hash functions and macs
play

Hash Functions and MACs Properties of Cryptographic Hash Functions - PowerPoint PPT Presentation

Jun 23, 2023 •544 likes •787 views

Cryptography Hash Functions and MACs Introduction to Hash Functions Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message Cryptography Authentication Codes School of Engineering and Technology

  1. Cryptography Hash Functions and MACs Introduction to Hash Functions Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message Cryptography Authentication Codes School of Engineering and Technology CQUniversity Australia Prepared by Steven Gordon on 15 Apr 2020, hash.tex, r1851 1/23

  2. Cryptography Summary of Authentication Primitives Hash Functions and MACs ◮ Two types of general hash functions: Introduction to ◮ Unkeyed hash function, h = H( M ) Hash Functions ◮ Also simply called (cryptographic) hash function Properties of Cryptographic ◮ Output hash value, h , also called message digest , digital Hash Functions fingerprint , or imprint Introduction to Message ◮ Primary function: MDC Authentication Codes ◮ Keyed hash function, h = H( K , M ) ◮ Output h often called code , tag or MAC ◮ Primary function: MAC1 2/23

  3. Cryptography Contents Hash Functions and MACs Introduction to Hash Functions Properties of Introduction to Hash Functions Cryptographic Hash Functions Introduction to Message Authentication Codes Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 3/23

  4. Cryptography Hash Functions for Cryptography Hash Functions and MACs ◮ Hash function or algorithm H (): Introduction to ◮ Input: variable-length block of data M Hash Functions ◮ Output: fixed-length, small, hash value, h , where Properties of Cryptographic h = H ( M ) Hash Functions ◮ Another name for hash value is digest Introduction to ◮ Output hash values should be evenly distributed and Message Authentication appear random Codes ◮ A secure, cryptographic hash function is practically impossible to: ◮ Find the original input given the hash value ◮ Find two inputs that produce the same hash value 4/23

  5. Cryptography Applications of Hash Functions Hash Functions and MACs ◮ Message authentication Introduction to Hash Functions ◮ Digital signatures Properties of ◮ Storing passwords Cryptographic Hash Functions ◮ Signatures of data for malicious behaviour detection Introduction to Message (e.g. virus, intrusion) Authentication Codes ◮ Generating pseudorandom number 5/23

  6. Cryptography Design Approaches for Hash Functions Hash Functions and MACs Based on Block Ciphers Well-known and studied block Introduction to ciphers are used with a mode of operation to Hash Functions produce a hash function. Generally, less Properties of Cryptographic efficient than customised hash functions. Hash Functions Introduction to Based on Modular Arithmetic Similar motivation as to Message Authentication basing on block ciphers, but based on public Codes key principles. Output length can be any value. Precautions are needed to prevent attacks that exploit mathematical structure. Customised Hash Functions Functions designed for the specific purpose of hashing. Disadvantage is they haven’t been studied as much as block ciphers, so harder to design secure functions. 6/23

  7. Cryptography Selected Cryptographic Hash Functions Hash Functions and MACs Introduction to Hash Functions Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes Credit: ECRYPT CSA Algorithms, Key Size and Protocols Report, 2018 7/23

  8. Cryptography Contents Hash Functions and MACs Introduction to Hash Functions Properties of Introduction to Hash Functions Cryptographic Hash Functions Introduction to Message Authentication Codes Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 8/23

  9. Cryptography Pre-image of a Hash Value (definition) Hash Functions and MACs For hash value h = H ( x ), x is pre-image of h . As H is a many-to-one mapping, h has multiple pre-images. If H takes Introduction to Hash Functions a b -bit input, and produces a n -bit hash value where b > n , Properties of then each hash value has 2 b − n pre-images. Cryptographic Hash Functions Introduction to Message Authentication Codes 9/23

  10. Cryptography Hash Collision (definition) Hash Functions and MACs A collision occurs if x � = y and H ( x ) = H ( y ). Collisions are undesirable in cryptographic hash functions. Introduction to Hash Functions Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 10/23

  11. Cryptography Number of Collisions (exercise) Hash Functions and MACs If H 1 takes fixed length 200-bit messages as input, and produces a 80-bit hash value as output, are collisions Introduction to Hash Functions possible? Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 11/23

  12. Cryptography Requirements of Cryptographic Hash Functions Hash Functions and MACs Variable input size: H can be applied to input block of any Introduction to size Hash Functions Properties of Fixed output size: H produces fixed length output Cryptographic Hash Functions Efficiency: H ( x ) relatively easy to compute (practical Introduction to implementations) Message Authentication Codes Pseudo-randomness: Output of H meets standard tests for pseudo-randomness Properties: Satisfies one or more of the properties: Pre-image Resistant, Second Pre-image Resistant, Collision Resistant 12/23

  13. Cryptography Pre-image Resistant Property (definition) Hash Functions and MACs For any given h , it is computationally infeasible to find y such that H ( y ) = h . Also called the one-way property . Introduction to Hash Functions Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 13/23

  14. Cryptography Second Pre-image Resistant Property (definition) Hash Functions and MACs For any given x , it is computationally infeasible to find y � = x with H ( y ) = H ( x ). Also called weak collision resistant Introduction to Hash Functions property. Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 14/23

  15. Cryptography Collision Resistant Property (definition) Hash Functions and MACs It is computationally infeasible to find any pair ( x , y ) such that H ( x ) = H ( y ). Also called strong collision resistant Introduction to Hash Functions property. Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 15/23

  16. Cryptography Required Hash Function Properties for Different Hash Functions Applications and MACs Introduction to Hash Functions Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 16/23

  17. Cryptography Brute Force Attacks on Properties Hash Functions and MACs ◮ Pre-image and Second Pre-image Attack Introduction to ◮ Find a y that gives specific h ; try all possible values of y Hash Functions ◮ With b -bit hash code, effort required proportional to 2 b Properties of Cryptographic ◮ Collision Resistant Attack Hash Functions ◮ Find any two messages that have same hash values Introduction to Message ◮ Effort required is proportional to 2 b / 2 Authentication Codes ◮ Due to birthday paradox, easier than pre-image attacks 17/23

  18. Cryptography Brute Force Attack on Hash Function (exercise) Hash Functions and MACs Consider a hash function to be selected for use for digital signatures. Assume an attacker has compute capabilities to Introduction to Hash Functions calculate 10 12 hashes per second and is prepared to wait for Properties of approximately 10 days for a brute attack. Find the minimum Cryptographic Hash Functions hash value length that the hash function should support, Introduction to Message such that a brute force is not possible. Authentication Codes 18/23

  19. Cryptography Contents Hash Functions and MACs Introduction to Hash Functions Properties of Introduction to Hash Functions Cryptographic Hash Functions Introduction to Message Authentication Codes Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 19/23

  20. Cryptography Unkeyed and Keyed Hash Functions Hash Functions and MACs ◮ Hash functions have no secret key Introduction to ◮ Can be referred to as unkeyed hash function Hash Functions ◮ Also called Modification Detection Code Properties of Cryptographic ◮ A variation is to allow a secret key as input, in addition Hash Functions to the message Introduction to Message ◮ h = H ( K , M ) Authentication Codes ◮ Keyed hash function or Message Authentication Code (MAC) ◮ Hashes and MACs can be used for message authentication, but hashes also used for multiple other purposes ◮ MACs are more common for authentication messages 20/23

  21. Cryptography Design Approaches for MACs Hash Functions and MACs Based on Block Ciphers CBC-MAC, OMAC, PMAC, Introduction to Hash Functions Customised MACs MAA, MD5-MAC, UMAC, Poly1305 Properties of Based on Hash Functions HMAC Cryptographic Hash Functions Introduction to Message Authentication Codes 21/23

  22. Cryptography Computation Resistance of MAC (definition) Hash Functions and MACs Given one or more text-tag pairs, [ x i , MAC( K , x i )], computationally infeasible to compute any text-tag pair Introduction to Hash Functions [ y , MAC( K , y )], for a new input y � = x i Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 22/23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message

Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message

Cryptography Hash Functions and MACs Introduction to Hash Functions Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message Cryptography Authentication Codes School of Engineering and Technology

338 views • 23 slides
1 Simple Hash Functions Requirements for Hash Functions 1. can be applied to any sized message M

1 Simple Hash Functions Requirements for Hash Functions 1. can be applied to any sized message M

CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Using Symmetric Ciphers for MACs can use any block cipher chaining mode and use final block as a MAC Chapter 12 Hash Algorithms Data Authentication Algorithm (DAA) is a widely used MAC

305 views • 5 slides
Cryptography: Hash Functions and MACs [continued] Asymmetric

Cryptography: Hash Functions and MACs [continued] Asymmetric

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Hash Functions and MACs [continued] Asymmetric Cryptography [start] Spring 2015

707 views • 23 slides
Cryptography [MACs and Hash Functions] Spring 2020 Franziska (Franzi) Roesner

Cryptography [MACs and Hash Functions] Spring 2020 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [MACs and Hash Functions] Spring 2020 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John

828 views • 28 slides
Hash functions : MAC / HMAC Outline Message Authentication Codes Keyed hash family

Hash functions : MAC / HMAC Outline Message Authentication Codes Keyed hash family

Hash functions : MAC / HMAC Outline Message Authentication Codes Keyed hash family Unconditionally Secure MACs Ref: D Stinson: Cryprography Theory and Practice (3 rd ed), Chap 4. Universal hash family Notations: X is a

457 views • 12 slides
Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must provide o Compression output length is small o Efficiency h(x) easy to compute for any x o One-way given a value y it is infeasible to find

465 views • 42 slides
Cryptography: Hash Functions, MACs (finish) Asymmetric Cryptography (start) Fall 2016 Ada (Adam)

Cryptography: Hash Functions, MACs (finish) Asymmetric Cryptography (start) Fall 2016 Ada (Adam)

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Hash Functions, MACs (finish) Asymmetric Cryptography (start) Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan

567 views • 38 slides
Outline Hash functions and MACs, contd Building a secure channel CSci 5271 Announcements

Outline Hash functions and MACs, contd Building a secure channel CSci 5271 Announcements

Outline Hash functions and MACs, contd Building a secure channel CSci 5271 Announcements intermission Introduction to Computer Security Crypto combined slides Public-key crypto basics Public key encryption and signatures Stephen McCamant

588 views • 9 slides
New Generic Attacks on Hash-based MACs G. Leurent (Inria) New Generic Attacks on Hash-based MACs

New Generic Attacks on Hash-based MACs G. Leurent (Inria) New Generic Attacks on Hash-based MACs

Introduction New generic attacks HMAC-GOST key-recovery Conclusion New Generic Attacks on Hash-based MACs G. Leurent (Inria) New Generic Attacks on Hash-based MACs Asiacrypt 2013 1 / 22 . . . . . . . . . . . . . . . . . Gatan Leurent,

759 views • 52 slides
(username, password) ? x ? ? ? ? but (username,hash(password))

(username, password) ? x ? ? ? ? but (username,hash(password))

Hash Functions - Bart Preneel June 2016 Hash functions X.509 Annex D RIPEMD-160 SHA-3 MDC-2 SHA-256 MD2, MD4, MD5 Introduction to the SHA-512 SHA-1 Design and Cryptanalysis of Cryptographic Hash Functions This is an input to a crypto-

517 views • 10 slides
Hash Pile Ups: Using Collisions to Identify Unknown Hash Functions R. Joshua Tobin and David

Hash Pile Ups: Using Collisions to Identify Unknown Hash Functions R. Joshua Tobin and David

Hash Pile Ups: Using Collisions to Identify Unknown Hash Functions R. Joshua Tobin and David Malone 11 October 2012 Hash Functions We are talking about hash functions for consistent assignment. For example, Hash tables, Network

448 views • 18 slides
Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about digital signatures... A Tale of Two Boxes A Tale of Two Boxes Much of today s applied cryptography works with two magic boxes A Tale of Two Boxes

1.68k views • 129 slides
Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about digital signatures... A Tale of Two Boxes A Tale of Two Boxes Much of today s applied cryptography works with two magic boxes A Tale of Two Boxes

1.37k views • 120 slides
Outline Hash Functions 1 Iterated Hash Functions CPSC 418/MATH 318 Introduction to Cryptography

Outline Hash Functions 1 Iterated Hash Functions CPSC 418/MATH 318 Introduction to Cryptography

Outline Hash Functions 1 Iterated Hash Functions CPSC 418/MATH 318 Introduction to Cryptography SHA-1 SHA-3 (Keccak) Hash Functions, SHA-3, Message Authentication Codes 2 Sponge Construction Keccak Overview Renate Scheidler Keccak

888 views • 14 slides
Cryptographic Hash Functions Signatures Requirements MD5 and SHA CSS441: Security and

Cryptographic Hash Functions Signatures Requirements MD5 and SHA CSS441: Security and

CSS441 Hash Functions Hash Functions Authentication Cryptographic Hash Functions Signatures Requirements MD5 and SHA CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by

1.04k views • 24 slides
References Cryptographic Hash Functions Hash Functions, Chapter 11 of Understanding

References Cryptographic Hash Functions Hash Functions, Chapter 11 of Understanding

References Cryptographic Hash Functions Hash Functions, Chapter 11 of Understanding Cryptography by Paar & Pelzl. & Mathematical Cryptography , by Keijo Ruohonen, http://math.tut.fi/~ruohonen/MC.pdf , pages 9899. Signature

255 views • 10 slides
Recent Results on Stream Ciphers Willi Meier 1 / 47 Overview - Stream Ciphers with Small State

Recent Results on Stream Ciphers Willi Meier 1 / 47 Overview - Stream Ciphers with Small State

ASK 2018, ISI Kolkata November 13, 2018 Recent Results on Stream Ciphers Willi Meier 1 / 47 Overview - Stream Ciphers with Small State - A generic TMD tradeoff distinguisher - High-order differentials - Cryptanalysis with division property

944 views • 47 slides
Spring 2010: CS419 Computer Security MAC, HMAC, Hash functions and DSA Vinod Ganapathy Lecture

Spring 2010: CS419 Computer Security MAC, HMAC, Hash functions and DSA Vinod Ganapathy Lecture

Spring 2010: CS419 Computer Security MAC, HMAC, Hash functions and DSA Vinod Ganapathy Lecture 6 Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of

728 views • 44 slides
13 - Computer Security Hashing 1 Solution : hash

13 - Computer Security Hashing 1 Solution : hash

13 - Computer Security Hashing 1 Solution : hash function 0 1 n - h x 0 1 - h x is the hash/digest of x Context Goal - Represent large/sensitive message by a smaller one - Numerous

1.14k views • 68 slides
A Family of Fast Syndrome Based Cryptographic Hash Functions Daniel Augot, Matthieu Finiasz and

A Family of Fast Syndrome Based Cryptographic Hash Functions Daniel Augot, Matthieu Finiasz and

A Family of Fast Syndrome Based Cryptographic Hash Functions Daniel Augot, Matthieu Finiasz and Nicolas Sendrier Part I General Facts about Hash Functions The Merkle-Damg ard construction D Padding + length n n n o o o i i i s s

393 views • 25 slides
Structural Attacks on Two SHA-3 Candidates: Blender- n and DCH- n Mario Lamberger and Florian

Structural Attacks on Two SHA-3 Candidates: Blender- n and DCH- n Mario Lamberger and Florian

Institute for Applied Information Processing and Communications (IAIK) - Krypto Structural Attacks on Two SHA-3 Candidates: Blender- n and DCH- n Mario Lamberger and Florian Mendel Institute for Applied Information Processing and Communications

623 views • 37 slides
Security and Cooperation in Wireless Networks Additional Problems edited by Levente Butty an

Security and Cooperation in Wireless Networks Additional Problems edited by Levente Butty an

Security and Cooperation in Wireless Networks Additional Problems edited by Levente Butty an and Jean-Pierre Hubaux July 2009 Lausanne Preface The problems hereafter have been generated by students participating in the course Security and

480 views • 15 slides
Log2fs or how to achieve 150.000 IO/s J orn Engel Lazybastard.org September 24, 2010 J

Log2fs or how to achieve 150.000 IO/s J orn Engel Lazybastard.org September 24, 2010 J

Hardware Compression costs Log2 Advanced Credit Log2fs or how to achieve 150.000 IO/s J orn Engel Lazybastard.org September 24, 2010 J orn Engel Log2fs or how to achieve 150.000 IO/s Hardware Compression costs Log2 Advanced Credit

959 views • 38 slides
Revisiting MAC Forgeries, Weak Keys and Provable Security of GCM Bo Zhu, Yin Tan and Guang Gong

Revisiting MAC Forgeries, Weak Keys and Provable Security of GCM Bo Zhu, Yin Tan and Guang Gong

Revisiting MAC Forgeries, Weak Keys and Provable Security of GCM Bo Zhu, Yin Tan and Guang Gong University of Waterloo, Canada CANS 2013 Nov 20, 2013 1 of 28 MAC Forgeries, Weak Keys and Provable Security of GCM Galois/Counter Mode (GCM)

957 views • 56 slides

More recommend