Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

Like this presentation? Why not share!

- Hash Function by Siddharth Srivastava 4123 views
- Hash Function & Analysis by Pawandeep Kaur 2164 views
- Secure hashing algorithm by Karteek Paruchuri 13528 views
- 5. message authentication and hash ... by Chirag Patel 2668 views
- Secure Hash Algorithm by Vishakha Agarwal 3616 views
- Hash function by Harry Potter 552 views

No Downloads

Total views

6,643

On SlideShare

0

From Embeds

0

Number of Embeds

1

Shares

0

Downloads

0

Comments

0

Likes

11

No embeds

No notes for slide

- 1. HASH TECHNIQUES IN CRYPTOGRAPHY
- 2. HASH FUNCTION Hash is the method which is used to compress the string. Message H a Digest E.g. H { 0, 1 }* -> { 0, 1 }n ;n is +ve integer (variable size) s (fixed size) h The input is called „message‟ and output is „digest‟. Why we use this? Crypto hash function must provide : Compression-Output length is small and fixed. Efficiency- H(x) is easy to compute for any x. Digest hides the possible string of message.
- 3. PROPERTIES One way/Preimage Resistance – given a value y it is infeasible to find an x such that h(x) = y Weak collision resistance /Second preimage- given x and h(x), infeasible to find y x such that h(y) = h(x) Strong collision resistance – infeasible to find any x and y, with x y such that h(x) = h(y)Many collisions exist, but cannot find any
- 4. SIMPLE HASH FUNCTIONS There are several proposals for simple functions based on XOR of message blocks not secure since can manipulate any message and either not change hash or change hash also need a stronger cryptographic function
- 5. MERKLE-DAMGARDMerkle-Damgard iteration:1. Start from a “compression function” |M|=b=512 h: {0,1}b+n{0,1}n bits h c =160 bits d=h(c,M)=160 bits2. Iterate it M1 M2 ML-1 ML IV=d0 h d1 h d2 … h dL-1 h dL d=H(M)
- 6. SECURITY REQUIREMENTS Deterministic hashing Stronger Attacker chooses M, d=H(M) Hashing with a random salt Attackerchooses M, then good guy chooses public salt, d=H(salt,M) Hashing random messages M random, d=H(M) Hashing with a secret key Attacker chooses M, d=H(key,M) Weaker
- 7. Deterministic hashing Attacker cannot find M,M‟ such that H(M)=H(M‟) Hard to find fixed-points, near-collisions, M s.t. H(M) has low Hamming weight, etc. Hashing with random salt Attacker chooses M, then given random salt, cannot find M’ such that H(salt,M)=H(salt,M’)
- 8. Hashing random messages Given random M, attacker cannot find M’ such that H(M)=H(M’) Hashing with a secret key The mapping M->H(key,M) for secret key looks random to an attacker
- 9. SOME APPLICATIONS Signatures: sign(M) = RSA-1( H(M) ) Message-authentication: tag=H(key,M) Commitment: commit(M) = H(M,…) Key derivation: AES-key = H(DH-value)
- 10. Digital signatures Hash-then-sign paradigm First shorten the message, d = H(M) Then sign the digest, s = SIGN(d) Message authentication Sender, Receiver, share a secret key Compute an authentication tag tag = MAC(key, M) Sender sends (M, tag) Receiver verifies that tag matches M Attacker cannot forge tags without key
- 11. CAUSE Digest d=H(M) chosen uniformly for each M Digest d=H(M) has no correlation with M For distinct M1,M2,…, digests di=H(Mi) are completely uncorrelated to each other Cannot find collisions, or even near-collisions Cannot find M to “hit” a specific d Cannot find fixed-points (d = H(d))
- 12. COMPRESSION FUNCTION • Made for Scratch: This compression techniques specifically designed for this purpose. Message Digest(MD) Secure Hash Algorithm(SHA) • Based on Block Ciphers: This function is used for encryption. Rabin Scheme(DES) Matyas-Meyer-Oseas Scheme(AES) Miyaguchi-preneel Scheme(Whirlpool)
- 13. MD4 Inputs: Message M of 512 bits i.e. m0,m1,..,m15 each 32bits. Register : A [a0,a1,a2,..,a47 ] can update using updating rules. Bitwise Boolean Function : XOR(x,y,z) MAJ(x,y,z) IF(x,y,z)
- 14. MD4 Algorithm: Boolean Function 0…15 use IF Updating Circular leftMessage Padding 16…31 use MAJ Rules shift 31…47 use XOR MD5 functions: F(x,y,z)=IF(x,y,z) G(x,y,z)=(x AND y) OR (y AND ( NOT z)) H(x,y,z)=XOR(x,y,z) I(x,y,z)=y XOR ( x OR ( NOT z))
- 15. MD5 Advantages: Speed- Fastest cryptographic hash function. Convenience- as nearly every platform has a built-in MD5 hash function. Disadvantages: Lack of security- MD5 can be broken relatively easily and is no longer suitable for use in secure systems. Use MD5 only as a checksum hash, like CRC. MD5 is also significantly slower than CRC.
- 16. SHA-512 ALGORITHM Augmented message: multiple of 1024 bit blocks 1024 bits 1024 bits 1024 bits Compression Compression Compression function function function 512 bits 512 bits 512 bits 512 bits 512 bits Message Initial value digest
- 17. Advantages: User-secure. Safe from attack for probably a few decades. Disadvantages: Slowest hash function- For a system with high transaction rate, these hash functions can take a significant toll on the CPU.
- 18. REFERENCES.. Cryptography and Network Security by A.Forouzan, 2nd Edition, Tata McGraw Hill http://www.freebsd.org/doc/en_US.ISO8859- 1/books/handbook/crypt.html http://www.dacris.com/blog/2011/08/18/uni que-keys-hashing-and-encryption/ http://en.wikipedia.org/wiki/SHA-2
- 19. THANK YOU Presented by Basudev Saha M.Tech(I.T) University of CalcuttaRoll No-97/ITM/110009

No public clipboards found for this slide

×
### Save the most important slides with Clipping

Clipping is a handy way to collect and organize the most important slides from a presentation. You can keep your great finds in clipboards organized around topics.

Be the first to comment