13 computer security hashing
play

13 - Computer Security Hashing 1 Solution : hash - PowerPoint PPT Presentation

Apr 06, 2023 •449 likes •1.14k views

13 - Computer Security Hashing 1 Solution : hash function 0 1 n - h x 0 1 - h x is the hash/digest of x Context Goal - Represent large/sensitive message by a smaller one - Numerous

  1. ΥΣ13 - Computer Security Hashing Κώστας Χατζηκοκολάκης 1

  2. Solution : hash function 0 1 n - h x 0 1 - h x is the hash/digest of x Context • Goal - Represent large/sensitive message by a smaller one - Numerous applications 2

  3. Context • Goal - Represent large/sensitive message by a smaller one - Numerous applications • Solution : hash function - h ( x ) : { 0 , 1 } ∗ → { 0 , 1 } n - h ( x ) is the hash/digest of x 2

  4. - h x x : hard Even to fjnd a single bit of x ! No collisions - Do x x exist such that h x h x ? YES - But the should be hard to fjnd! Properties • One-way - x → h ( x ) : easy 3

  5. YES - But the should be hard to fjnd! Properties • One-way - x → h ( x ) : easy - h ( x ) → x : hard · Even to fjnd a single bit of x ! • No collisions - Do x ̸ = x ′ exist such that h ( x ) = h ( x ′ ) ? 3

  6. Properties • One-way - x → h ( x ) : easy - h ( x ) → x : hard · Even to fjnd a single bit of x ! • No collisions - Do x ̸ = x ′ exist such that h ( x ) = h ( x ′ ) ? YES - But the should be hard to fjnd! 3

  7. Just 23! 364 363 365 22 pb 1 0 507 365 365 365 Approximation x - e 1 x ( x 0) m 2 - pb 1 e 2 365 Collision-resistance Birthday paradox • How many people do we need so that any 2 have the same birthday with pb 50%? 4

  8. Approximation x - e 1 x ( x 0) m 2 - pb 1 e 2 365 Collision-resistance Birthday paradox • How many people do we need so that any 2 have the same birthday with pb 50%? • Just 23! • pb = 1 − 364 365 · 363 365 · . . . · 365 − 22 ≈ 0 . 507 365 4

  9. Collision-resistance Birthday paradox • How many people do we need so that any 2 have the same birthday with pb 50%? • Just 23! • pb = 1 − 364 365 · 363 365 · . . . · 365 − 22 ≈ 0 . 507 365 • Approximation - e − x ≈ 1 − x ( x ≈ 0) m 2 - pb ≈ 1 − e − 2 · 365 4

  10. 50 bit hash 10 15 total values (huge) - T - m : number of messages we hash - How many for a 50% collision? - 40M (milliseconds to generate!) Collision-resistance Birthday paradox • m people, T possible values each - pb ≈ 1 − e − m 2 / 2 T - m ≈ √ − 2 T ln( 1 − pb ) 5

  11. - 40M (milliseconds to generate!) Collision-resistance Birthday paradox • m people, T possible values each - pb ≈ 1 − e − m 2 / 2 T - m ≈ √ − 2 T ln( 1 − pb ) • 50 bit hash - T ≈ 10 15 total values (huge) - m : number of messages we hash - How many for a 50% collision? 5

  12. Collision-resistance Birthday paradox • m people, T possible values each - pb ≈ 1 − e − m 2 / 2 T - m ≈ √ − 2 T ln( 1 − pb ) • 50 bit hash - T ≈ 10 15 total values (huge) - m : number of messages we hash - How many for a 50% collision? - 40M (milliseconds to generate!) 5

  13. - Example: password authentication Protect against data breach Only need to test whether input is correct! Solution - Store h x - Better: generate random r (salt), store r h x r why? Which properties of h does this rely on? - One-wayness: should not learn the password - Collision-resistance: should not login with difgerent password One-way encryption • Goal - Store x in an encrypted form - We don’t need to decrypt, only to test equality of encrypted messages 6

  14. Solution - Store h x - Better: generate random r (salt), store r h x r why? Which properties of h does this rely on? - One-wayness: should not learn the password - Collision-resistance: should not login with difgerent password One-way encryption • Goal - Store x in an encrypted form - We don’t need to decrypt, only to test equality of encrypted messages - Example: password authentication · Protect against data breach · Only need to test whether input is correct! 6

  15. - Better: generate random r (salt), store r h x r why? Which properties of h does this rely on? - One-wayness: should not learn the password - Collision-resistance: should not login with difgerent password One-way encryption • Goal - Store x in an encrypted form - We don’t need to decrypt, only to test equality of encrypted messages - Example: password authentication · Protect against data breach · Only need to test whether input is correct! • Solution - Store h ( x ) 6

  16. Which properties of h does this rely on? - One-wayness: should not learn the password - Collision-resistance: should not login with difgerent password One-way encryption • Goal - Store x in an encrypted form - We don’t need to decrypt, only to test equality of encrypted messages - Example: password authentication · Protect against data breach · Only need to test whether input is correct! • Solution - Store h ( x ) - Better: generate random r (salt), store r , h ( x , r ) why? 6

  17. - One-wayness: should not learn the password - Collision-resistance: should not login with difgerent password One-way encryption • Goal - Store x in an encrypted form - We don’t need to decrypt, only to test equality of encrypted messages - Example: password authentication · Protect against data breach · Only need to test whether input is correct! • Solution - Store h ( x ) - Better: generate random r (salt), store r , h ( x , r ) why? • Which properties of h does this rely on? 6

  18. One-way encryption • Goal - Store x in an encrypted form - We don’t need to decrypt, only to test equality of encrypted messages - Example: password authentication · Protect against data breach · Only need to test whether input is correct! • Solution - Store h ( x ) - Better: generate random r (salt), store r , h ( x , r ) why? • Which properties of h does this rely on? - One-wayness: should not learn the password - Collision-resistance: should not login with difgerent password 6

  19. Assume 365 outputs. How many x s to generate for 50% success pb? 253! huh? but we said 23… Difgerent problem: pb that someone has the same birthday as you! n 364 pb 1 365 (only 6% for n 23) One-way encryption Can we break it? • Preimage attack : fjnd x ′ such that h ( x ′ ) matches the given h ( x ) 7

  20. 253! huh? but we said 23… Difgerent problem: pb that someone has the same birthday as you! n 364 pb 1 365 (only 6% for n 23) One-way encryption Can we break it? • Preimage attack : fjnd x ′ such that h ( x ′ ) matches the given h ( x ) • Assume 365 outputs. How many x ′ s to generate for 50% success pb? 7

  21. Difgerent problem: pb that someone has the same birthday as you! n 364 pb 1 365 (only 6% for n 23) One-way encryption Can we break it? • Preimage attack : fjnd x ′ such that h ( x ′ ) matches the given h ( x ) • Assume 365 outputs. How many x ′ s to generate for 50% success pb? • 253! huh? but we said 23… 7

  22. One-way encryption Can we break it? • Preimage attack : fjnd x ′ such that h ( x ′ ) matches the given h ( x ) • Assume 365 outputs. How many x ′ s to generate for 50% success pb? • 253! huh? but we said 23… • Difgerent problem: pb that someone has the same birthday as you! n • pb = 1 − 364 365 (only 6% for n = 23) 7

  23. Can be used to show approval of x - Eg: x is a contract signed by Alice - But it is expensive for large x Solution: provide sign h x Alice Alice needs to know x to construct h x ! - Does this show approval of x ? Yes if collision-free - One-wayness can be useful if we want to reveal x in the future! Signatures • Assume: sign ( x , Alice ) is a message that can only be constructed by Alice - We will see how to do this using asymmetric encryption! 8

  24. - Does this show approval of x ? Yes if collision-free - One-wayness can be useful if we want to reveal x in the future! Signatures • Assume: sign ( x , Alice ) is a message that can only be constructed by Alice - We will see how to do this using asymmetric encryption! • Can be used to show approval of x - Eg: x is a contract signed by Alice - But it is expensive for large x • Solution: provide sign ( h ( x ) , Alice ) • Alice needs to know x to construct h ( x ) ! 8

  25. Yes if collision-free - One-wayness can be useful if we want to reveal x in the future! Signatures • Assume: sign ( x , Alice ) is a message that can only be constructed by Alice - We will see how to do this using asymmetric encryption! • Can be used to show approval of x - Eg: x is a contract signed by Alice - But it is expensive for large x • Solution: provide sign ( h ( x ) , Alice ) • Alice needs to know x to construct h ( x ) ! - Does this show approval of x ? 8

  26. - One-wayness can be useful if we want to reveal x in the future! Signatures • Assume: sign ( x , Alice ) is a message that can only be constructed by Alice - We will see how to do this using asymmetric encryption! • Can be used to show approval of x - Eg: x is a contract signed by Alice - But it is expensive for large x • Solution: provide sign ( h ( x ) , Alice ) • Alice needs to know x to construct h ( x ) ! - Does this show approval of x ? Yes if collision-free 8

  27. Signatures • Assume: sign ( x , Alice ) is a message that can only be constructed by Alice - We will see how to do this using asymmetric encryption! • Can be used to show approval of x - Eg: x is a contract signed by Alice - But it is expensive for large x • Solution: provide sign ( h ( x ) , Alice ) • Alice needs to know x to construct h ( x ) ! - Does this show approval of x ? Yes if collision-free - One-wayness can be useful if we want to reveal x in the future! 8

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Computer Security: Hashing B. Jacobs Institute for Computing and Information Sciences Digital

Computer Security: Hashing B. Jacobs Institute for Computing and Information Sciences Digital

Hashes Voting with hashes: RIES Radboud University Nijmegen Road pricing example Hashing in Java and in Python Computer Security: Hashing B. Jacobs Institute for Computing and Information Sciences Digital Security Radboud University

709 views • 53 slides
Key management Password hashing CS 161: Computer Security Prof. Raluca Ada Popa Oct 4, 2016

Key management Password hashing CS 161: Computer Security Prof. Raluca Ada Popa Oct 4, 2016

Key management Password hashing CS 161: Computer Security Prof. Raluca Ada Popa Oct 4, 2016 Key management on whiteboard Password hashing in these slides Announcement Project 2 part 1 due today Passwords Tension between usability and

166 views • 16 slides
Password hashing CS 161: Computer Security Prof. Raluca Ada Popa Feb 19, 2018 Announcement

Password hashing CS 161: Computer Security Prof. Raluca Ada Popa Feb 19, 2018 Announcement

Password hashing CS 161: Computer Security Prof. Raluca Ada Popa Feb 19, 2018 Announcement Project 2 to be released Thursday Midterm grades announced at end of week Passwords Tension between usability and security choose random and choose

528 views • 20 slides
Overview Intro to Hashing Intro to Hashing Hashing with Chaining Whats hashing?

Overview Intro to Hashing Intro to Hashing Hashing with Chaining Whats hashing?

Overview Intro to Hashing Intro to Hashing Hashing with Chaining Whats hashing? Distribute key/value pairs across bins with a hash function , Hashing Performance Hashing (Application of Probability) which maps elements from

497 views • 3 slides
14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple Uniform Hashing, Popular Hash Functions, Table-Doubling, Open Addressing: Probing, Uniform Hashing, Universal Hashing, Perfect Hashing [Ottman/Widmayer,

1.5k views • 58 slides
14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple Uniform Hashing, Popular Hash Functions, Table-Doubling, Open Addressing: Probing, Uniform Hashing, Universal Hashing, Perfect Hashing [Ottman/Widmayer,

1.25k views • 98 slides
On the (In)Security of IDEA in Various Hashing Modes Lei Wei 1 , Thomas Peyrin 1 , Przemysaw

On the (In)Security of IDEA in Various Hashing Modes Lei Wei 1 , Thomas Peyrin 1 , Przemysaw

On the (In)Security of IDEA in Various Hashing Modes On the (In)Security of IDEA in Various Hashing Modes Lei Wei 1 , Thomas Peyrin 1 , Przemysaw Sokoowski 2 , San Ling 1 , Josef Pieprzyk 2 , and Huaxiong Wang 1 1 Division of Mathematical

524 views • 25 slides
Outline Computer Security: Hashing Hashes Hash applications Bart Jacobs Road pricing example

Outline Computer Security: Hashing Hashes Hash applications Bart Jacobs Road pricing example

Hashes Hashes Road pricing example Road pricing example Radboud University Nijmegen Radboud University Nijmegen Hashing in Java Hashing in Java Outline Computer Security: Hashing Hashes Hash applications Bart Jacobs Road pricing example

110 views • 7 slides
Homomorphic Smooth Projective Hashing Hoeteck Wee ENS, Paris . . . . . . . .

Homomorphic Smooth Projective Hashing Hoeteck Wee ENS, Paris . . . . . . . .

KDM-Security via Homomorphic Smooth Projective Hashing Hoeteck Wee ENS, Paris . . . . . . . . key-dependent message security. [ Black Rogaway Shrimpton 02 ] this work. unifying framework with a simple proof of security enc pk ( sk )

955 views • 44 slides
Hashing Connections 2-Universal Hash Function Perfect Hashing Anil Maheshwari Proofs

Hashing Connections 2-Universal Hash Function Perfect Hashing Anil Maheshwari Proofs

Hashing Anil Maheshwari Setting Balls & Bins Hashing Connections 2-Universal Hash Function Perfect Hashing Anil Maheshwari Proofs anil@scs.carleton.ca School of Computer Science Carleton University Canada Outline Hashing Anil

372 views • 21 slides
CS525: Advanced Database Organization Notes 4: Indexing and Hashing Part III: Hashing and more

CS525: Advanced Database Organization Notes 4: Indexing and Hashing Part III: Hashing and more

CS525: Advanced Database Organization Notes 4: Indexing and Hashing Part III: Hashing and more Yousef M. Elmehdwi Department of Computer Science Illinois Institute of Technology yelmehdwi@iit.edu September, 18 th , 2018 Slides: adapted from a

1.22k views • 90 slides
Small high-security encryption, authentication, and hashing D. J. Bernstein University of

Small high-security encryption, authentication, and hashing D. J. Bernstein University of

Small high-security encryption, authentication, and hashing D. J. Bernstein University of Illinois at Chicago Main goals of cryptography Alice and Bob are communicating. Eve is eavesdropping. Alice and Bob have several standard security

310 views • 29 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks

Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks

Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg Cuckoo Hashing for Security Awerbuch, Scheideler, Towards Scalable and Robust Overlay Networks Problem: -

329 views • 19 slides
Hashing (Application of Probability) Ashwinee Panda Final CS 70 Lecture! 9 Aug 2018 Overview

Hashing (Application of Probability) Ashwinee Panda Final CS 70 Lecture! 9 Aug 2018 Overview

Hashing (Application of Probability) Ashwinee Panda Final CS 70 Lecture! 9 Aug 2018 Overview Intro to Hashing Hashing with Chaining Hashing Performance Hash Families Balls and Bins Load Balancing Universal Hashing

726 views • 18 slides
Hashing Chapter 5 1 Objectives Understand the idea of hashing Compare hashing to sorting

Hashing Chapter 5 1 Objectives Understand the idea of hashing Compare hashing to sorting

Hashing Chapter 5 1 Objectives Understand the idea of hashing Compare hashing to sorting Design a hashtable Identify the applications that require the hashtable data structure Understand the terminology of hashtables Distinguish between

319 views • 14 slides
Hash Functions, Message Authentication Codes Ahmet Burak Can Hacettepe University

Hash Functions, Message Authentication Codes Ahmet Burak Can Hacettepe University

Hash Functions, Message Authentication Codes Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr 1 Information Security Security Services Confidentiality : Symmetric encryption solves Integrity Authentication

272 views • 14 slides
IS511 Introduction to Information Security Lecture 3 Cryptography 2 Yongdae Kim Recap

IS511 Introduction to Information Security Lecture 3 Cryptography 2 Yongdae Kim Recap

IS511 Introduction to Information Security Lecture 3 Cryptography 2 Yongdae Kim Recap http://syssec.kaist.ac.kr/~yongdaek/courses/is511/ E-mail policy 4 Include [is511] 4 Profs + TA: IS511_prof@gsis.kaist.ac.kr 4 Profs + TA +

1.1k views • 43 slides
Cryptography Engineering and Cryptocurrency Yongdae Kim Definition A

Cryptography Engineering and Cryptocurrency Yongdae Kim Definition A

EE817/IS 893 Cryptography Engineering and Cryptocurrency Yongdae Kim Definition A hash function is a function h compression h maps an input x of arbitrary finite bitlength, to an output h(x) of fixed bitlength

862 views • 70 slides
Generic Attacks against MAC algorithms G. Leurent (Inria) Generic Attacks against MAC algorithms

Generic Attacks against MAC algorithms G. Leurent (Inria) Generic Attacks against MAC algorithms

Introduction Hash-based MACs State recovery Universal forgery Key-recovery Conclusion Generic Attacks against MAC algorithms G. Leurent (Inria) Generic Attacks against MAC algorithms ASK 2015 1 / 59 Gatan Leurent Inria Rocquencourt,

1.71k views • 102 slides
Spring 2010: CS419 Computer Security MAC, HMAC, Hash functions and DSA Vinod Ganapathy Lecture

Spring 2010: CS419 Computer Security MAC, HMAC, Hash functions and DSA Vinod Ganapathy Lecture

Spring 2010: CS419 Computer Security MAC, HMAC, Hash functions and DSA Vinod Ganapathy Lecture 6 Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of

728 views • 44 slides
Hash Pile Ups: Using Collisions to Identify Unknown Hash Functions R. Joshua Tobin and David

Hash Pile Ups: Using Collisions to Identify Unknown Hash Functions R. Joshua Tobin and David

Hash Pile Ups: Using Collisions to Identify Unknown Hash Functions R. Joshua Tobin and David Malone 11 October 2012 Hash Functions We are talking about hash functions for consistent assignment. For example, Hash tables, Network

448 views • 18 slides
Recent Results on Stream Ciphers Willi Meier 1 / 47 Overview - Stream Ciphers with Small State

Recent Results on Stream Ciphers Willi Meier 1 / 47 Overview - Stream Ciphers with Small State

ASK 2018, ISI Kolkata November 13, 2018 Recent Results on Stream Ciphers Willi Meier 1 / 47 Overview - Stream Ciphers with Small State - A generic TMD tradeoff distinguisher - High-order differentials - Cryptanalysis with division property

944 views • 47 slides
Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message

Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message

Cryptography Hash Functions and MACs Introduction to Hash Functions Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message Cryptography Authentication Codes School of Engineering and Technology

787 views • 23 slides

More recommend