
• H = sum all the letters of an input word modulo 26.
• There are more inputs (words) than possible outputs (numbers 0-25).
• Some different inputs produce the same output.
• A collision occurs when two different inputs produce the same output:
• The values x and y are not the same, but H(x) and H(y) are the same.
Collision-Resistant Hash Functions
• Hash functions for which it is difficult to find collisions are called collision-resistant.
• A collision-resistant hash function, H(M)=h:
• For any message, M1, it is difficult to find another message, M2 such that:
• M1 and M2 are not the same.
• H(M1) and H(M2) are the same.
One-Way Hash Functions
• A function, H(M)=h, is one-way if:
• Forward direction: given M it is easy to compute h.
• Backward direction: given h it is difficult to compute M.
• A one-way hash function:
• Easy to compute the hash for a given message.
• Hard to determine what message produced a given hash value.
Message Digest Functions

Message digest functions are collision-resistant, one-way hash functions:

• Given a message it is easy to compute its digest.
• Hard to find any message that produces a given digest (one-way).
• Hard to find any two messages that have the same digest (collision-resistant).
Using Message Digest Functions

Message digest functions can be used to ascertain data integrity:

• A company makes some software available for download over the World Wide Web.
• Users want to be sure that they receive a copy that has not been tampered with.
• Solution:
• The company creates a message digest for its software.
• The digest is transmitted (securely) to users.
• Users compute their own digest for the software they receive.
• If the digests match the software probably has not been altered.
The Secure Hash Algorithm (SHA)
• A Federal Information Processing Standard (FIPS 180-1) adopted by the U.S. government in 1995.
• Based on a message digest function called MD4 created by Ron Rivest.
• Developed by NIST and the NSA.
• Input: a message of b bits.
• Output: a 160-bit message digest.
• Input: a message of b bits
• Padding makes the message length a multiple of 512 bits.
• The input is always padded (even if its length is already a multiple of 512).
• Padding is accomplished by appending to the input:
• A single bit, 1,
• Enough additional bits, all 0, to make the final 512-bit block exactly 448 bits long,
• A 64-bit integer representing the length of the original message in bits.
• Consider the following message:
• M = 01100010 11001010 1001 (20 bits)
• 1 (1 bit),
• 427 0s (because 448-21 = 427 bits),
• 64-bit binary representation of the number 20 (64 bits).
• Result:
• Pad(M) = 01100010 11001010 10011000 00000000 . . . 00000000 00010100 (512 bits).
• 464 0s have been omitted above (denoted by the ellipsis).
SHA – Constant Initialization

• Five 32-bit words:
• H0= 67452301
• H1= EFCDAB89
• H3= 10325476
• H4= C3D2E1F0
• Eighty 32-bit words:
• K0– K19= 5A827999
• K20 – K39= 6ED9EBA1
• K40 – K59= 8F1BBCDC
• K60– K79= CA62C1D6
SHA – Step 1
• The padded message contains a whole number of 512-bit blocks, denoted B1, B2, B3, . . ., Bn
• Each 512-bit block, Bi, of the padded message is processed in turn:
• Bi is divided into 16 32-bit words, W0, W1, . . ., W15
• W0 is composed of the leftmost 32 bits in Bi
• W1 is composed of the second 32 bits in Bi

• W15 is composed of the rightmost 32 bits in Bi
SHA – Step 2
• W0, W1, . . ., W15 are used to compute 64 new 32-bit words (W16, W17, . . ., W79)
• Wj (16 <j < 79) is computed by:
• XORing words Wj-3, Wj-8, Wj-14, and Wj-16 together
• Circularly left shifting the result one bit

for j = 16 to 79

do

Wj= Circular_Left_Shift_1(Wj-3Wj-8Wj-14Wj-16)

done

SHA – Step 3
• The values of H0, H1, H2, H3, and H4are copiedinto five words called A, B, C, D, and E:
• A = H0
• B = H1
• C = H2
• D = H3
• E = H4
SHA – Step 4
• Four functions are defined as follows:
• For (0 <j < 19):
• fj(B,C,D) = (B AND C) OR ((NOT B) AND D)
• For (20 <j < 39):
• fj(B,C,D) = (B C D)
• For (40 <j < 59):
• fj(B,C,D) = ((B AND C ) OR (B AND D) OR (C AND D))
• For (60 <j < 79):
• fj(B,C,D) = (B C D)
SHA – Step 4 (cont)
• For each of the 80 words, W0, W1, . . ., W79, a 32-bit word called TEMP is computed
• The values of the words A, B, C, D, and E are updated as shown below:

for j = 0 to 79

do

TEMP = Circular_Left_Shift_5(A) + fj(B,C,D) + E + Wj+ Kj

E = D; D = C; C = Circular_Left_Shift_30(B); B = A; A = TEMP

done

SHA – Step 5
• The values of H0, H1, H2, H3, and H4, are updated:
• H0= H0+ A
• H1= H1+ B
• H2= H2+ C
• H3= H3+ D
• H4= H4+ E
SHA - Summary
• Initialize constants
• For each 512-bit block (B1, B2, B3, . . ., Bn):
• Divide Bi into 16 32-bit words (W0– W15)
• Compute 64 new 32-bit words (W16, W17, . . ., W79)
• Copy H0 -H4 into A, B, C, D, and E
• For each Wj (W0– W79) compute TEMP and update A-E
• Update H0 - H4
• The 160-bit message digest is: H0 H1 H2 H3 H4
Message Digests are not enough…
• Example: We want to use a message digest function to protect files on our computer from intruders:
• Calculate digests for important files and store them in a table.
• Recompute and check from time to time to verify that the files have not been modified.
• Good: if someone modifies a file the change will be detected since the digest of that file will be different.
• Bad: the attacker could just compute new digests for modified files and install them in the table.
• What is needed is a function that depends not only on the message, but also on some kind of secret.
Attacks on Message Digests
• Brute-force: Let H be a message digest, a one-way function and M be some piece of data. Can you find a piece of data M’ such that H(M) = H(M’)? Say that you generate sequences of M’ and compute H(M’) for each one until you find a match. How many M’ would you have to test?
• Birthday Attack: Say that H(.) produces n bits. If you choose M’ at random, you need to try at most 2n/2 messages to have greater than 50% chance of finding the M’ that you want. (See the Birthday Paradox in probability theory textbooks.)
Message Authentication Codes
• A message authentication code (MAC) is a

key-dependent message digest function:

MAC(Key,Message) = h

• The MAC can only be created or verified by someone who knows Key.
• One can turn a one-way hash function into a MAC by encrypting the hash value with a symmetric-key cryptosystem.
Using a MAC

MACs can be used to protect data integrity and authenticity:

• Want to use a MAC to protect files on our computer against tampering:
• Calculate MAC values for important files and store them in a table,
• Recompute MACs from time to time and compare to stored values to verify that the files haven’t been modified.
• Good: If someone modifies a file the hash of that file will be different.
• Good: As long as no one knows the proper key, new MACs can’t be stored in the table to cover the intruder’s tracks.
Implementing a MAC

Question: Does this structure look familiar?

Libraries for MDs and MACs

mhash: Supports SHA1, GOST, HAVAL256, HAVAL224, HAVAL192, HAVAL160, HAVAL128, MD5, MD4, RIPEMD160, TIGER, TIGER160, TIGER128, CRC32B and CRC32 checksums. Free (GNU LGPL).

http://mhash.sourceforge.net

java.security: Offers a number of classes for applications needing crypto primitives. MessageDigest, for instance, is a class that produces digests according to MD5 or SHA.

http://java.sun.com/j2se/1.4.2/docs/api/

OpenSSL: Secure sockets, MDs, MACs, ciphers (DES, AES, etc), big numbers, PRNGs, and lots of good stuff.

http://www.openssl.org

Summary

Message digests

• Message digest functions are collision-resistant, one-way hash functions:
• Collision-resistant: hard to find two values that produce the same output,
• One-way: hard to determine what input produced a given output.
• Protects the integrity of a digital document.

MACs

• A message authentication code is a key-dependent message digest function:
• The output is a function of both the hash function and a secret key.
• The MAC can only be created or verified by someone who knows the key.
• Protects the integrityand the authenticity of a digital document.