cryptographic hash functions
play

Cryptographic Hash Functions Signatures Requirements MD5 and SHA - PowerPoint PPT Presentation

Feb 10, 2023 •781 likes •1.04k views

CSS441 Hash Functions Hash Functions Authentication Cryptographic Hash Functions Signatures Requirements MD5 and SHA CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by

  1. CSS441 Hash Functions Hash Functions Authentication Cryptographic Hash Functions Signatures Requirements MD5 and SHA CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 css441y15s2l09, Steve/Courses/2015/s2/css441/lectures/cryptographic-hash-functions.tex, r4295 1/24

  2. CSS441 Contents Hash Functions Hash Functions Hash Functions Authentication Signatures Requirements MD5 and SHA Authentication with Hash Functions Digital Signatures Requirements and Security MD5 and SHA 2/24

  3. CSS441 Hash Functions Hash Functions ◮ Hash function H : variable-length block of data M Hash Functions input; fixed-size hash value h = H ( M ) output Authentication ◮ Applying H to large set of inputs should produce evenly Signatures distributed and random looking outputs Requirements ◮ Cryptographic hash function: computationally infeasible MD5 and SHA to find: 1. M that maps to known h (one-way property) 2. M 1 and M 2 that produce same h (collision-free property) ◮ Used to determine whether or not data has changed ◮ Examples: message authentication, digital signatures, one-way password file, intrusion/virus detection, PRNG 3/24

  4. CSS441 Cryptographic Hash Function Hash Functions Hash Functions Authentication Signatures Requirements MD5 and SHA Credit: Figure 11.1 in Stallings, Cryptography and Network Security , 5th Ed., Pearson 2011 4/24

  5. CSS441 Contents Hash Functions Hash Functions Hash Functions Authentication Signatures Requirements MD5 and SHA Authentication with Hash Functions Digital Signatures Requirements and Security MD5 and SHA 5/24

  6. CSS441 Message Authentication Hash Functions ◮ Verify the integrity of a message Hash Functions ◮ Ensure data received are exactly as sent Authentication ◮ Assure identity of the sender is valid Signatures ◮ Hash function used to provide message authentication Requirements called message digest MD5 and SHA 6/24

  7. CSS441 Message Authentication Example (a) Hash Functions ◮ Encrypt the message and hash code using symmetric Hash Functions encryption Authentication Signatures Requirements MD5 and SHA 7/24

  8. CSS441 Message Authentication Example (b) Hash Functions ◮ Encrypt only hash code Hash Functions ◮ Reduces computation overhead when confidentiality not Authentication required Signatures Requirements MD5 and SHA 8/24

  9. CSS441 Message Authentication Example (c) Hash Functions ◮ Shared secret S is hashed Hash Functions ◮ No encryption needed Authentication Signatures Requirements MD5 and SHA 9/24

  10. CSS441 Message Authentication Example (d) Hash Functions ◮ Shared secret combined with confidentiality Hash Functions Authentication Signatures Requirements MD5 and SHA 10/24

  11. CSS441 Authentication and Encryption Hash Functions ◮ Sometimes desirable to avoid encryption when Hash Functions performing authentication Authentication ◮ Encryption in software can be slow Signatures ◮ Encryption in hardware has financial costs Requirements ◮ Encryption hardware can be inefficient for small MD5 and SHA amounts of data ◮ Encryption algorithms may be patented, increasing costs to use ◮ Message Authentication Codes (or keyed hash function) ◮ Take secret key K and message M as input; produce hash (or MAC) as output ◮ Combining hash function and encryption produces same result as MAC; but MAC algorithms can be more efficient than encryption algorithms ◮ MAC covered in next topic 11/24

  12. CSS441 Contents Hash Functions Hash Functions Hash Functions Authentication Signatures Requirements MD5 and SHA Authentication with Hash Functions Digital Signatures Requirements and Security MD5 and SHA 12/24

  13. CSS441 Digital Signatures Hash Functions ◮ Aim of a signature: prove to anyone that a message Hash Functions originated at (or is approved by) a particular user Authentication ◮ Symmetric key cryptography Signatures ◮ Two users, A and B , share a secret key K Requirements ◮ Receiver of message (user A ) can verify that message MD5 and SHA came from the other user ( B ) ◮ User C cannot prove that the message came from B (it may also have came from A ) ◮ Public key cryptography can provide signature: only one user has the private key 13/24

  14. CSS441 Digital Signature Operations (Concept) Hash Functions Signing Hash Functions Authentication ◮ User signs a message by encrypting with own private key Signatures Requirements S = E ( PR A , M ) MD5 and SHA ◮ User attaches signature to message Verification ◮ User verifies a message by decrypting signature with signer’s public key M ′ = D ( PU A , S ) ◮ User then compares received message M with decrypted M ′ ; if identical, signature is verified 14/24

  15. CSS441 Digital Signature Operations (Practice) Hash Functions No need to encrypt entire message; encrypt hash of message Hash Functions Signing Authentication Signatures ◮ User signs a message by encrypting hash of message Requirements with own private key MD5 and SHA S = E ( PR A , H ( M )) ◮ User attaches signature to message Verification ◮ User verifies a message by decrypting signature with signer’s public key h = D ( PU A , S ) ◮ User then compares hash of received message, H ( M ), with decrypted h ; if identical, signature is verified 15/24

  16. CSS441 Digital Signature Algorithms Hash Functions ◮ RSA Hash Functions ◮ Digital Signature Algorithm (DSA): FIPS-186 Authentication ◮ ECDSA: DSA with elliptic curve cryptography Signatures Requirements ◮ ElGamal signature scheme: DSA is enhancement of MD5 and SHA ElGamal ◮ Bilinear pairing based signatures, e.g. BLS ◮ Different hash algorithms can be used; e.g. SHA2 ◮ Pre-image resistant, second pre-image resistant, collision resistant 16/24

  17. CSS441 Contents Hash Functions Hash Functions Hash Functions Authentication Signatures Requirements MD5 and SHA Authentication with Hash Functions Digital Signatures Requirements and Security MD5 and SHA 17/24

  18. CSS441 Pre-images and Collisions Hash Functions ◮ For hash value h = H ( x ), x is pre-image of h Hash Functions ◮ H is a many-to-one mapping; h has multiple pre-images Authentication ◮ Collision occurs if x � = y and H ( x ) = H ( y ) Signatures Requirements ◮ Collisions are undesirable MD5 and SHA ◮ How many pre-images for given hash value? ◮ If H takes b -bit input block, 2 b possible messages ◮ For n -bit hash code, where b > n , 2 n possible hash codes ◮ On average, if uniformly distributed hash values, then each hash value has 2 b − n pre-images 18/24

  19. CSS441 Requirements of Cryptographic Hash Function Hash Functions Variable input size: H can be applied to input block of any Hash Functions size Authentication Fixed output size: H produces fixed length output Signatures Requirements Efficiency: H ( x ) relatively easy to compute (practical MD5 and SHA implementations) Pre-image resistant: For any given h , computationally infeasible to find y such that H ( y ) = h ( one-way property ) Second pre-image resistant: For any given x , computationally infeasible to find y � = x with H ( y ) = H ( x ) ( weak collision resistant ) Collision resistant: Computationally infeasible to find any pair ( x , y ) such that H ( x ) = H ( y ) ( strong collision resistant ) Pseudo-randomness: Output of H meets standard tests for pseudo-randomness 19/24

  20. CSS441 Required Hash Properties for Different Hash Functions Applications Hash Functions Weak hash function: Satisfies first 5 requirements (but not Authentication collision resistant) Signatures Requirements Strong hash function: Also collision resistant MD5 and SHA Credit: Table 11.2 in Stallings, Cryptography and Network Security , 5th Ed., Pearson 2011 20/24

  21. CSS441 Brute Attacks on Hash Functions Hash Functions Pre-image and Second Pre-image Attack Hash Functions Authentication ◮ Find a y that gives specific h ; try all possible values of y Signatures ◮ With m -bit hash code, effort required proportional to 2 m Requirements MD5 and SHA Collision Resistant Brute Attack ◮ Find any two messages that have same hash values ◮ Effort required is proportional to 2 m / 2 ◮ Due to birthday paradox, easier than pre-image attacks Practical Effort ◮ Cryptanalysis attacks possible in theory; complex ◮ Collision resistance desirable for general hash algorithms ◮ MD5 uses 128-bits: collision attacks possible (2 60 ) ◮ SHA uses longer codes; collision attacks infeasible 21/24

  22. CSS441 Contents Hash Functions Hash Functions Hash Functions Authentication Signatures Requirements MD5 and SHA Authentication with Hash Functions Digital Signatures Requirements and Security MD5 and SHA 22/24

  23. CSS441 MD5 Hash Functions ◮ Message Digest algorithm 5, developed by Ron Rivest in Hash Functions 1991 Authentication ◮ Standardised by IETF in RFC 1321 Signatures Requirements ◮ Generates 128-bit hash MD5 and SHA ◮ Was commonly used by applications, passwords, file integrity; no longer recommended ◮ Collision and other attacks possible; tools publicly available to attack MD5 23/24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must provide o Compression output length is small o Efficiency h(x) easy to compute for any x o One-way given a value y it is infeasible to find

465 views • 42 slides
Cryptographic Hash Functions Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of

Cryptographic Hash Functions Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of

Cryptographic Hash Functions Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay July 17, 2018 1 / 15 Cryptographic Hash Functions Important building block in cryptography

270 views • 15 slides
References Cryptographic Hash Functions Hash Functions, Chapter 11 of Understanding

References Cryptographic Hash Functions Hash Functions, Chapter 11 of Understanding

References Cryptographic Hash Functions Hash Functions, Chapter 11 of Understanding Cryptography by Paar & Pelzl. & Mathematical Cryptography , by Keijo Ruohonen, http://math.tut.fi/~ruohonen/MC.pdf , pages 9899. Signature

255 views • 10 slides
Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message

Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message

Cryptography Hash Functions and MACs Introduction to Hash Functions Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message Cryptography Authentication Codes School of Engineering and Technology

787 views • 23 slides
Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message

Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message

Cryptography Hash Functions and MACs Introduction to Hash Functions Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message Cryptography Authentication Codes School of Engineering and Technology

338 views • 23 slides
(username, password) ? x ? ? ? ? but (username,hash(password))

(username, password) ? x ? ? ? ? but (username,hash(password))

Hash Functions - Bart Preneel June 2016 Hash functions X.509 Annex D RIPEMD-160 SHA-3 MDC-2 SHA-256 MD2, MD4, MD5 Introduction to the SHA-512 SHA-1 Design and Cryptanalysis of Cryptographic Hash Functions This is an input to a crypto-

517 views • 10 slides
On recent attacks against Cryptographic Hash Functions Martin Eker & Henrik Ygge 1

On recent attacks against Cryptographic Hash Functions Martin Eker & Henrik Ygge 1

On recent attacks against Cryptographic Hash Functions Martin Eker & Henrik Ygge 1 Outline First part Preliminaries Which cryptographic hash functions exist? What degree of security do they offer? An

1.68k views • 98 slides
Chapter 4 Cryptographic hash functions References: A. J. Menezes, P. C. van Oorschot, S. A.

Chapter 4 Cryptographic hash functions References: A. J. Menezes, P. C. van Oorschot, S. A.

Grenoble University M2 SCCI Security Proofs - JL Roch Chapter 4 Cryptographic hash functions References: A. J. Menezes, P. C. van Oorschot, S. A. Vanstone: Handbook of Applied Cryptography Chapter 9 - Hash Functions and Data

750 views • 48 slides
Intro to Cryptography and Cryptocurrencies Cryptographic Hash Functions Hash Pointers and

Intro to Cryptography and Cryptocurrencies Cryptographic Hash Functions Hash Pointers and

Cryptocurrency Technologies Cryptography and Cryptocurrencies Intro to Cryptography and Cryptocurrencies Cryptographic Hash Functions Hash Pointers and Data Structures Block Chains Merkle Trees Digital Signatures Public

489 views • 27 slides
Network Security Cryptography: Cryptographic Hash Functions And Message Authentication Code

Network Security Cryptography: Cryptographic Hash Functions And Message Authentication Code

Network Security Cryptography: Cryptographic Hash Functions And Message Authentication Code F033581 Topic 2: Hash Functions and 1 Message Authentication Readings for This Lecture Wikipedia Cryptographic Hash Functions Message

689 views • 25 slides
Practical attacks on AES-like cryptographic hash functions Stefan K olbl, Christian Rechberger

Practical attacks on AES-like cryptographic hash functions Stefan K olbl, Christian Rechberger

Practical attacks on AES-like cryptographic hash functions Stefan K olbl, Christian Rechberger DTU - Technical University of Denmark September 12, 2014 Cryptographic Hash Functions Today is the 12th of September... h 4981A99EDA782

1.01k views • 34 slides
Introduction to the Design and Title of Presentation Cryptanalysis of Cryptographic Hash

Introduction to the Design and Title of Presentation Cryptanalysis of Cryptographic Hash

Introduction to the Design and Title of Presentation Cryptanalysis of Cryptographic Hash Functions Bart Preneel KU Leuven - COS IC firstname.lastname@ esat.kuleuven.be Design and S ecurity of Cryptographic Functions, Algorithms and Devices

982 views • 67 slides
A Family of Fast Syndrome Based Cryptographic Hash Functions Daniel Augot, Matthieu Finiasz and

A Family of Fast Syndrome Based Cryptographic Hash Functions Daniel Augot, Matthieu Finiasz and

A Family of Fast Syndrome Based Cryptographic Hash Functions Daniel Augot, Matthieu Finiasz and Nicolas Sendrier Part I General Facts about Hash Functions The Merkle-Damg ard construction D Padding + length n n n o o o i i i s s

393 views • 25 slides
Cryptographic Hash Functions Cryptographic Hash Functions and their many applications and their

Cryptographic Hash Functions Cryptographic Hash Functions and their many applications and their

Cryptographic Hash Functions Cryptographic Hash Functions and their many applications and their many applications Shai Halevi IBM Research IBM Research Shai Halevi USENIX Security USENIX Security August 2009 August 2009

665 views • 55 slides
Cryptographic Hash Functions Debdeep Mukhopadhyay IIT Kharagpur Data Integrity

Cryptographic Hash Functions Debdeep Mukhopadhyay IIT Kharagpur Data Integrity

Cryptographic Hash Functions Debdeep Mukhopadhyay IIT Kharagpur Data Integrity Cryptographic Hash Function: Provides assurance of data integrity Let h be a hash function and x some data. The hash creates a fingerprint of the data,

564 views • 31 slides
Cryptography Cryptographic Hash Functions Uwe Egly Vienna University of Technology Institute of

Cryptography Cryptographic Hash Functions Uwe Egly Vienna University of Technology Institute of

Cryptography Cryptographic Hash Functions Uwe Egly Vienna University of Technology Institute of Information Systems Knowledge-Based Systems Group 1 / 26 Overview Hash function (HF) accepts input of arbitrary length Returns

501 views • 26 slides
Digital Signatures A signature ( ) is Writing the name of a person, in his own hands, as a

Digital Signatures A signature ( ) is Writing the name of a person, in his own hands, as a

Digital Signatures A signature ( ) is Writing the name of a person, in his own hands, as a confirmation.

642 views • 11 slides
Trustless Setup Rosario Gennaro Steven Goldfeder City College of NY Cornell Tech Digital

Trustless Setup Rosario Gennaro Steven Goldfeder City College of NY Cornell Tech Digital

Fast Multiparty Threshold ECDSA with Fast Trustless Setup Rosario Gennaro Steven Goldfeder City College of NY Cornell Tech Digital Signature Algorithm (DSA) Given To sign a message m: a group G of order N pick a nonce k s.t. 1 k

720 views • 24 slides
Code Signing for the Web Creating Digital Signatures for Backdrop CMS and Silkscreen CMS Modules

Code Signing for the Web Creating Digital Signatures for Backdrop CMS and Silkscreen CMS Modules

Code Signing for the Web Creating Digital Signatures for Backdrop CMS and Silkscreen CMS Modules John Franklin Sentai Digital Silkscreen CMS Maintainer In the next 50 minutes... What are Backdrop & Silkscreen? Encryption, PKI, and

907 views • 28 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Multivariate Cryptography Part 3: HFE (Hidden Field Equations) Albrecht Petzoldt PQCrypto Summer

Multivariate Cryptography Part 3: HFE (Hidden Field Equations) Albrecht Petzoldt PQCrypto Summer

Multivariate Cryptography Part 3: HFE (Hidden Field Equations) Albrecht Petzoldt PQCrypto Summer School 2017 Eindhoven, Netherlands Friday, 23.06.2017 A. Petzoldt Multivariate Cryptography PQCrypto Summer School 1 / 53 Reminder:

831 views • 55 slides
Diffie-Hellman not secure against Man-in-the-Middle-attack: Alice Mallory Bob g a a g

Diffie-Hellman not secure against Man-in-the-Middle-attack: Alice Mallory Bob g a a g

Diffie-Hellman not secure against Man-in-the-Middle-attack: Alice Mallory Bob g a a g m m g ma g ma g n n g b b g nb g nb g ma g ma , g nb g nb Eike Ritter Cryptography 2014/15 106

417 views • 9 slides
DTTF/NB479: Dszquphsbqiz Day 30 Announcements: Questions? This week: Digital signatures, DSA

DTTF/NB479: Dszquphsbqiz Day 30 Announcements: Questions? This week: Digital signatures, DSA

DTTF/NB479: Dszquphsbqiz Day 30 Announcements: Questions? This week: Digital signatures, DSA Coin flipping over the phone RSA Signatures allow you to recover the message from the signature; ElGamal signatures dont ElGamal Sig

410 views • 14 slides
Public Key Encryption Systems The encrypter and decrypter have different keys C = E(K E ,P) P

Public Key Encryption Systems The encrypter and decrypter have different keys C = E(K E ,P) P

Public Key Encryption Systems The encrypter and decrypter have different keys C = E(K E ,P) P = D(K D ,C) Often, works the other way, too Lecture 4 Page 1 CS 236 Online History of Public Key Cryptography Invented by Diffie and

618 views • 24 slides

More recommend