Hash Functions and Message Digests: Concepts, Uses, and Algorithms (CS 4237), Exams of Cryptography and System Security

Download Hash Functions and Message Digests: Concepts, Uses, and Algorithms (CS 4237) and more Exams Cryptography and System Security in PDF only on Docsity! 1 CS 4237 Hashes and Message Digests Hashes  Hash is also called message digest  One-way function: d=h(m) but no h’(d)=m  Cannot find the message given a digest  Cannot find m1, m2, where d1=d2  Arbitrary-length message to fixed-length digest  Randomness  any bit in the outputs ‘1’ half the time  each output: 50% ‘1’ bits 2 Birthday Problem  Compute probability of different birthdays  Random sample of n people (birthdays) taken from k (365) days  kn samples with replacement  (k)n=k(k-1)…(k-n+1) sample without replacement  Probability of no repetition:  p = (k)n/kn ≈ 1 - n(n-1)/2k How Many Bits for Hash?  m bits, takes 2m/2 to find two with the same hash  64 bits, takes 232 messages to search (doable)  Need at least 128 bits 5 MD2  128-bit message digest:  Arbitrary number of bytes of message  First pad to multiple of 16 bytes  Append MD2 checksum (16 bytes) to the end  The checksum is almost a MD, but not cryptographically secure by itself.  Process whole message MD2 Checksum  One byte at a time, k × 16 steps  mnk: byte nk of message  cn=π(mnk ⊕ cn-1) ⊕ cn  π : 0 → 41, 1 → 46, …  Substitution on 0-255 (value of the byte) 6 MD2 Final Pass  Operate on 16-byte chunks  48-byte quantity q:  (current digest|chunk|digest⊕chunk)  18 passes of massaging over q, and one byte at a time:  cn=π(cn-1) ⊕ cn for n = 0, … 47; c-1 = 0 for pass 0; c-1 = (c47 + pass #) mod 256  After pass 17, use first 16 bytes as new digest  16 × 8 = 128 MD5: Message Digest Version 5 input Message Output 128 bits Digest 7 MD5 Box Initial 128-bit vector 512-bit message chunks (16 words) 128-bit result F: (x∧y)∨(~x ∧ z) G:(x ∧ z) ∨(y ∧~ z) H:x⊕y⊕ z I: y⊕(x ∧ ~z) +: binary sum x↵y: x left rotate y bits MD5: Padding input Message Output 128 bits Digest Padding512 bit block Initial Value 1 2 3 4 Final Output MD5 Transformation block by block 10 Different Passes...  Different functions and constants are used  Different set of mi is used  Different set of shift amount is used Functions and Random Numbers  F(x,y,z) == (x∧y)∨(~x ∧ z)  selection function  G(x,y,z) == (x ∧ z) ∨(y ∧~ z)  H(x,y,z) == x⊕y⊕ z  I(x,y,z) == y⊕(x ∧ ~z)  Ti = int(232 * abs(sin(i))), 0<i<65 11 Secure Hash Algorithm  Developed by NIST, specified in the Secure Hash Standard (SHS, FIPS Pub 180), 1993  SHA is specified as the hash algorithm in the Digital Signature Standard (DSS), NIST General Logic  Input message must be < 264 bits  not really a problem  Message is processed in 512-bit blocks sequentially  Message digest is 160 bits  SHA design is similar to MD5, but a lot stronger 12 Basic Steps Step1: Padding Step2: Appending length as 64 bit unsigned Step3: Initialize MD buffer 5 32-bit words A|B|C|D|E A = 67452301 B = efcdab89 C = 98badcfe D = 10325476 E = c3d2e1f0 Basic Steps... Step 4: the 80-step processing of 512-bit blocks – 4 rounds, 20 steps each. Each step t (0 <= t <= 79):  Input:  Wt – a 32-bit word from the message  Kt – a constant.  ABCDE: current MD.  Output:  ABCDE: new MD.