Hash and MAC Algorithms: SHA-512, Whirlpool, and Keyed Hash Functions, Slides of Cryptography and System Security

An overview of hash and message authentication code (mac) algorithms, focusing on sha-512 and whirlpool. Topics covered include the structure and function of hash algorithms, the use of hash functions as macs, and the comparison of sha-512 and whirlpool. The document also discusses the security and performance considerations of these algorithms.

Typology: Slides

2011/2012

Uploaded on 11/05/2012

patel
patel 🇮🇳

3.8

(15)

80 documents

1 / 22

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Cryptography and
Network Security
Chapter 12
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16

Partial preview of the text

Download Hash and MAC Algorithms: SHA-512, Whirlpool, and Keyed Hash Functions and more Slides Cryptography and System Security in PDF only on Docsity!

Cryptography and

Network Security

Chapter 12

Chapter 12 – Hash and MAC

Algorithms

Each of the messages, like each one he had ever read of Stern's commands, began with a number and ended with a number or row of numbers. No efforts on the part of Mungo or any of his experts had been able to break Stern's code, nor was there any clue as to what the preliminary number and those ultimate numbers signified. Talking to Strange Men, Ruth Rendell

Hash Algorithm Structure

Secure Hash Algorithm

 SHA originally designed by NIST & NSA in 1993

 was revised in 1995 as SHA-

 US standard for use with DSA signature scheme

 standard is FIPS 180-1 1995, also Internet RFC  nb. the algorithm is SHA, the standard is SHS

 based on design of MD4 with key differences

 produces 160-bit hash values

 recent 2005 results on security of SHA-1 have

raised concerns on its use in future applications

SHA-512 Overview

SHA-512 Compression

Function

 heart of the algorithm

 processing message in 1024-bit blocks

 consists of 80 rounds

 updating a 512-bit buffer  using a 64-bit value Wt derived from the current message block  and a round constant based on cube root of first 80 prime numbers

SHA-512 Round Function

Whirlpool

 now examine the Whirlpool hash function

 endorsed by European NESSIE project

 uses modified AES internals as

compression function

 addressing concerns on use of block

ciphers seen previously

 with performance comparable to dedicated

algorithms like SHA

Whirlpool Block Cipher W

 designed specifically for hash function use

 with security and efficiency of AES

 but with 512-bit block size and hence hash

 similar structure & functions as AES but

 input is mapped row wise  has 10 rounds  a different primitive polynomial for GF(2^8)  uses different S-box design & values

Whirlpool Block Cipher W

Keyed Hash Functions as MACs

 want a MAC based on a hash function

 because hash functions are generally faster  code for crypto hash functions widely available

 hash includes a key along with message

 original proposal:

KeyedHash = Hash(Key|Message)  some weaknesses were found with this

 eventually led to development of HMAC

HMAC

 specified as Internet standard RFC

 uses hash function on the message:

HMACK = Hash[(K +^ XOR opad) || Hash[(K +^ XOR ipad)||M)]]

 where K+^ is the key padded out to size

 and opad, ipad are specified padding constants

 overhead is just 3 more hash calculations than the message needs alone

 any hash function can be used

 eg. MD5, SHA-1, RIPEMD-160, Whirlpool

HMAC Security

 proved security of HMAC relates to that of

the underlying hash algorithm

 attacking HMAC requires either:

 brute force attack on key used  birthday attack (but since keyed would need to observe a very large number of messages)

 choose hash function used based on

speed verses security constraints

CMAC

 previously saw the DAA (CBC-MAC)

 widely used in govt & industry

 but has message size limitation

 can overcome using 2 keys & padding

 thus forming the Cipher-based Message

Authentication Code (CMAC)

 adopted by NIST SP800-38B