SlideShare a Scribd company logo

A Good Hash Function is Hard to Find, and Vice Versa

Joshua Holden
Joshua Holden

Secure hash functions are the unsung heroes of modern cryptography. Introductory courses in cryptography often leave them out --- since they don't have a secret key, it is difficult to use hash functions by themselves for cryptography. In addition, most theoretical discussions of cryptographic systems can get by without mentioning them. However, for secure practical implementations of public-key ciphers, digital signatures, and many other systems they are indispensable. In this talk I will discuss the requirements for a secure hash function and relate my attempts to come up with a "toy" system which both reasonably secure and also suitable for students to work with by hand in a classroom setting.

1 of 30
Download to read offline
A Good Hash Function is Hard to Find, and Vice Versa This is a really long string of text which is going to Joshua Holden be the input to our hash function. Rose-Hulman Institute of Technology 01100011
A hash function is any function which takes an arbitrarily long string as input and gives a fixed-length output. Input: (“Message”) This is a really long string of text which is going to be the input to our hash function. Output: 01100011 (“Hash value”) 2
An example: Write the message in rows of five letters, convert to numbers, add down the columns modulo 26. Input: HELLO  07 04 11 11 14 (“Message”) MYNAM  12 24 13 00 12 EISAL  04 08 18 00 11 ICEXX  08 02 04 23 23 05 12 20 08 08 Output: F M U I I (“Hash value”) [Barr, Invitation to Cryptology] 3
A hash function is not: M h M an encoding. 4
A hash function is not: M h M M M M h h h an encoding. secret. 5
What is a hash function good for? Maybe to make sure a message hasn’t been altered. Alice Eve Bob Hi, Bob, this is Hi, Bob, this is Hi, Bob, this is Eve. Alice. Eve. 00011100 00011100 00110001, not 00011100 6
What is a hash function good for? Maybe to make sure a message hasn’t been altered. Hey! Alice Eve Bob Hi, Bob, this is Hi, Bob, this is Hi, Bob, this is Eve. Alice. Eve. 00011100 00011100 00110001, not 00011100 7
But of course, Eve could change the hash value as well as the message. ? Alice Eve Bob Hi, Bob, this is Hi, Bob, this is Hi, Bob, this is Eve. Alice. Eve. 00011100 00110001 Hash values by themselves only protect against 00110001 unintentional changes. 8
Alice could prevent this by “digitally signing” the hash value. Alice Eve Bob Hi, Bob, this is Hi, Bob, this is Hi, Bob, this is Eve. Alice. Eve. 00011100 00011100 Digitally signing a hash value is much more 00110001 efficient than signing a whole message! 9
What properties do we want a hash function to have? 1. It should be fast to compute. 10
What properties do we want a hash function to have? 1. It should be fast to compute. 2. It should distribute hash values evenly. M1 M2 M3 M4 M5 M6 h1 h2 h3 11
But for cryptographic purposes a hash function should also be “cryptographically secure”. M h 1. “One-way” a.k.a. “preimage-resistant” 12
But for cryptographic purposes a hash function should also be “cryptographically secure”. M h 1. “One-way” a.k.a. “preimage-resistant” M1 2. “Second-preimage resistant” M2 h 13
But for cryptographic purposes a hash function should also be “cryptographically secure”. M h 1. “One-way” a.k.a. “preimage-resistant” M1 2. “Second-preimage resistant” M2 h M1 h 3. “Collision-resistant” M2 14
One common way that real hash functions achieve these goals is with the Merkle-Damgård construction. [Wikipedia] IV = Initialization vector f = Compression function If the compression function is collision-resistant, then so is the hash function. 15
Some common hash functions that use the Merkle-Damgård construction: [Wikipedia] By Ronald Rivest: By NIST and the NSA: • MD4 (Message Digest • SHA (Secure Hash Algorithm) algorithm 4) • SHA-1 (slightly tweaked • MD5 (an improved version version of SHA) of MD4) • SHA-2 (significant revision of SHA-1) 16
The compression function of MD5 is fairly typical of all of these ciphers. 16 “steps” message word nonlinear function diffusion round constant feedforward permutation MD5 compression function One “step” of the function [Stallings, Cryptography and Network Security] 17
My goals for a new hash function: 1. Can be done without a computer in a class period. 18
My goals for a new hash function: 1. Can be done without a computer in a class period. 2. Reasonably secure. 19
My goals for a new hash function: 1. Can be done without a computer in a class period. 2. Reasonably secure. 3. Uses elements from “real” hash functions. 20
My goals for a new hash function: 1. Can be done without a computer in a class period. 2. Reasonably secure. 3. Uses elements from “real” hash functions. 4. “Optimized” for a four-function calculator. 21
Our first example doesn’t stack up too well. HELLO  07 04 11 11 14 MYNAM  12 24 13 00 12 EISAL  04 08 18 00 11 ICEXX  08 02 04 23 23 05 12 20 08 08 F M U I I 1. Can be done without a computer in a class period? Yes. 2. Reasonably secure? No The problem is that it’s too easy to work backwards from the hash to the preimage. 22
My first try: JHA (2000) hash = (7 x # of vowels – 3 x # of consonants + # of spaces 2) modulo 17 Hello my name is Alice (7 x 8 – 3 x 10 + 42) modulo 17 = 8 1. Can be done without a computer in a class period? Yes. 2. Reasonably secure? Not especially. Preimages are not that easy, but second preimages and collisions are. 23
My second try: JHA-1 (2010) hash = 5(7 x # of vowels – 3 x # of consonants + # of spaces2) modulo 17 Hello my name is Alice 5(7 x 8 – 3 x 10 + 42) modulo 17 = 9 1. Can be done without a computer in a class period? Yes. 2. Reasonably secure? A little better. Preimages are even harder, but second preimages and collisions are still not that hard. 24
My latest try: JHA-2 (2011), uses Merkle-Damgård. Convert letters to numbers, each block is one letter (two digits) Two-digit length of message IV = 76 No special finalization 25
JHA-2 compression function: A B New message block + Operations are modulo 100 diffusion* x7 permutation feedforward + *Thanks to Michael Pridal-LoPiccolo! 26
An example: H e l l o m y n a m e i s A l i c e 07 04 11 11 14 12 24 13 00 12 04 08 18 00 11 08 02 04 18 76 + 07 new block 83 x 7 81 18 + 76 feedforward 94 + 04 new block . . 27 .
An example: H e l l o m y n a m e 07 04 11 11 14 12 24 13 00 12 04 76 94 62 73 61 13 70 55 22 67 02 26 i s A l i c e 08 18 00 11 08 02 04 18 09 07 01 49 48 53 52 61 Hello, my name is Alice. Hello, my name 61 is Alice. 61 28
An example: H e l l o m y n a m e 07 04 11 11 14 12 24 13 00 12 04 76 94 62 73 61 13 70 55 22 67 02 26 i s A l i c e 08 18 00 11 08 02 04 18 Hi, 09 07 01 49 48 53 52 61 Alice! Hello, my name is Alice. Hello, my name 61 is Alice. 61 29
T h a n k s f o r 19 07 00 13 10 18 05 14 17 76 32 69 07 11 85 97 38 84 54 l i s t e n i n g 11 08 18 19 04 13 08 13 06 18 09 00 62 38 87 87 43 72 36 23 Bye! http://www.rose-hulman.edu/~holden 30

Recommended

Computer notes - The const Keyword
Computer notes - The const KeywordComputer notes - The const Keyword
Computer notes - The const Keyword
ecomputernotes
 
Computer notes - Mergesort
Computer notes - MergesortComputer notes - Mergesort
Computer notes - Mergesort
ecomputernotes
 
data structure(tree operations)
data structure(tree operations)data structure(tree operations)
data structure(tree operations)
Waheed Khalid
 
Computer notes - Hashing
Computer notes - HashingComputer notes - Hashing
Computer notes - Hashing
ecomputernotes
 
Huffman Coding
Huffman CodingHuffman Coding
Huffman CodingEhtisham Ali
 
The Interplay Between Art and Math: Lessons from a STEM-based Art and Math co...
The Interplay Between Art and Math: Lessons from a STEM-based Art and Math co...The Interplay Between Art and Math: Lessons from a STEM-based Art and Math co...
The Interplay Between Art and Math: Lessons from a STEM-based Art and Math co...
Joshua Holden
 
Between the Two Cultures: Teaching Math and Art to Engineers (and Scientists ...
Between the Two Cultures: Teaching Math and Art to Engineers (and Scientists ...Between the Two Cultures: Teaching Math and Art to Engineers (and Scientists ...
Between the Two Cultures: Teaching Math and Art to Engineers (and Scientists ...
Joshua Holden
 
Statistics for fixed points of x ↦ x^x mod p
Statistics for fixed points of x ↦ x^x mod pStatistics for fixed points of x ↦ x^x mod p
Statistics for fixed points of x ↦ x^x mod p
Joshua Holden
 

Recommended

Computer notes - The const Keyword
Computer notes - The const KeywordComputer notes - The const Keyword
Computer notes - The const Keyword
ecomputernotes
 
Computer notes - Mergesort
Computer notes - MergesortComputer notes - Mergesort
Computer notes - Mergesort
ecomputernotes
 
data structure(tree operations)
data structure(tree operations)data structure(tree operations)
data structure(tree operations)
Waheed Khalid
 
Computer notes - Hashing
Computer notes - HashingComputer notes - Hashing
Computer notes - Hashing
ecomputernotes
 
Huffman Coding
Huffman CodingHuffman Coding
Huffman CodingEhtisham Ali
 
The Interplay Between Art and Math: Lessons from a STEM-based Art and Math co...
The Interplay Between Art and Math: Lessons from a STEM-based Art and Math co...The Interplay Between Art and Math: Lessons from a STEM-based Art and Math co...
The Interplay Between Art and Math: Lessons from a STEM-based Art and Math co...
Joshua Holden
 
Between the Two Cultures: Teaching Math and Art to Engineers (and Scientists ...
Between the Two Cultures: Teaching Math and Art to Engineers (and Scientists ...Between the Two Cultures: Teaching Math and Art to Engineers (and Scientists ...
Between the Two Cultures: Teaching Math and Art to Engineers (and Scientists ...
Joshua Holden
 
Statistics for fixed points of x ↦ x^x mod p
Statistics for fixed points of x ↦ x^x mod pStatistics for fixed points of x ↦ x^x mod p
Statistics for fixed points of x ↦ x^x mod p
Joshua Holden
 
Teaching the Group Theory of Permutation Ciphers
Teaching the Group Theory of Permutation CiphersTeaching the Group Theory of Permutation Ciphers
Teaching the Group Theory of Permutation Ciphers
Joshua Holden
 
Granny’s Not So Square, After All: Hyperbolic Tilings with Truly Hyperbolic C...
Granny’s Not So Square, After All: Hyperbolic Tilings with Truly Hyperbolic C...Granny’s Not So Square, After All: Hyperbolic Tilings with Truly Hyperbolic C...
Granny’s Not So Square, After All: Hyperbolic Tilings with Truly Hyperbolic C...
Joshua Holden
 
Stitching Graphs and Painting Mazes: Problems in Generalizations of Eulerian ...
Stitching Graphs and Painting Mazes: Problems in Generalizations of Eulerian ...Stitching Graphs and Painting Mazes: Problems in Generalizations of Eulerian ...
Stitching Graphs and Painting Mazes: Problems in Generalizations of Eulerian ...
Joshua Holden
 
A statistical look at maps of the discrete logarithm
A statistical look at maps of the discrete logarithmA statistical look at maps of the discrete logarithm
A statistical look at maps of the discrete logarithm
Joshua Holden
 
Mapping the discrete logarithm
Mapping the discrete logarithmMapping the discrete logarithm
Mapping the discrete logarithm
Joshua Holden
 
Fixed points and two-cycles of the self-power map
Fixed points and two-cycles of the self-power mapFixed points and two-cycles of the self-power map
Fixed points and two-cycles of the self-power map
Joshua Holden
 
Braids, Cables, and Cells II: Representing Art and Craft with Mathematics and...
Braids, Cables, and Cells II: Representing Art and Craft with Mathematics and...Braids, Cables, and Cells II: Representing Art and Craft with Mathematics and...
Braids, Cables, and Cells II: Representing Art and Craft with Mathematics and...
Joshua Holden
 
How Do You Say 'Cryptography' in Romanian?
How Do You Say 'Cryptography' in Romanian?How Do You Say 'Cryptography' in Romanian?
How Do You Say 'Cryptography' in Romanian?Joshua Holden
 
Braids, Cables, and Cells: An intersection of Mathematics, Computer Science, ...
Braids, Cables, and Cells: An intersection of Mathematics, Computer Science, ...Braids, Cables, and Cells: An intersection of Mathematics, Computer Science, ...
Braids, Cables, and Cells: An intersection of Mathematics, Computer Science, ...
Joshua Holden
 
Math in Your Hands
Math in Your HandsMath in Your Hands
Math in Your Hands
Joshua Holden
 
Braids, Cables, and Cells I: An Interesting Intersection of Mathematics, Comp...
Braids, Cables, and Cells I: An Interesting Intersection of Mathematics, Comp...Braids, Cables, and Cells I: An Interesting Intersection of Mathematics, Comp...
Braids, Cables, and Cells I: An Interesting Intersection of Mathematics, Comp...
Joshua Holden
 
How to Paint Your Way out of a Maze
How to Paint Your Way out of a MazeHow to Paint Your Way out of a Maze
How to Paint Your Way out of a Maze
Joshua Holden
 
Blackwork embroidery and algorithms for maze traversals
Blackwork embroidery and algorithms for maze traversalsBlackwork embroidery and algorithms for maze traversals
Blackwork embroidery and algorithms for maze traversals
Joshua Holden
 
Mathematical Cryptography
Mathematical CryptographyMathematical Cryptography
Mathematical Cryptography
Joshua Holden
 
Understanding the Magic: Teaching Cryptography with Just the Right Amount of ...
Understanding the Magic: Teaching Cryptography with Just the Right Amount of ...Understanding the Magic: Teaching Cryptography with Just the Right Amount of ...
Understanding the Magic: Teaching Cryptography with Just the Right Amount of ...
Joshua Holden
 
Modular Arithmetic and Trap Door Ciphers
Modular Arithmetic and Trap Door CiphersModular Arithmetic and Trap Door Ciphers
Modular Arithmetic and Trap Door Ciphers
Joshua Holden
 
The Pohlig-Hellman Exponentiation Cipher as a Bridge Between Classical and Mo...
The Pohlig-Hellman Exponentiation Cipher as a Bridge Between Classical and Mo...The Pohlig-Hellman Exponentiation Cipher as a Bridge Between Classical and Mo...
The Pohlig-Hellman Exponentiation Cipher as a Bridge Between Classical and Mo...
Joshua Holden
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
chanes7
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 

More Related Content

More from Joshua Holden

Teaching the Group Theory of Permutation Ciphers
Teaching the Group Theory of Permutation CiphersTeaching the Group Theory of Permutation Ciphers
Teaching the Group Theory of Permutation Ciphers
Joshua Holden
 
Granny’s Not So Square, After All: Hyperbolic Tilings with Truly Hyperbolic C...
Granny’s Not So Square, After All: Hyperbolic Tilings with Truly Hyperbolic C...Granny’s Not So Square, After All: Hyperbolic Tilings with Truly Hyperbolic C...
Granny’s Not So Square, After All: Hyperbolic Tilings with Truly Hyperbolic C...
Joshua Holden
 
Stitching Graphs and Painting Mazes: Problems in Generalizations of Eulerian ...
Stitching Graphs and Painting Mazes: Problems in Generalizations of Eulerian ...Stitching Graphs and Painting Mazes: Problems in Generalizations of Eulerian ...
Stitching Graphs and Painting Mazes: Problems in Generalizations of Eulerian ...
Joshua Holden
 
A statistical look at maps of the discrete logarithm
A statistical look at maps of the discrete logarithmA statistical look at maps of the discrete logarithm
A statistical look at maps of the discrete logarithm
Joshua Holden
 
Mapping the discrete logarithm
Mapping the discrete logarithmMapping the discrete logarithm
Mapping the discrete logarithm
Joshua Holden
 
Fixed points and two-cycles of the self-power map
Fixed points and two-cycles of the self-power mapFixed points and two-cycles of the self-power map
Fixed points and two-cycles of the self-power map
Joshua Holden
 
Braids, Cables, and Cells II: Representing Art and Craft with Mathematics and...
Braids, Cables, and Cells II: Representing Art and Craft with Mathematics and...Braids, Cables, and Cells II: Representing Art and Craft with Mathematics and...
Braids, Cables, and Cells II: Representing Art and Craft with Mathematics and...
Joshua Holden
 
How Do You Say 'Cryptography' in Romanian?
How Do You Say 'Cryptography' in Romanian?How Do You Say 'Cryptography' in Romanian?
How Do You Say 'Cryptography' in Romanian?Joshua Holden
 
Braids, Cables, and Cells: An intersection of Mathematics, Computer Science, ...
Braids, Cables, and Cells: An intersection of Mathematics, Computer Science, ...Braids, Cables, and Cells: An intersection of Mathematics, Computer Science, ...
Braids, Cables, and Cells: An intersection of Mathematics, Computer Science, ...
Joshua Holden
 
Math in Your Hands
Math in Your HandsMath in Your Hands
Math in Your Hands
Joshua Holden
 
Braids, Cables, and Cells I: An Interesting Intersection of Mathematics, Comp...
Braids, Cables, and Cells I: An Interesting Intersection of Mathematics, Comp...Braids, Cables, and Cells I: An Interesting Intersection of Mathematics, Comp...
Braids, Cables, and Cells I: An Interesting Intersection of Mathematics, Comp...
Joshua Holden
 
How to Paint Your Way out of a Maze
How to Paint Your Way out of a MazeHow to Paint Your Way out of a Maze
How to Paint Your Way out of a Maze
Joshua Holden
 
Blackwork embroidery and algorithms for maze traversals
Blackwork embroidery and algorithms for maze traversalsBlackwork embroidery and algorithms for maze traversals
Blackwork embroidery and algorithms for maze traversals
Joshua Holden
 
Mathematical Cryptography
Mathematical CryptographyMathematical Cryptography
Mathematical Cryptography
Joshua Holden
 
Understanding the Magic: Teaching Cryptography with Just the Right Amount of ...
Understanding the Magic: Teaching Cryptography with Just the Right Amount of ...Understanding the Magic: Teaching Cryptography with Just the Right Amount of ...
Understanding the Magic: Teaching Cryptography with Just the Right Amount of ...
Joshua Holden
 
Modular Arithmetic and Trap Door Ciphers
Modular Arithmetic and Trap Door CiphersModular Arithmetic and Trap Door Ciphers
Modular Arithmetic and Trap Door Ciphers
Joshua Holden
 
The Pohlig-Hellman Exponentiation Cipher as a Bridge Between Classical and Mo...
The Pohlig-Hellman Exponentiation Cipher as a Bridge Between Classical and Mo...The Pohlig-Hellman Exponentiation Cipher as a Bridge Between Classical and Mo...
The Pohlig-Hellman Exponentiation Cipher as a Bridge Between Classical and Mo...
Joshua Holden
 

More from Joshua Holden (17)

Teaching the Group Theory of Permutation Ciphers
Teaching the Group Theory of Permutation CiphersTeaching the Group Theory of Permutation Ciphers
Teaching the Group Theory of Permutation Ciphers
 
Granny’s Not So Square, After All: Hyperbolic Tilings with Truly Hyperbolic C...
Granny’s Not So Square, After All: Hyperbolic Tilings with Truly Hyperbolic C...Granny’s Not So Square, After All: Hyperbolic Tilings with Truly Hyperbolic C...
Granny’s Not So Square, After All: Hyperbolic Tilings with Truly Hyperbolic C...
 
Stitching Graphs and Painting Mazes: Problems in Generalizations of Eulerian ...
Stitching Graphs and Painting Mazes: Problems in Generalizations of Eulerian ...Stitching Graphs and Painting Mazes: Problems in Generalizations of Eulerian ...
Stitching Graphs and Painting Mazes: Problems in Generalizations of Eulerian ...
 
A statistical look at maps of the discrete logarithm
A statistical look at maps of the discrete logarithmA statistical look at maps of the discrete logarithm
A statistical look at maps of the discrete logarithm
 
Mapping the discrete logarithm
Mapping the discrete logarithmMapping the discrete logarithm
Mapping the discrete logarithm
 
Fixed points and two-cycles of the self-power map
Fixed points and two-cycles of the self-power mapFixed points and two-cycles of the self-power map
Fixed points and two-cycles of the self-power map
 
Braids, Cables, and Cells II: Representing Art and Craft with Mathematics and...
Braids, Cables, and Cells II: Representing Art and Craft with Mathematics and...Braids, Cables, and Cells II: Representing Art and Craft with Mathematics and...
Braids, Cables, and Cells II: Representing Art and Craft with Mathematics and...
 
How Do You Say 'Cryptography' in Romanian?
How Do You Say 'Cryptography' in Romanian?How Do You Say 'Cryptography' in Romanian?
How Do You Say 'Cryptography' in Romanian?
 
Braids, Cables, and Cells: An intersection of Mathematics, Computer Science, ...
Braids, Cables, and Cells: An intersection of Mathematics, Computer Science, ...Braids, Cables, and Cells: An intersection of Mathematics, Computer Science, ...
Braids, Cables, and Cells: An intersection of Mathematics, Computer Science, ...
 
Math in Your Hands
Math in Your HandsMath in Your Hands
Math in Your Hands
 
Braids, Cables, and Cells I: An Interesting Intersection of Mathematics, Comp...
Braids, Cables, and Cells I: An Interesting Intersection of Mathematics, Comp...Braids, Cables, and Cells I: An Interesting Intersection of Mathematics, Comp...
Braids, Cables, and Cells I: An Interesting Intersection of Mathematics, Comp...
 
How to Paint Your Way out of a Maze
How to Paint Your Way out of a MazeHow to Paint Your Way out of a Maze
How to Paint Your Way out of a Maze
 
Blackwork embroidery and algorithms for maze traversals
Blackwork embroidery and algorithms for maze traversalsBlackwork embroidery and algorithms for maze traversals
Blackwork embroidery and algorithms for maze traversals
 
Mathematical Cryptography
Mathematical CryptographyMathematical Cryptography
Mathematical Cryptography
 
Understanding the Magic: Teaching Cryptography with Just the Right Amount of ...
Understanding the Magic: Teaching Cryptography with Just the Right Amount of ...Understanding the Magic: Teaching Cryptography with Just the Right Amount of ...
Understanding the Magic: Teaching Cryptography with Just the Right Amount of ...
 
Modular Arithmetic and Trap Door Ciphers
Modular Arithmetic and Trap Door CiphersModular Arithmetic and Trap Door Ciphers
Modular Arithmetic and Trap Door Ciphers
 
The Pohlig-Hellman Exponentiation Cipher as a Bridge Between Classical and Mo...
The Pohlig-Hellman Exponentiation Cipher as a Bridge Between Classical and Mo...The Pohlig-Hellman Exponentiation Cipher as a Bridge Between Classical and Mo...
The Pohlig-Hellman Exponentiation Cipher as a Bridge Between Classical and Mo...
 

Recently uploaded

Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
chanes7
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
Peter Windle
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
Vivekanand Anglo Vedic Academy
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Thiyagu K
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
deeptiverma2406
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
Balvir Singh
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
kimdan468
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
DhatriParmar
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 

Recently uploaded (20)

Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 

A Good Hash Function is Hard to Find, and Vice Versa

  • 1. A Good Hash Function is Hard to Find, and Vice Versa This is a really long string of text which is going to Joshua Holden be the input to our hash function. Rose-Hulman Institute of Technology 01100011
  • 2. A hash function is any function which takes an arbitrarily long string as input and gives a fixed-length output. Input: (“Message”) This is a really long string of text which is going to be the input to our hash function. Output: 01100011 (“Hash value”) 2
  • 3. An example: Write the message in rows of five letters, convert to numbers, add down the columns modulo 26. Input: HELLO  07 04 11 11 14 (“Message”) MYNAM  12 24 13 00 12 EISAL  04 08 18 00 11 ICEXX  08 02 04 23 23 05 12 20 08 08 Output: F M U I I (“Hash value”) [Barr, Invitation to Cryptology] 3
  • 4. A hash function is not: M h M an encoding. 4
  • 5. A hash function is not: M h M M M M h h h an encoding. secret. 5
  • 6. What is a hash function good for? Maybe to make sure a message hasn’t been altered. Alice Eve Bob Hi, Bob, this is Hi, Bob, this is Hi, Bob, this is Eve. Alice. Eve. 00011100 00011100 00110001, not 00011100 6
  • 7. What is a hash function good for? Maybe to make sure a message hasn’t been altered. Hey! Alice Eve Bob Hi, Bob, this is Hi, Bob, this is Hi, Bob, this is Eve. Alice. Eve. 00011100 00011100 00110001, not 00011100 7
  • 8. But of course, Eve could change the hash value as well as the message. ? Alice Eve Bob Hi, Bob, this is Hi, Bob, this is Hi, Bob, this is Eve. Alice. Eve. 00011100 00110001 Hash values by themselves only protect against 00110001 unintentional changes. 8
  • 9. Alice could prevent this by “digitally signing” the hash value. Alice Eve Bob Hi, Bob, this is Hi, Bob, this is Hi, Bob, this is Eve. Alice. Eve. 00011100 00011100 Digitally signing a hash value is much more 00110001 efficient than signing a whole message! 9
  • 10. What properties do we want a hash function to have? 1. It should be fast to compute. 10
  • 11. What properties do we want a hash function to have? 1. It should be fast to compute. 2. It should distribute hash values evenly. M1 M2 M3 M4 M5 M6 h1 h2 h3 11
  • 12. But for cryptographic purposes a hash function should also be “cryptographically secure”. M h 1. “One-way” a.k.a. “preimage-resistant” 12
  • 13. But for cryptographic purposes a hash function should also be “cryptographically secure”. M h 1. “One-way” a.k.a. “preimage-resistant” M1 2. “Second-preimage resistant” M2 h 13
  • 14. But for cryptographic purposes a hash function should also be “cryptographically secure”. M h 1. “One-way” a.k.a. “preimage-resistant” M1 2. “Second-preimage resistant” M2 h M1 h 3. “Collision-resistant” M2 14
  • 15. One common way that real hash functions achieve these goals is with the Merkle-Damgård construction. [Wikipedia] IV = Initialization vector f = Compression function If the compression function is collision-resistant, then so is the hash function. 15
  • 16. Some common hash functions that use the Merkle-Damgård construction: [Wikipedia] By Ronald Rivest: By NIST and the NSA: • MD4 (Message Digest • SHA (Secure Hash Algorithm) algorithm 4) • SHA-1 (slightly tweaked • MD5 (an improved version version of SHA) of MD4) • SHA-2 (significant revision of SHA-1) 16
  • 17. The compression function of MD5 is fairly typical of all of these ciphers. 16 “steps” message word nonlinear function diffusion round constant feedforward permutation MD5 compression function One “step” of the function [Stallings, Cryptography and Network Security] 17
  • 18. My goals for a new hash function: 1. Can be done without a computer in a class period. 18
  • 19. My goals for a new hash function: 1. Can be done without a computer in a class period. 2. Reasonably secure. 19
  • 20. My goals for a new hash function: 1. Can be done without a computer in a class period. 2. Reasonably secure. 3. Uses elements from “real” hash functions. 20
  • 21. My goals for a new hash function: 1. Can be done without a computer in a class period. 2. Reasonably secure. 3. Uses elements from “real” hash functions. 4. “Optimized” for a four-function calculator. 21
  • 22. Our first example doesn’t stack up too well. HELLO  07 04 11 11 14 MYNAM  12 24 13 00 12 EISAL  04 08 18 00 11 ICEXX  08 02 04 23 23 05 12 20 08 08 F M U I I 1. Can be done without a computer in a class period? Yes. 2. Reasonably secure? No The problem is that it’s too easy to work backwards from the hash to the preimage. 22
  • 23. My first try: JHA (2000) hash = (7 x # of vowels – 3 x # of consonants + # of spaces 2) modulo 17 Hello my name is Alice (7 x 8 – 3 x 10 + 42) modulo 17 = 8 1. Can be done without a computer in a class period? Yes. 2. Reasonably secure? Not especially. Preimages are not that easy, but second preimages and collisions are. 23
  • 24. My second try: JHA-1 (2010) hash = 5(7 x # of vowels – 3 x # of consonants + # of spaces2) modulo 17 Hello my name is Alice 5(7 x 8 – 3 x 10 + 42) modulo 17 = 9 1. Can be done without a computer in a class period? Yes. 2. Reasonably secure? A little better. Preimages are even harder, but second preimages and collisions are still not that hard. 24
  • 25. My latest try: JHA-2 (2011), uses Merkle-Damgård. Convert letters to numbers, each block is one letter (two digits) Two-digit length of message IV = 76 No special finalization 25
  • 26. JHA-2 compression function: A B New message block + Operations are modulo 100 diffusion* x7 permutation feedforward + *Thanks to Michael Pridal-LoPiccolo! 26
  • 27. An example: H e l l o m y n a m e i s A l i c e 07 04 11 11 14 12 24 13 00 12 04 08 18 00 11 08 02 04 18 76 + 07 new block 83 x 7 81 18 + 76 feedforward 94 + 04 new block . . 27 .
  • 28. An example: H e l l o m y n a m e 07 04 11 11 14 12 24 13 00 12 04 76 94 62 73 61 13 70 55 22 67 02 26 i s A l i c e 08 18 00 11 08 02 04 18 09 07 01 49 48 53 52 61 Hello, my name is Alice. Hello, my name 61 is Alice. 61 28
  • 29. An example: H e l l o m y n a m e 07 04 11 11 14 12 24 13 00 12 04 76 94 62 73 61 13 70 55 22 67 02 26 i s A l i c e 08 18 00 11 08 02 04 18 Hi, 09 07 01 49 48 53 52 61 Alice! Hello, my name is Alice. Hello, my name 61 is Alice. 61 29
  • 30. T h a n k s f o r 19 07 00 13 10 18 05 14 17 76 32 69 07 11 85 97 38 84 54 l i s t e n i n g 11 08 18 19 04 13 08 13 06 18 09 00 62 38 87 87 43 72 36 23 Bye! http://www.rose-hulman.edu/~holden 30