Hash Techniques in Cryptography

6,643 views

Published on

Published in: Education
0 Comments
11 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
6,643
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
11
Embeds 0
No embeds

No notes for slide
  • one-way hashes are used to verify something without necessarily giving away the original information . eg, unix stores hashes of passwords instead of the passwords themselves. when a user enters their password, the system computes the hash of it and compares it to the hashes listed in /etc/passwd. since you can't run the hash function in reverse, the system knows that the password you entered is the right one. the crypt that unix uses doesn't really reduce the size but is a similar idea. hashes and digests like MD5 are an integral part of digital signatures.
  • MAJ(x,y,z)=xy XOR xz XOR yzIF(x,y,z)=xy XOR xz XOR z
  • Updating rule : ai=(ai-4+fi(ai-1,ai-2,ai-3)+mwi+ci)<<si, 0<=i<=47
  • Compression functions: majority function, conditional function, rotate function
  • Hash Techniques in Cryptography

    1. 1. HASH TECHNIQUES IN CRYPTOGRAPHY
    2. 2. HASH FUNCTION Hash is the method which is used to compress the string. Message H a Digest  E.g. H { 0, 1 }* -> { 0, 1 }n ;n is +ve integer (variable size) s (fixed size) h The input is called „message‟ and output is „digest‟. Why we use this? Crypto hash function must provide :  Compression-Output length is small and fixed.  Efficiency- H(x) is easy to compute for any x.  Digest hides the possible string of message.
    3. 3. PROPERTIES One way/Preimage Resistance –  given a value y it is infeasible to find an x such that h(x) = y Weak collision resistance /Second preimage-  given x and h(x), infeasible to find y x such that h(y) = h(x) Strong collision resistance –  infeasible to find any x and y, with x y such that h(x) = h(y)Many collisions exist, but cannot find any
    4. 4. SIMPLE HASH FUNCTIONS There are several proposals for simple functions based on XOR of message blocks  not secure since can manipulate any message and either not change hash or change hash also need a stronger cryptographic function
    5. 5. MERKLE-DAMGARDMerkle-Damgard iteration:1. Start from a “compression function” |M|=b=512  h: {0,1}b+n{0,1}n bits h c =160 bits d=h(c,M)=160 bits2. Iterate it M1 M2 ML-1 ML IV=d0 h d1 h d2 … h dL-1 h dL d=H(M)
    6. 6. SECURITY REQUIREMENTS Deterministic hashing Stronger  Attacker chooses M, d=H(M) Hashing with a random salt  Attackerchooses M, then good guy chooses public salt, d=H(salt,M) Hashing random messages M random, d=H(M) Hashing with a secret key  Attacker chooses M, d=H(key,M) Weaker
    7. 7.  Deterministic hashing  Attacker cannot find M,M‟ such that H(M)=H(M‟)  Hard to find fixed-points, near-collisions, M s.t. H(M) has low Hamming weight, etc. Hashing with random salt  Attacker chooses M, then given random salt, cannot find M’ such that H(salt,M)=H(salt,M’)
    8. 8.  Hashing random messages  Given random M, attacker cannot find M’ such that H(M)=H(M’) Hashing with a secret key  The mapping M->H(key,M) for secret key looks random to an attacker
    9. 9. SOME APPLICATIONS Signatures: sign(M) = RSA-1( H(M) ) Message-authentication: tag=H(key,M) Commitment: commit(M) = H(M,…) Key derivation: AES-key = H(DH-value)
    10. 10.  Digital signatures  Hash-then-sign paradigm  First shorten the message, d = H(M)  Then sign the digest, s = SIGN(d) Message authentication  Sender, Receiver, share a secret key  Compute an authentication tag  tag = MAC(key, M)  Sender sends (M, tag)  Receiver verifies that tag matches M  Attacker cannot forge tags without key
    11. 11. CAUSE Digest d=H(M) chosen uniformly for each M  Digest d=H(M) has no correlation with M  For distinct M1,M2,…, digests di=H(Mi) are completely uncorrelated to each other  Cannot find collisions, or even near-collisions  Cannot find M to “hit” a specific d  Cannot find fixed-points (d = H(d))
    12. 12. COMPRESSION FUNCTION • Made for Scratch: This compression techniques specifically designed for this purpose.  Message Digest(MD)  Secure Hash Algorithm(SHA) • Based on Block Ciphers: This function is used for encryption.  Rabin Scheme(DES)  Matyas-Meyer-Oseas Scheme(AES)  Miyaguchi-preneel Scheme(Whirlpool)
    13. 13. MD4 Inputs: Message M of 512 bits i.e. m0,m1,..,m15 each 32bits. Register : A [a0,a1,a2,..,a47 ] can update using updating rules. Bitwise Boolean Function :  XOR(x,y,z)  MAJ(x,y,z)  IF(x,y,z)
    14. 14. MD4 Algorithm: Boolean Function 0…15 use IF Updating Circular leftMessage Padding 16…31 use MAJ Rules shift 31…47 use XOR MD5 functions:  F(x,y,z)=IF(x,y,z)  G(x,y,z)=(x AND y) OR (y AND ( NOT z))  H(x,y,z)=XOR(x,y,z)  I(x,y,z)=y XOR ( x OR ( NOT z))
    15. 15. MD5 Advantages:  Speed- Fastest cryptographic hash function.  Convenience- as nearly every platform has a built-in MD5 hash function. Disadvantages:  Lack of security- MD5 can be broken relatively easily and is no longer suitable for use in secure systems. Use MD5 only as a checksum hash, like CRC.  MD5 is also significantly slower than CRC.
    16. 16. SHA-512 ALGORITHM Augmented message: multiple of 1024 bit blocks 1024 bits 1024 bits 1024 bits Compression Compression Compression function function function 512 bits 512 bits 512 bits 512 bits 512 bits Message Initial value digest
    17. 17.  Advantages:  User-secure. Safe from attack for probably a few decades. Disadvantages:  Slowest hash function- For a system with high transaction rate, these hash functions can take a significant toll on the CPU.
    18. 18. REFERENCES.. Cryptography and Network Security by A.Forouzan, 2nd Edition, Tata McGraw Hill http://www.freebsd.org/doc/en_US.ISO8859- 1/books/handbook/crypt.html http://www.dacris.com/blog/2011/08/18/uni que-keys-hashing-and-encryption/ http://en.wikipedia.org/wiki/SHA-2
    19. 19. THANK YOU Presented by Basudev Saha M.Tech(I.T) University of CalcuttaRoll No-97/ITM/110009

    ×