Hash Functions and Digital Signatures: Lecture 11 ECE 646 - Prof. Krzysztof Gaj, Study notes of Cryptography and System Security

The basics of hash functions, message authentication codes (macs), and digital signatures. Topics include hash function requirements, security considerations, and applications. The document also discusses various hash function algorithms and their security levels.

Typology: Study notes

Pre 2010

Uploaded on 02/10/2009

koofers-user-da9fiy8s1l
koofers-user-da9fiy8s1l 🇺🇸

4

(1)

9 documents

1 / 22

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
Hash functions & MACs
ECE 646 Lecture 11
Message
Hash
function
Public key
algorithm
Alice
Signature
Alice’s private key
Bob
Hash
function
Alice’s public key
Digital Signature
Hash value 1
Hash value 2
Hash value
Public key
algorithm
yes no
Message Signature
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16

Partial preview of the text

Download Hash Functions and Digital Signatures: Lecture 11 ECE 646 - Prof. Krzysztof Gaj and more Study notes Cryptography and System Security in PDF only on Docsity!

Hash functions & MACs

ECE 646 Lecture 11

Message

Hash function

Public key algorithm

Alice Signature

Alice’s private key

Bob

Hash function

Alice’s public key

Digital Signature

Hash value 1

Hash value 2

Hash value

Public key algorithm

yes no

Message Signature

Hash function

arbitrary length

message

hash

function

h(m) hash value

h

m

fixed length

Vocabulary

hash function

message digest

hash value

hash total

fingerprint

imprint

cryptographic checksum

compressed encoding

MDC, Message Digest Code

message digest

Hash functions

Dependence between requirements

collision resistant

2nd preimage resistant

Hash functions

(unkeyed)

OWHF CRHF

One-Way

Hash Functions

Collision-Resistant

Hash Functions

preimage resistance

2nd preimage resistance

collision resistance

Brute force attack against

One-Way Hash Function

m i’

i=1.. 2 n

2 n^ messages with the contents required by the forger h

h ( m i’) = y

n - bits

Given y

Creating multiple versions of

the required message

I

state confirm

thereby

  • that I^

borrowed received

$10, ten thousand dollars from^

Mr. Dr.

Kris Krzysztof

Gaj on November 15,11 / 15 / 2002. This

money sum of money

should is required to be^

returned given back to^

Mr. Dr. Gaj

by the

22 nd 23 rd^ day of^

November December 2002.

I

state confirm

thereby

  • that on

borrowed received from^

Mr. Dr.

Kris Krzysztof

on

November 15, 11 / 15 / 2002

This textitem

should is required to be^

returned given back to^

Mr. Dr. Gaj

Message acceptable for the signer

I a^ bookmanuscript

security in wireless networks. fast implementations of cryptography.

by the

22 nd 23 rd^ day of^

November December 2002.

Birthday paradox

How many students must be in a class so that

there is a greater than 50% chance that

2. any two of the students share the same

birthday (up to the day and month)?

1. one of the students shares the teacher’s

birthday (up to the day and month)?

Birthday paradox

How many students must be in a class so that

there is a greater than 50% chance that

1. one of the students shares the teacher’s

birthday (day and month)?

2. any two of the students share the same

birthday (day and month)?

~ ó 366 |^^19

Brute force attack against

Collision Resistant Hash Function

Probability p that two different messages have the

same hash value:

p = 1 - exp (-

r^2

2 n^

For r = 2n/2^ p = 63%

Hash function algorithms

Customized (dedicated)

Based on block ciphers

Based on modular arithmetic

MDC- MDC- IBM, Brachtl, Meyer, Schilling, 1988

MASH- 1988-

MD2 (^) Rivest 1988

MD4 (^) Rivest 1990

MD Rivest 1990

SHA-

SHA-

RIPEMD-

RIPEMD-

European RACE Integrity Primitives Evaluation Project, 1992

NSA, 1992

NSA, 1995 SHA-256, SHA-384, SHA-512 (^) NSA, 2000

Security of dedicated hash functions

MD

MD

MD5 (^) SHA-

SHA-

RIPEMD-

RIPEMD-

partially broken

broken , H. Dobbertin, 1995 (one hour on PC, 20 free bytes at the start of the message)

partially broken, collisions for the compression function, Dobbertin, 1996 (10 hours on PC)

weakness discovered, 1995 NSA, 1998 France

reduced round version broken, Dobbertin 1995

SHA-256, SHA-384, SHA-

Hash functions

Applications (1)

1. Digital Signatures

Advantages

  1. Shorter signature
  2. Much faster computations
  3. Larger resistance to manipulation (one block instead of several blocks of signature)
  4. Resistance to the multiplicative attacks
  5. Avoids problems with different sizes of the sender and the receiver moduli

Hash functions

Applications (2)

2. Fingerprint of a program or a document

(e.g., to detect a modification by a virus

or an intruder)

program

hash

fingerprint original_fingerprint

safe place

Hash functions

Applications (4)

4. Fast encryption

PRNG

ki mi ci

k 0 = hash(KAB || IV ) k 1 = hash(KAB || k 0 )

................. kn = hash(KAB || kn-1)

or

k 0 = hash(KAB || IV) k 1 = hash(KAB || c 0 )

................. kn = hash(KAB || cn-1)

General scheme for constructing

a secure hash function

Message m

Padding, appending bit length, M

M 1

IV

H 0 H 1 H 2

f f****...

Ht

compression function

output transformation

h(m) g

M 2 Mt

General scheme for constructing

a secure hash function

H 0 = IV Hi = f (Hi-1, Mi) h(m) = g(Ht)

f

Compression

function r

n n

Entire hash

Hi-1 Hi

Mi

In SHA- n= r=

In MD n= r=

Hash padding

message 100000000000 length

length of the entire message in bits

X X X 0 0 0 0 0

64-bits

All zero padding:

X X X 0 0 0 0 0

Correct padding: X X X 0 0 1 0 0 X X X 1 0 0 0 0

Message block 512 512 1024 1024 size

Number of 80 64 80 80 digest rounds

SHA-1 SHA-256 SHA-384 SHA-

Parameters of new hash functions

Features affecting implementation speed

SHA-512, SHA-

SHA-

SHA-

Speed

Area

Results of conceptual comparison

0

100

200

300

400

500

600

700

462

616

Speed in hardware [Mbit/s]

SHA-1 (^) SHA-

Results of the prototype FPGA implementation

Complexity of the best attack 280 2256 the same as^ Skipjack^ AES-

GMU, 2002

Message

Secret key algorithm

Alice MAC

Secret key of Alice and Bob

Bob

Secret key algorithm

Authentication

MAC’

MAC

yes no

Message MAC

Secret key of Alice and Bob

KAB KAB

MAC functions

Security requirements

Given zero or more pairs

mi, MACK(mi) (^) i = 1..k

it is computationally impossible to find any new pair

m’ , MACK(m’ )

Such that

m’ ≠ mi i = 1..k

MAC functions

Security requirements

Resistance against

  1. Known-text attack
  2. Chosen-text attack
  3. Adaptive chosen-text attack

CBC-MAC (1)

E

K

m 1

E

K

m 2

E

K

mt

H 1 H 2

Ht

Ht-

D

E

K’

K

MAC

MAC

FIPS-

CBC-MAC (1)

H 0 = IV = 0

Hi = DESK(mi ⊕ Hi-1) i = 1..t

MAC(m) = Ht[1..32]

or

MAC(m) = EK(EK’ -1(Ht))[1..32]