2. Hash Functions
Hash Functions
◦condense arbitrary size message to fixed size
◦by processing message in blocks
◦through some compression function
◦either custom or block cipher based
◦It takes variable length block of data M as input and produces a
fixed size hash value h
where h=H(M)
2
5. Hash Functions
Properties of good hash function
◦Output produced is truly random in nature and evenly
distributed.
◦A change to any bit or bits in Message should result into big
change in the hash code.
5
6. Cryptographic Hash
Function
It is an algorithm for which it is computationally infeasible to
find:
A data object that maps to predefined hash result (one
way property)
Two data objects that maps to the same hash
result( collision free property)
Because of these characters hash function are often used
to determine whether or not data has changed
6
8. Iterated hash function
All cryptographic hash functions need to create a fixed-size
digest out of a variable-size message . Creating such function is
best accomplished using iterations
Instead of using variable-size input, a function with fixed size
input is created and is used a necessary number of times.
This fixed-size input is referred as compression functioncompression function.
It compresses an n-bit string to create an m-bit string where n
is greater than m. this scheme is iterated cryptographic hashiterated cryptographic hash
functionsfunctions.
8
9. Two groups of
Compression
functions
Two approaches
compression function is made from Scratch
hash functions based on block ciphers
First approach
1.Message digest (MD)
2.Secure hash algorithm (SHA)
9
10. Secure Hash
Algorithm(SHA)
• The Secure Hash Algorithm is a family of cryptographic
hash functions published by the National Institute of
Standards and Technology (NIST) as a U.S. Federal
Information Processing Standard (FIPS). It sometimes
referred to as Secure Hash Standard (SHS).
10
11. SHA-0
Published in 1993
160-bit hash function
It was withdrawn shortly after publication due to
an undisclosed "significant flaw" and replaced by
the slightly revised version SHA-1
11
12. SHA-1
Published in 1995
160-bit hash function based on MD-5 algorithm
designed by the National Security Agency (NSA) to
be part of the Digital Signature Algorithm.
Cryptographic weaknesses were discovered in
SHA-1, and the standard was no longer approved
for most cryptographic uses after 2010.
12
13. SHA-2
Published in 2001.
Was wholly accepted by cryptographers in the year
2011.
A family of two similar hash functions, with different
block sizes, known as SHA-256 and SHA-512.
They differ in the word size;
SHA-256 uses 32-bit words where
SHA-512 uses 64-bit words.
13
14. Secure Hash
Algorithm(SHA)
SHA originally designed by NIST & NSA in 1993
was revised in 1995 as SHA-1
US standard for use with DSA signature scheme
◦standard is FIPS 180-1 1995, also Internet RFC3174
◦nb. the algorithm is SHA, the standard is SHS
based on design of MD5 with key differences
produces 160-bit hash values
recent 2005 results on security of SHA-1 have raised
concerns on its use in future applications
14
15. Revised Secure Hash
Standard
NIST issued revision FIPS 180-2 in 2001
adds 3 additional versions of SHA
◦SHA-256, SHA-384, SHA-512
designed for compatibility with increased security provided
by the AES cipher
structure & detail is similar to SHA-1
hence analysis should be similar
but security levels are rather higher
15
21. The processing of SHA-512 consists of the following
steps:
• Step 1: Append padding bits
• Step 2: Append length
• Step 3: Initialize hash buffer
• Step 4: Process the message in 1024-bit (128-
word) blocks, which forms the heart of the algorithm
• Step 5: Output the final state value as the
resulting hash
21
22. Padding bits to be appended in step
1
The message is padded so that its length is
congruent to 896 modulo 1024 [length = 896(mod
1024)]
This padding is always added, even if the message
is in desired length already.
Thus number of padding bits is in the range 1 to
1024.
It consists of a single 1 followed by necessary no. of
0’s.
22
23. Appending length in step 2
Here we add 128 bits consisting of the length of the
original message (before padding in Step 1).
The length of the message is taken in hexadecimal
format for adding in this 128 bit pad.
Thus the length of the block becomes of length
1024 ( = 896 + 128).
23
24. Length Field and Padding
( |M| + |P| + 128 ) = 0 mod 1024 -> |P| = ( - |M| - 128 ) MOD 1024
Format of the padding is one 1 followed by the
necessary number of 0s
24
25. Initialize Hash Buffer
A 512-bit buffer is used to hold intermediate and final results of the
hash function. The buffer can be represented as eight 64-bit registers
(a, b, c, d, e, f, g, h). These registers are initialized to the following 64-
bit integers (hexadecimal values):
a = 6A09E667F3BCC908 e = 510E527FADE682D1
b = BB67AE8584CAA73B d = A54FF53A5F1D36F1
c = 3C6EF372FE94F82B f = 9B05688C2B3E6C1F
g = 1F83D9ABFB41BD6B h = 5BE0CDI9137E2179
These values are stored in big-endianformat, which is the most
significant byte of a word in the low-address (leftmost) byte position.
These words were obtained by taking the first sixty-four bits of the
fractional parts of the square roots of the first eight prime numbers.
25
26. SHA-512 Compression
Function
heart of the algorithm
processing message in 1024-bit blocks
consists of 80 rounds
updating a 512-bit buffer divided in eight blocks, based on fractional
part of square root of first 8 prime numbers
using a 64-bit value Wt derived from the current message block
and a round constant based on cube root of first 80 prime numbers
26
30. The elements are:
Ch(e,f,g) = (e AND f) XOR (NOT e AND g)
Maj(a,b,c) = (a AND b) XOR (a AND c) XOR (b AND c)
∑(a) = ROTR(a,28) XOR ROTR(a,34) XOR ROTR(a,39)
∑(e) = ROTR(e,14) XOR ROTR(e,18) XOR ROTR(e,41)
+ = addition modulo 2^64
Kt = a 64-bit additive constant
Wt = a 64-bit word derived from the current 512-bit input block.
30
31. Calculation of W
Wt is used in each of the 80 rounds of each block
where t = ( 0 to 79). Each wt is of length 64 bits
Wt is calculated as follows:
First 16 Wt’s(0 to 15) are taken as it is from the
message (16 x 64=1024).
Rest of the Wt’s are calculated using the formula –
Wt= ∂1(x) [W(t-2)] + W(t-7) + ∂0(x) [W(t-15)] + W(t-
16).
31
33. The structure of each of the 80 rounds is shown. Each 64-bit
word shuffled along one place, and in some cases manipulated
using a series of simple logical functions (ANDs, NOTs, ORs, XORs,
ROTATEs), in order to provide the avalanche & completeness
properties of the hash function.
33
34. Initialize hash values:
first 64 bits of the fractional parts of the square roots of the first 8
primes 2..19):
h[0..7] :=
0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b,
0xa54ff53a5f1d36f1, 0x510e527fade682d1, 0x9b05688c2b3e6c1f,
0x1f83d9abfb41bd6b, 0x5be0cd19137e2179
34
36. Applications
The SHA-2 hash function is implemented in some widely used
security applications and protocols,
including TLS and SSL, PGP, SSH
SHA-512 is part of a system to authenticate archival video from
the International Criminal Tribunal of the Rwandan genocide
36
37. TLS and SSL
Transport Layer Security (TLS) and its predecessor, Secure
Sockets Layer (SSL), both of which are frequently referred
to as 'SSL', are cryptographic protocols designed to provide
communications security over a computer network. Several
versions of the protocols are in widespread use in
applications such as web browsing, email, Internet faxing,
instant messaging, and voice-over-IP (VoIP).
37
38. Pretty Good Privacy
Pretty Good Privacy (PGP) is a data encryption and
decryption computer program that provides cryptographic
privacy and authentication for data communication. PGP is
often used for signing, encrypting, and decrypting texts, e-
mails, files, directories, and whole disk partitions and to
increase the security of e-mail communications.
38
39. DNSSEC
The Domain Name System Security Extensions (DNSSEC) is a suite
of Internet Engineering Task Force (IETF) specifications for
securing certain kinds of information provided by the Domain
Name System (DNS) as used on Internet Protocol (IP) networks.
39
40. It is a set of extensions to DNS which provide to DNS clients
(resolvers) origin authentication of DNS data, authenticated
denial of existence, and data integrity, but not availability
or confidentiality.
40
41. SSH
Secure Shell, or SSH, is a cryptographic (encrypted) network
protocol to allow remote login and other network services
to operate securely over an unsecured network.
SSH provides a secure channel over an unsecured network
in a client-server architecture, connecting an SSH client
application with an SSH server.
41
42. Features of SHA-512
The algorithm is used to compute a message digest for a
message or data file that is provided as input.
The message or data file should be considered to be a bit
string.
The length of the message is the number of bits in the message
(the empty message has length 0).
42
43. If the number of bits in a message is a multiple of 8, for
compactness we can represent the message in hex.
The purpose of message padding is to make the total length of a
padded message a multiple of 512.
43
44. Why not SHA-1?
SHA-1 , a standard hash function developed by NIST,
creates digests of 160 bits. The function is attacks. To
launch a collision attack, the adversary needs to test 2160/2
= 280 tests in the collision algorithm. Even if the adversary
can perform 230 (more than one billion) tests in a second, it
takes 250 seconds (more than ten thousand years) to
launch an attack..
44
45. Drawback of SHA-2?
The SHA-2 functions were not quickly adopted, despite
better security than SHA-1.
Reasons might include lack of support for SHA-2 on
systems running Windows XP SP2 or older and a lack of
perceived urgency since SHA-1 collisions have not yet been
found.
45
46. SHA-512 is secure
The new hash function, that is a NIST standard, is SHA-512 ,
which has a 512-bit digest. This function is definitely
resistant to collision attacks based on the Random Oracle
Model. It needs 2512/2 = 2256 tests to find a collision with
the probability of 1/2.
46
