









Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The concepts of hash functions, message authentication codes (macs), and digital signatures. It covers the basics of hash functions, their security requirements, and various algorithms such as md2, md4, md5, and sha-1. The document also explains the role of hash functions in digital signatures and macs, and provides information on collision resistance and preimage resistance.
Typology: Study notes
1 / 15
This page cannot be seen from the preview
Don't miss anything!










Message
Hash function
Public key algorithm
Alice Signature
Alice’s private key
Bob
Hash function
Alice’s public key
Hash value 1
Hash value 2
Hash value
Public key algorithm
yes no
Message Signature
arbitrary length
fixed length
1. Preimage resistance
It is computationally infeasible Given To Find
y x , such that h(x) = y
2. 2nd preimage resistance
x and y=h(x)
x ’ ≠ x , such that h(x’) = h(x) = y
3. Collision resistance x ’ ≠ x , such that h(x’) = h(x)
I state confirm
thereby
borrowed received
$10, ten thousand dollars from Mr. Dr.
Kris Krzysztof
Gaj on November 15, 11 / 15 / 2005.^ This^
money sum of money
should is required to be^
returned given back to^
Mr. Dr. Gaj
by the 22 nd 23 rd^ day of^
November December 2005.
Yuval
m i
h
n - bits
h(m i)
r messages acceptable for the signer m j’
h
n - bits
h(m j’)
r messages required by the forger
h(m i) = h(m j’)
i=1.. r j=1.. r
I state confirm
thereby
borrowed received
$10, ten thousand dollars from Mr. Dr.
Kris Krzysztof
Gaj on November 15, 11 / 15 /
money sum of money
should is required to be^
returned given back to^
Mr. Dr. Gaj
by the 22 nd 23 rd^ day of^
November December 2005.
I
state confirm
thereby
Mr. Dr.
Kris Krzysztof
on
November 15, 11 / 15 / 2005
This text item
should is required to be^
returned given back to^
Mr. Dr. Gaj
I a^ book manuscript security in wireless networks. fast implementations of cryptography.
by the 22 nd 23 rd^ day of^
November December 2005.
Customized (dedicated)
Based on block ciphers
Based on modular arithmetic
MDC- MDC- IBM, Brachtl, Meyer, Schilling, 1988
MASH- 1988-
MD2 (^) Rivest 1988
MD4 (^) Rivest 1990
MD Rivest 1990
SHA-
SHA-
RIPEMD-
RIPEMD-
European RACE Integrity Primitives Evaluation Project, 1992
NSA, 1992
NSA, 1995 SHA-256, SHA-384, SHA-512 NSA, 2000
MD
MD
MD5 (^) SHA-
SHA-
RIPEMD-
RIPEMD-
partially broken
broken , H. Dobbertin, 1995 (one hour on PC, 20 free bytes at the start of the message)
partially broken, collisions for the compression function, Dobbertin, 1996 (10 hours on PC)
weakness discovered, 1995 NSA, 1998 France
reduced round version broken, Dobbertin 1995
SHA-256, SHA-384, SHA-
Applications (1)
Advantages
Applications (2)
program
hash
fingerprint original_fingerprint
safe place
Applications (3)
password
hash
hash(password)
Instead of:
ID, password
System stores:
ID, hash(password)
password
password
password
hash(password, salt)
salt
salt
salt
salt modifies the expansion function E of DES
message 100000000000 length
length of the entire message in bits
64-bits
All zero padding:
Correct padding: X X X 0 0 1 0 0 X X X 1 0 0 0 0
name # bits of hash value
# bits of message block
no. of rounds (steps)
speed relative to MD
MD
MD
SHA-
RIPEMD-
RIPEMD-
128
128
160
128
160
512
512
512
512
512
3 x 16
4 x 16
4 x 20
4 x 16
5 x 16
0.
0.
Size of hash 160 256 384 512 value
Complexity of 280 2128 2192 2256 the best attack
Equivalently secure Skipjack AES-128 AES-192 AES- secret-key cipher
Message size < 2^64 < 2^64 < 2^128 < 2^128
Message block 512 512 1024 1024 size Number of 80 64 80 80 digest rounds
SHA-512, SHA-
SHA-
SHA-
Speed
Area
0
100
200
300
400
500
600
700
462
616
Speed in hardware [Mbit/s]
SHA-1 (^) SHA-
Complexity of the best attack 280 2256 the same as^ Skipjack^ AES-
GMU, 2002
Given zero or more pairs mi, MACK(mi) (^) i = 1..k
it is computationally impossible to find any new pair
m’, MACK(m’)
Such that m’ ≠ mi i = 1..k
Resistance against
m 1
m 2
mt
Ht
Ht-
MAC
MAC
FIPS-
Based on block ciphers
Dedicated
Based on hash functions
Based on stream ciphers