This document discusses cryptographic hash functions and their applications. It begins by defining hash functions and their properties, such as compressing variable-length strings into fixed-length digests. Commonly, hash functions are constructed using the Merkle-Damgård iteration method. The document then discusses how hash functions are used for digital signatures, message authentication codes, and other applications. It notes that while random functions are ideal, real hash functions have non-random properties that can enable attacks. The document examines approaches to designing hash functions and applications that are resilient to weaknesses in the underlying hash function.
Hash functions are used to compress variable length messages into fixed length digests. They provide compression, efficiency, and hide message content. Properties include one-way, weak collision, and strong collision resistance. Merkle-Damgard iteration is used to build cryptographic hash functions from compression functions. Applications include digital signatures, message authentication codes, and key derivation. Common hash functions are MD4, MD5, and SHA which use Boolean functions and updating rules in their algorithms. Hash functions provide security by making it difficult to find collisions or inputs that result in specific outputs.
The document discusses network security and techniques for providing message authentication and integrity, including message digests, message authentication codes, and hash functions. It describes how message digests and MACs can detect modifications to messages and prevent masquerading by using secret keys. It also covers attacks like preimage attacks and collision attacks that aim to undermine these integrity protections.
The document discusses hash-based digital signature schemes. It begins by describing Lamport-Diffie one-time signature schemes (OTS) and how Merkle extended it to create hash-based signature schemes. It then introduces optimizations like Winternitz OTS which improves efficiency by using hash function chains. The document outlines the XMSS scheme which applies additional techniques to XMSS like using a binary tree with bitmasks to halve the signature size. It notes the SPHINCS scheme eliminates state to allow for multi-threading and describes its instantiations like SPHINCS+-SHAKE256 which provide different efficiency tradeoffs.
This lecture introduces cryptocurrencies and the cryptographic concepts that enable them. It discusses hash functions and their properties like collision resistance. Digital signatures are explained as well as how public keys can represent identities. Simple cryptocurrency schemes are presented like GoofyCoin where a central party controls coin generation, and ScroogeCoin where a transaction history is published but one entity still controls validity. The goal of later lectures is to create a decentralized currency without a central trusted authority.
Cryptographic hash functions, message authentication codes (MACs), and digital signatures are discussed.
HMAC and CBC-MAC are introduced as methods to construct MACs from hash functions. HMAC incorporates a secret key into a hash function to provide message authentication. CBC-MAC uses a block cipher like DES in CBC mode.
Digital signatures are similar to MACs but use public-key cryptography like RSA. A digital signature provides both message authentication and non-repudiation. RSA can be used to generate signatures by signing a hash of the message with the private key.
This document discusses message authentication and the different functions that can be used for message authentication: message encryption, hash functions, and message authentication codes (MACs). It outlines the security requirements for message authentication and describes how symmetric and public-key encryption, hash functions, and MACs can provide authentication. It provides details on how MACs work and their properties. It also discusses hash functions and how they are used for message integrity checks, message authentication codes, and digital signatures.
This document discusses hash functions and the Secure Hash Algorithm 1 (SHA-1). It describes the goals of hash functions as providing a unique fingerprint of a message through fast computation of a digest in a way that is one-way and makes collisions difficult to find. SHA-1 is presented as iterating over message blocks to compress them into a 160-bit digest value through repeated applications of a compression function. The compression function expands each block before applying four rounds of nonlinear mixing via modular addition and bitwise operations. The document raises the prospect of birthday attacks finding collisions in SHA-1 and implies its security may degrade over time.
1. The document discusses message authentication codes (MACs) and how to construct them from block ciphers and hash functions.
2. A simple construction of MACs directly from a block cipher is presented, but it has weaknesses that are addressed by using counters or nonces. The CBC-MAC construction is also introduced.
3. Hash functions are defined in terms of collision resistance, and it is shown how to construct MACs by applying a block cipher to the hash of a message. The security of this approach relies on the underlying hash function and block cipher being secure.
Hash functions are used to compress variable length messages into fixed length digests. They provide compression, efficiency, and hide message content. Properties include one-way, weak collision, and strong collision resistance. Merkle-Damgard iteration is used to build cryptographic hash functions from compression functions. Applications include digital signatures, message authentication codes, and key derivation. Common hash functions are MD4, MD5, and SHA which use Boolean functions and updating rules in their algorithms. Hash functions provide security by making it difficult to find collisions or inputs that result in specific outputs.
The document discusses network security and techniques for providing message authentication and integrity, including message digests, message authentication codes, and hash functions. It describes how message digests and MACs can detect modifications to messages and prevent masquerading by using secret keys. It also covers attacks like preimage attacks and collision attacks that aim to undermine these integrity protections.
The document discusses hash-based digital signature schemes. It begins by describing Lamport-Diffie one-time signature schemes (OTS) and how Merkle extended it to create hash-based signature schemes. It then introduces optimizations like Winternitz OTS which improves efficiency by using hash function chains. The document outlines the XMSS scheme which applies additional techniques to XMSS like using a binary tree with bitmasks to halve the signature size. It notes the SPHINCS scheme eliminates state to allow for multi-threading and describes its instantiations like SPHINCS+-SHAKE256 which provide different efficiency tradeoffs.
This lecture introduces cryptocurrencies and the cryptographic concepts that enable them. It discusses hash functions and their properties like collision resistance. Digital signatures are explained as well as how public keys can represent identities. Simple cryptocurrency schemes are presented like GoofyCoin where a central party controls coin generation, and ScroogeCoin where a transaction history is published but one entity still controls validity. The goal of later lectures is to create a decentralized currency without a central trusted authority.
Cryptographic hash functions, message authentication codes (MACs), and digital signatures are discussed.
HMAC and CBC-MAC are introduced as methods to construct MACs from hash functions. HMAC incorporates a secret key into a hash function to provide message authentication. CBC-MAC uses a block cipher like DES in CBC mode.
Digital signatures are similar to MACs but use public-key cryptography like RSA. A digital signature provides both message authentication and non-repudiation. RSA can be used to generate signatures by signing a hash of the message with the private key.
This document discusses message authentication and the different functions that can be used for message authentication: message encryption, hash functions, and message authentication codes (MACs). It outlines the security requirements for message authentication and describes how symmetric and public-key encryption, hash functions, and MACs can provide authentication. It provides details on how MACs work and their properties. It also discusses hash functions and how they are used for message integrity checks, message authentication codes, and digital signatures.
This document discusses hash functions and the Secure Hash Algorithm 1 (SHA-1). It describes the goals of hash functions as providing a unique fingerprint of a message through fast computation of a digest in a way that is one-way and makes collisions difficult to find. SHA-1 is presented as iterating over message blocks to compress them into a 160-bit digest value through repeated applications of a compression function. The compression function expands each block before applying four rounds of nonlinear mixing via modular addition and bitwise operations. The document raises the prospect of birthday attacks finding collisions in SHA-1 and implies its security may degrade over time.
1. The document discusses message authentication codes (MACs) and how to construct them from block ciphers and hash functions.
2. A simple construction of MACs directly from a block cipher is presented, but it has weaknesses that are addressed by using counters or nonces. The CBC-MAC construction is also introduced.
3. Hash functions are defined in terms of collision resistance, and it is shown how to construct MACs by applying a block cipher to the hash of a message. The security of this approach relies on the underlying hash function and block cipher being secure.
The document discusses cryptographic hash functions, including an overview of their usage, properties, structures, attacks, and the need for a new secure hash standard. It describes how hash functions work by condensing arbitrary messages into fixed-size message digests. The properties of preimage resistance, second preimage resistance, and collision resistance are explained. Common hashing algorithms like MD5, SHA-1, and SHA-2 are outlined along with vulnerabilities like birthday attacks. The document concludes by noting the need to replace standards like MD5 and SHA-1 due to successful cryptanalysis attacks.
This document discusses cryptographic hash functions. It provides an overview of hash functions and their properties like producing a fixed-length digest from an arbitrary-length message. Common hash functions like MD5, SHA-1, and SHA-2 are described along with attacks against them. The need for a new secure hash standard, SHA-3, is explained due to weaknesses found in earlier standards like MD5 and SHA-1. The timeline and process for the SHA-3 competition to select a new standard by 2012 is summarized.
The document discusses cryptographic hash functions, including an overview of their usage, properties, structures, attacks, and the need for a new secure hash standard. Hash functions take an arbitrary-length message and condense it to a fixed length digest. They are used for applications like file integrity verification, password storage, and digital signatures. Key properties include producing fixed length outputs, and being preimage, second preimage, and collision resistant. Common hash functions like MD5 and SHA-1 have been broken or are becoming vulnerable to attacks. This highlights the need for a new secure hash standard with stronger security.
This document discusses cryptographic hash functions. It provides an overview of hash functions and their properties like producing a fixed-length digest from an arbitrary-length message. Common hash functions like MD5, SHA-1, and SHA-2 are described along with attacks against them. The need for a new secure hash standard, SHA-3, is explained due to weaknesses found in earlier standards like MD5 and SHA-1. The timeline and process for the SHA-3 competition to select a new standard by 2012 is summarized.
The document discusses cryptographic hash functions, including an overview of their usage, properties, structures, attacks, and the development of standards. Hash functions take an arbitrary-length message and generate a fixed-length digest. They are used for applications like file integrity verification, password storage, and digital signatures. Key properties include producing the same hash for identical messages, being preimage and second preimage resistant, and collision resistant. Common hash functions include MD5, SHA-1, SHA-2, and RIPEMD, with NIST developing new standards like SHA-3 due to attacks on older functions.
The document discusses cryptographic hash functions, including an overview of their usage, properties, structures, attacks, and the development of standards. Hash functions take an arbitrary-length message and generate a fixed-length digest. They are used for applications like file integrity verification, password storage, and digital signatures. Key properties include producing the same hash for identical messages, and being preimage and collision resistant. Common hash functions are based on the Merkle-Damgard structure and use compression functions. Attacks like birthday attacks aim to find collisions by processing many messages. Due to attacks on MD5 and concerns about SHA-1, NIST is developing a new secure hash standard called SHA-3.
The document discusses cryptographic hash functions, including an overview of their usage, properties, structures, attacks, and the need for a new secure hash standard. Hash functions take an arbitrary-length message and condense it to a fixed length digest. They are used for applications like file integrity verification, password storage, and digital signatures. Key properties include producing fixed length outputs, being preimage resistant (one-way), and collision resistant. Common hash functions like MD5 and SHA-1 have been broken or shown to be vulnerable to attacks. This highlights the need for a new secure hash standard with stronger security.
This document provides a summary of public key encryption and digital signatures. It begins by reviewing symmetric cryptography and its limitations in key distribution. It then introduces public key encryption, where each party has a public and private key pair. The document outlines the RSA algorithm and how it uses large prime number factorization problems to encrypt and decrypt messages. It also discusses how digital signatures can provide authentication, integrity, and non-repudiation for electronic messages and contracts using public key techniques like RSA.
This document discusses hash functions and their analysis for a network security seminar. It begins by defining a hash function as a mathematical function that converts a large amount of data into a small string of integers. Common applications of hash functions include hash tables for quickly searching data, eliminating data redundancy, caches, bloom filters, and pattern matching. Cryptographic hash functions have properties like preimage and second preimage resistance as well as collision resistance. Popular cryptographic hash functions discussed include MD2, MD4, MD5, SHA-1, and SHA-2, along with their advantages, limitations, and examples of attacks.
This document provides an introduction to security and cryptography. It begins with an overview of security goals like confidentiality, authenticity, integrity, and non-repudiation. It then discusses symmetric cryptography algorithms like DES and AES, and how they provide confidentiality. Asymmetric cryptography algorithms like RSA and ECC are introduced for providing authentication, non-repudiation through digital signatures, and facilitating key exchange. Hash functions are described for providing integrity and digital signatures. Modes of operation for block ciphers like CBC are covered. Popular algorithms and their application to security goals are summarized.
This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography help achieve them.
- Symmetric cryptography algorithms like DES, Triple DES, and AES as well as modes of operation like CBC.
- Asymmetric cryptography concepts like public/private key pairs, digital signatures, and how RSA works.
- Other cryptographic tools like hash functions, message authentication codes, and key exchange methods like Diffie-Hellman.
- The role of public key infrastructure and certificates in authenticating public keys.
- Attacks on cryptographic algorithms and their implementations are also briefly discussed.
This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography help achieve them.
- Symmetric cryptography algorithms like DES, Triple DES, and AES along with modes of operation like CBC.
- Asymmetric cryptography including key exchange with Diffie-Hellman and digital signatures with RSA and ECC.
- Cryptographic hash functions like SHA and their properties. Message authentication codes (MACs) that provide integrity.
- Public key infrastructure with certificates and how they establish authenticity of public keys.
- Attacks on algorithms, implementations, and protocols and the need for unpredictable
This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography help achieve them.
- Symmetric cryptography algorithms like DES, Triple DES, and AES and how they operate using symmetric keys for encryption and decryption.
- Cryptographic hashing and message authentication codes (MACs) and how they provide integrity and authentication.
- Asymmetric (public key) cryptography like RSA and ECC using key pairs for encryption, signatures, and key exchange without pre-shared secrets.
- Key exchange methods like Diffie-Hellman and how public key infrastructure (PKI) uses digital
This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography, hashes, signatures, and MACs address them.
- Symmetric block ciphers like DES and AES including modes of operation like CBC.
- Asymmetric cryptography concepts like key exchange using Diffie-Hellman and digital signatures using RSA.
- Cryptographic hash functions like SHA and their properties.
- Public key infrastructure concepts like certificates and how they establish authenticity of public keys.
This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography help achieve them.
- Symmetric cryptography algorithms like DES, Triple DES, and AES and how they operate using symmetric keys for encryption and decryption.
- Cryptographic hashing and message authentication codes (MACs) and how they provide integrity and authentication.
- Asymmetric (public key) cryptography like RSA and ECC using key pairs for encryption, signatures, and key exchange without pre-shared secrets.
- Key exchange methods like Diffie-Hellman and how public key infrastructure (PKI) uses digital
This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography help achieve them.
- Symmetric cryptography algorithms like DES, Triple DES, and AES and how they operate using symmetric keys for encryption and decryption.
- Cryptographic hashing and message authentication codes (MACs) and how they provide integrity and authentication.
- Asymmetric (public key) cryptography like RSA and ECC using key pairs for encryption, signatures, and key exchange without pre-shared secrets.
- Key exchange methods like Diffie-Hellman and how public key infrastructure (PKI) uses digital
Symmetric encryption suffers from several key distribution and management problems in modern distributed communication environments. Asymmetric encryption solves these issues by using public/private key pairs, allowing anyone to encrypt messages using the public key but only the private key holder can decrypt. Digital signatures, key certification through public key infrastructure (PKI), and hash functions are important applications of asymmetric cryptography.
The document discusses public key encryption and digital signatures. It begins with an overview of public key encryption, including how each party has a public and private key pair. The document then covers the history of public key cryptography and some common public key encryption algorithms like RSA and ElGamal. It provides details on how the RSA algorithm works for both encryption and digital signatures. Finally, it discusses how digital signatures provide authentication, data integrity, and non-repudiation.
Module 6
Advanced Networking
Security problems with internet architecture, Introduction to Software defined networking, Working of SDN, SDN in data centre, SDN applications, Data centre networking, IoT.
This document discusses common cryptography pitfalls and failures. It begins by explaining that while cryptography is widely used, it is easy to misimplement. It then discusses failures with hashing functions, encryption models like symmetric and asymmetric, modes of operation like ECB and CBC, and real-world cases like Adobe's private key leakage. The document also covers password storage best practices, public-key cryptosystems like RSA and optimal asymmetric encryption padding, and the performance costs of cryptography. It emphasizes that one should avoid rolling their own crypto algorithms or implementations and instead use established libraries.
Low power architecture of logic gates using adiabatic techniquesnooriasukmaningtyas
The growing significance of portable systems to limit power consumption in ultra-large-scale-integration chips of very high density, has recently led to rapid and inventive progresses in low-power design. The most effective technique is adiabatic logic circuit design in energy-efficient hardware. This paper presents two adiabatic approaches for the design of low power circuits, modified positive feedback adiabatic logic (modified PFAL) and the other is direct current diode based positive feedback adiabatic logic (DC-DB PFAL). Logic gates are the preliminary components in any digital circuit design. By improving the performance of basic gates, one can improvise the whole system performance. In this paper proposed circuit design of the low power architecture of OR/NOR, AND/NAND, and XOR/XNOR gates are presented using the said approaches and their results are analyzed for powerdissipation, delay, power-delay-product and rise time and compared with the other adiabatic techniques along with the conventional complementary metal oxide semiconductor (CMOS) designs reported in the literature. It has been found that the designs with DC-DB PFAL technique outperform with the percentage improvement of 65% for NOR gate and 7% for NAND gate and 34% for XNOR gate over the modified PFAL techniques at 10 MHz respectively.
The document discusses cryptographic hash functions, including an overview of their usage, properties, structures, attacks, and the need for a new secure hash standard. It describes how hash functions work by condensing arbitrary messages into fixed-size message digests. The properties of preimage resistance, second preimage resistance, and collision resistance are explained. Common hashing algorithms like MD5, SHA-1, and SHA-2 are outlined along with vulnerabilities like birthday attacks. The document concludes by noting the need to replace standards like MD5 and SHA-1 due to successful cryptanalysis attacks.
This document discusses cryptographic hash functions. It provides an overview of hash functions and their properties like producing a fixed-length digest from an arbitrary-length message. Common hash functions like MD5, SHA-1, and SHA-2 are described along with attacks against them. The need for a new secure hash standard, SHA-3, is explained due to weaknesses found in earlier standards like MD5 and SHA-1. The timeline and process for the SHA-3 competition to select a new standard by 2012 is summarized.
The document discusses cryptographic hash functions, including an overview of their usage, properties, structures, attacks, and the need for a new secure hash standard. Hash functions take an arbitrary-length message and condense it to a fixed length digest. They are used for applications like file integrity verification, password storage, and digital signatures. Key properties include producing fixed length outputs, and being preimage, second preimage, and collision resistant. Common hash functions like MD5 and SHA-1 have been broken or are becoming vulnerable to attacks. This highlights the need for a new secure hash standard with stronger security.
This document discusses cryptographic hash functions. It provides an overview of hash functions and their properties like producing a fixed-length digest from an arbitrary-length message. Common hash functions like MD5, SHA-1, and SHA-2 are described along with attacks against them. The need for a new secure hash standard, SHA-3, is explained due to weaknesses found in earlier standards like MD5 and SHA-1. The timeline and process for the SHA-3 competition to select a new standard by 2012 is summarized.
The document discusses cryptographic hash functions, including an overview of their usage, properties, structures, attacks, and the development of standards. Hash functions take an arbitrary-length message and generate a fixed-length digest. They are used for applications like file integrity verification, password storage, and digital signatures. Key properties include producing the same hash for identical messages, being preimage and second preimage resistant, and collision resistant. Common hash functions include MD5, SHA-1, SHA-2, and RIPEMD, with NIST developing new standards like SHA-3 due to attacks on older functions.
The document discusses cryptographic hash functions, including an overview of their usage, properties, structures, attacks, and the development of standards. Hash functions take an arbitrary-length message and generate a fixed-length digest. They are used for applications like file integrity verification, password storage, and digital signatures. Key properties include producing the same hash for identical messages, and being preimage and collision resistant. Common hash functions are based on the Merkle-Damgard structure and use compression functions. Attacks like birthday attacks aim to find collisions by processing many messages. Due to attacks on MD5 and concerns about SHA-1, NIST is developing a new secure hash standard called SHA-3.
The document discusses cryptographic hash functions, including an overview of their usage, properties, structures, attacks, and the need for a new secure hash standard. Hash functions take an arbitrary-length message and condense it to a fixed length digest. They are used for applications like file integrity verification, password storage, and digital signatures. Key properties include producing fixed length outputs, being preimage resistant (one-way), and collision resistant. Common hash functions like MD5 and SHA-1 have been broken or shown to be vulnerable to attacks. This highlights the need for a new secure hash standard with stronger security.
This document provides a summary of public key encryption and digital signatures. It begins by reviewing symmetric cryptography and its limitations in key distribution. It then introduces public key encryption, where each party has a public and private key pair. The document outlines the RSA algorithm and how it uses large prime number factorization problems to encrypt and decrypt messages. It also discusses how digital signatures can provide authentication, integrity, and non-repudiation for electronic messages and contracts using public key techniques like RSA.
This document discusses hash functions and their analysis for a network security seminar. It begins by defining a hash function as a mathematical function that converts a large amount of data into a small string of integers. Common applications of hash functions include hash tables for quickly searching data, eliminating data redundancy, caches, bloom filters, and pattern matching. Cryptographic hash functions have properties like preimage and second preimage resistance as well as collision resistance. Popular cryptographic hash functions discussed include MD2, MD4, MD5, SHA-1, and SHA-2, along with their advantages, limitations, and examples of attacks.
This document provides an introduction to security and cryptography. It begins with an overview of security goals like confidentiality, authenticity, integrity, and non-repudiation. It then discusses symmetric cryptography algorithms like DES and AES, and how they provide confidentiality. Asymmetric cryptography algorithms like RSA and ECC are introduced for providing authentication, non-repudiation through digital signatures, and facilitating key exchange. Hash functions are described for providing integrity and digital signatures. Modes of operation for block ciphers like CBC are covered. Popular algorithms and their application to security goals are summarized.
This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography help achieve them.
- Symmetric cryptography algorithms like DES, Triple DES, and AES as well as modes of operation like CBC.
- Asymmetric cryptography concepts like public/private key pairs, digital signatures, and how RSA works.
- Other cryptographic tools like hash functions, message authentication codes, and key exchange methods like Diffie-Hellman.
- The role of public key infrastructure and certificates in authenticating public keys.
- Attacks on cryptographic algorithms and their implementations are also briefly discussed.
This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography help achieve them.
- Symmetric cryptography algorithms like DES, Triple DES, and AES along with modes of operation like CBC.
- Asymmetric cryptography including key exchange with Diffie-Hellman and digital signatures with RSA and ECC.
- Cryptographic hash functions like SHA and their properties. Message authentication codes (MACs) that provide integrity.
- Public key infrastructure with certificates and how they establish authenticity of public keys.
- Attacks on algorithms, implementations, and protocols and the need for unpredictable
This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography help achieve them.
- Symmetric cryptography algorithms like DES, Triple DES, and AES and how they operate using symmetric keys for encryption and decryption.
- Cryptographic hashing and message authentication codes (MACs) and how they provide integrity and authentication.
- Asymmetric (public key) cryptography like RSA and ECC using key pairs for encryption, signatures, and key exchange without pre-shared secrets.
- Key exchange methods like Diffie-Hellman and how public key infrastructure (PKI) uses digital
This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography, hashes, signatures, and MACs address them.
- Symmetric block ciphers like DES and AES including modes of operation like CBC.
- Asymmetric cryptography concepts like key exchange using Diffie-Hellman and digital signatures using RSA.
- Cryptographic hash functions like SHA and their properties.
- Public key infrastructure concepts like certificates and how they establish authenticity of public keys.
This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography help achieve them.
- Symmetric cryptography algorithms like DES, Triple DES, and AES and how they operate using symmetric keys for encryption and decryption.
- Cryptographic hashing and message authentication codes (MACs) and how they provide integrity and authentication.
- Asymmetric (public key) cryptography like RSA and ECC using key pairs for encryption, signatures, and key exchange without pre-shared secrets.
- Key exchange methods like Diffie-Hellman and how public key infrastructure (PKI) uses digital
This document provides an overview of security and cryptography topics including:
- The basics of security including confidentiality, authenticity, integrity, and non-repudiation goals and how symmetric and asymmetric cryptography help achieve them.
- Symmetric cryptography algorithms like DES, Triple DES, and AES and how they operate using symmetric keys for encryption and decryption.
- Cryptographic hashing and message authentication codes (MACs) and how they provide integrity and authentication.
- Asymmetric (public key) cryptography like RSA and ECC using key pairs for encryption, signatures, and key exchange without pre-shared secrets.
- Key exchange methods like Diffie-Hellman and how public key infrastructure (PKI) uses digital
Symmetric encryption suffers from several key distribution and management problems in modern distributed communication environments. Asymmetric encryption solves these issues by using public/private key pairs, allowing anyone to encrypt messages using the public key but only the private key holder can decrypt. Digital signatures, key certification through public key infrastructure (PKI), and hash functions are important applications of asymmetric cryptography.
The document discusses public key encryption and digital signatures. It begins with an overview of public key encryption, including how each party has a public and private key pair. The document then covers the history of public key cryptography and some common public key encryption algorithms like RSA and ElGamal. It provides details on how the RSA algorithm works for both encryption and digital signatures. Finally, it discusses how digital signatures provide authentication, data integrity, and non-repudiation.
Module 6
Advanced Networking
Security problems with internet architecture, Introduction to Software defined networking, Working of SDN, SDN in data centre, SDN applications, Data centre networking, IoT.
This document discusses common cryptography pitfalls and failures. It begins by explaining that while cryptography is widely used, it is easy to misimplement. It then discusses failures with hashing functions, encryption models like symmetric and asymmetric, modes of operation like ECB and CBC, and real-world cases like Adobe's private key leakage. The document also covers password storage best practices, public-key cryptosystems like RSA and optimal asymmetric encryption padding, and the performance costs of cryptography. It emphasizes that one should avoid rolling their own crypto algorithms or implementations and instead use established libraries.
Low power architecture of logic gates using adiabatic techniquesnooriasukmaningtyas
The growing significance of portable systems to limit power consumption in ultra-large-scale-integration chips of very high density, has recently led to rapid and inventive progresses in low-power design. The most effective technique is adiabatic logic circuit design in energy-efficient hardware. This paper presents two adiabatic approaches for the design of low power circuits, modified positive feedback adiabatic logic (modified PFAL) and the other is direct current diode based positive feedback adiabatic logic (DC-DB PFAL). Logic gates are the preliminary components in any digital circuit design. By improving the performance of basic gates, one can improvise the whole system performance. In this paper proposed circuit design of the low power architecture of OR/NOR, AND/NAND, and XOR/XNOR gates are presented using the said approaches and their results are analyzed for powerdissipation, delay, power-delay-product and rise time and compared with the other adiabatic techniques along with the conventional complementary metal oxide semiconductor (CMOS) designs reported in the literature. It has been found that the designs with DC-DB PFAL technique outperform with the percentage improvement of 65% for NOR gate and 7% for NAND gate and 34% for XNOR gate over the modified PFAL techniques at 10 MHz respectively.
Using recycled concrete aggregates (RCA) for pavements is crucial to achieving sustainability. Implementing RCA for new pavement can minimize carbon footprint, conserve natural resources, reduce harmful emissions, and lower life cycle costs. Compared to natural aggregate (NA), RCA pavement has fewer comprehensive studies and sustainability assessments.
A review on techniques and modelling methodologies used for checking electrom...nooriasukmaningtyas
The proper function of the integrated circuit (IC) in an inhibiting electromagnetic environment has always been a serious concern throughout the decades of revolution in the world of electronics, from disjunct devices to today’s integrated circuit technology, where billions of transistors are combined on a single chip. The automotive industry and smart vehicles in particular, are confronting design issues such as being prone to electromagnetic interference (EMI). Electronic control devices calculate incorrect outputs because of EMI and sensors give misleading values which can prove fatal in case of automotives. In this paper, the authors have non exhaustively tried to review research work concerned with the investigation of EMI in ICs and prediction of this EMI using various modelling methodologies and measurement setups.
Adaptive synchronous sliding control for a robot manipulator based on neural ...IJECEIAES
Robot manipulators have become important equipment in production lines, medical fields, and transportation. Improving the quality of trajectory tracking for
robot hands is always an attractive topic in the research community. This is a
challenging problem because robot manipulators are complex nonlinear systems
and are often subject to fluctuations in loads and external disturbances. This
article proposes an adaptive synchronous sliding control scheme to improve trajectory tracking performance for a robot manipulator. The proposed controller
ensures that the positions of the joints track the desired trajectory, synchronize
the errors, and significantly reduces chattering. First, the synchronous tracking
errors and synchronous sliding surfaces are presented. Second, the synchronous
tracking error dynamics are determined. Third, a robust adaptive control law is
designed,the unknown components of the model are estimated online by the neural network, and the parameters of the switching elements are selected by fuzzy
logic. The built algorithm ensures that the tracking and approximation errors
are ultimately uniformly bounded (UUB). Finally, the effectiveness of the constructed algorithm is demonstrated through simulation and experimental results.
Simulation and experimental results show that the proposed controller is effective with small synchronous tracking errors, and the chattering phenomenon is
significantly reduced.
Introduction- e - waste – definition - sources of e-waste– hazardous substances in e-waste - effects of e-waste on environment and human health- need for e-waste management– e-waste handling rules - waste minimization techniques for managing e-waste – recycling of e-waste - disposal treatment methods of e- waste – mechanism of extraction of precious metal from leaching solution-global Scenario of E-waste – E-waste in India- case studies.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
6th International Conference on Machine Learning & Applications (CMLA 2024)ClaraZara1
6th International Conference on Machine Learning & Applications (CMLA 2024) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of on Machine Learning & Applications.
Understanding Inductive Bias in Machine LearningSUTEJAS
This presentation explores the concept of inductive bias in machine learning. It explains how algorithms come with built-in assumptions and preferences that guide the learning process. You'll learn about the different types of inductive bias and how they can impact the performance and generalizability of machine learning models.
The presentation also covers the positive and negative aspects of inductive bias, along with strategies for mitigating potential drawbacks. We'll explore examples of how bias manifests in algorithms like neural networks and decision trees.
By understanding inductive bias, you can gain valuable insights into how machine learning models work and make informed decisions when building and deploying them.
1. Cryptographic Hash Functions
and their many applications
Shai Halevi – IBM Research
USENIX Security – August 2009
Thanks to Charanjit Jutla and Hugo Krawczyk
2. What are hash functions?
Just a method of compressing strings
– E.g., H : {0,1}* {0,1}160
– Input is called “message”, output is “digest”
Why would you want to do this?
– Short, fixed-size better than long, variable-size
True also for non-crypto hash functions
– Digest can be added for redundancy
– Digest hides possible structure in message
3. Typically using Merkle-Damgård iteration:
1. Start from a “compression function”
– h: {0,1}b+n{0,1}n
2. Iterate it
How are they built?
h
c =160 bits
|M|=b=512 bits
d=h(c,M)=160 bits
h h h h
…
M1 M2 ML-1 ML
IV=d0
d1 d2 dL-1 dL
d=H(M)
But not
always…
4. What are they good for?
“Request for Candidate Algorithm Nominations”,
-- NIST, November 2007
“Modern, collision resistant hash functions were designed to create
small, fixed size message digests so that a digest could act as a
proxy for a possibly very large variable length message in a digital
signature algorithm, such as RSA or DSA. These hash functions
have since been widely used for many other “ancillary” applications,
including hash-based message authentication codes, pseudo
random number generators, and key derivation functions.”
5. Some examples
Signatures: sign(M) = RSA-1( H(M) )
Message-authentication: tag=H(key,M)
Commitment: commit(M) = H(M,…)
Key derivation: AES-key = H(DH-value)
Removing interaction [Fiat-Shamir, 1987]
– Take interactive identification protocol
– Replace one side by a hash function
Challenge = H(smthng, context)
– Get non-interactive signature scheme
smthng
challenge
response
A B
smthng, response
7. Random functions
What we really want is H that behaves
“just like a random function”:
Digest d=H(M) chosen uniformly for each M
– Digest d=H(M) has no correlation with M
– For distinct M1,M2,…, digests di=H(Mi) are
completely uncorrelated to each other
– Cannot find collisions, or even near-collisions
– Cannot find M to “hit” a specific d
– Cannot find fixed-points (d = H(d))
– etc.
8. The “Random-Oracle paradigm”
1. Pretend hash function is really this good
2. Design a secure cryptosystem using it
Prove security relative to a “random oracle”
[Bellare-Rogaway, 1993]
9. The “Random-Oracle paradigm”
[Bellare-Rogaway, 1993]
1. Pretend hash function is really this good
2. Design a secure cryptosystem using it
Prove security relative to a “random oracle”
3. Replace oracle with a hash function
Hope that it remains secure
10. The “Random-Oracle paradigm”
1. Pretend hash function is really this good
2. Design a secure cryptosystem using it
Prove security relative to a “random oracle”
3. Replace oracle with a hash function
Hope that it remains secure
Very successful paradigm, many schemes
– E.g., OAEP encryption, FDH,PSS signatures
Also all the examples from before…
– Schemes seem to “withstand test of time”
[Bellare-Rogaway, 1993]
11. Random oracles: rationale
S is some crypto scheme (e.g., signatures),
that uses a hash function H
S proven secure when H is random function
Any attack on real-world S must use
some “nonrandom property” of H
We should have chosen a better H
– without that “nonrandom property”
Caveat: how do we know what “nonrandom
properties” are important?
12. This rationale isn’t sound
Exist signature schemes that are:
1. Provably secure wrt a random function
2. Easily broken for EVERY hash function
Idea: hash functions are computable
– This is a “nonrandom property” by itself
Exhibit a scheme which is secure only
for “non-computable H’s”
– Scheme is (very) “contrived”
[Canetti-Goldreich-H 1997]
13. Contrived example
Start from any secure signature scheme
– Denote signature algorithm by SIG1H(key,msg)
Change SIG1 to SIG2 as follows:
SIG2H(key,msg): interprate msg as code P
– If P(i)=H(i) for i=1,2,3,…,|msg|, then output key
– Else output the same as SIG1H(key,msg)
If H is random, always the “Else” case
If H is a hash function, attempting to sign
the code of H outputs the secret key
Some
Technicalities
14. Cautionary note
ROM proofs may not mean what you think…
– Still they give valuable assurance, rule out
“almost all realistic attacks”
What “nonrandom properties” are important
for OAEP / FDH / PSS / …?
How would these scheme be affected by a
weakness in the hash function in use?
ROM may lead to careless implementation
15. Merkle-Damgård vs. random functions
Recall: we often construct our hash functions
from compression functions
– Even if compression is random, hash is not
E.g., H(key|M) subject to extension attack
– H(key | M|M’) = h( H(key|M), M’)
– Minor changes to MD fix this
But they come with a price (e.g. prefix-free encoding)
Compression also built from low-level blocks
– E.g., Davies-Meyer construction,
h(c,M)=EM(c)c
– Provide yet more structure, can lead to attacks
on provable ROM schemes [H-Krawczyk 2007]
h h h h
…
17. Using “imperfect” hash functions
Applications should rely only on “specific
security properties” of hash functions
– Try to make these properties as “standard” and
as weak as possible
Increases the odds of long-term security
– When weaknesses are found in hash function,
application more likely to survive
– E.g., MD5 is badly broken, but HMAC-MD5 is
barely scratched
18. Security requirements
Deterministic hashing
– Attacker chooses M, d=H(M)
Hashing with a random salt
– Attacker chooses M, then good guy
chooses public salt, d=H(salt,M)
Hashing random messages
– M random, d=H(M)
Hashing with a secret key
– Attacker chooses M, d=H(key,M)
Stronger
Weaker
19. Deterministic hashing
Collision Resistance
– Attacker cannot find M,M’ such that H(M)=H(M’)
Also many other properties
– Hard to find fixed-points, near-collisions,
M s.t. H(M) has low Hamming weight, etc.
20. Hashing with public salt
Target-Collision-Resistance (TCR)
– Attacker chooses M, then given random salt,
cannot find M’ such that H(salt,M)=H(salt,M’)
enhanced TRC (eTCR)
– Attacker chooses M, then given random salt,
cannot find M’,salt’ s.t. H(salt,M)=H(salt’,M’)
21. Hashing random messages
Second Preimage Resistance
– Given random M, attacker cannot find M’
such that H(M)=H(M’)
One-wayness
– Given d=H(M) for random M, attacker cannot
find M’ such that H(M’)=d
Extraction*
– For random salt, high-entropy M, the digest
d=H(salt,M) is close to being uniform
* Combinatorial, not cryptographic
22. Hashing with a secret key
Pseudo-Random Functions
– The mapping MH(key,M) for secret key
looks random to an attacker
Universal hashing*
– For all MM’, Prkey[ H(key,M)=H(key,M’) ]<e
* Combinatorial, not cryptographic
23. Application 1:
Digital signatures
Hash-then-sign paradigm
– First shorten the message, d = H(M)
– Then sign the digest, s = SIGN(d)
Relies on collision resistance
– If H(M)=H(M’) then s is a signature on both
Attacks on MD5, SHA-1 threaten current
signatures
– MD5 attacks can be used to get bad CA cert
[Stevens et al. 2009]
24. Collision resistance is hard
Attacker works off-line (find M,M’)
– Can use state-of-the-art cryptanalysis, as much
computation power as it can gather, without
being detected !!
Helped by birthday attack (e.g., 280 vs 2160)
Well worth the effort
– One collision forgery for any signer
25. Use randomized hashing
– To sign M, first choose fresh random salt
– Set d= H(salt, M), s= SIGN( salt || d )
Attack scenario (collision game):
– Attacker chooses M, M’
– Signer chooses random salt
– Attacker must find M' s.t. H(salt,M) = H(salt,M')
Attack is inherently on-line
– Only rely on target collision resistance
Signatures without CRHF
[Naor-Yung 1989, Bellare-Rogaway 1997]
same salt (since salt
is explicitly signed)
26. TCR hashing for signatures
Not every randomization works
– H(M|salt) may be subject to collision attacks
when H is Merkle-Damgård
– Yet this is what PSS does (and it’s provable in the ROM)
Many constructions “in principle”
– From any one-way function
Some engineering challenges
– Most constructions use long/variable-size randomness,
don’t preserve Merkle-Damgård
Also, signing salt means changing the underlying
signature schemes
27. Use “stronger randomized hashing”, eTCR
– To sign M, first choose fresh random salt
– Set d = H(salt, M), s = SIGN( d )
Attack scenario (collision game):
– Attacker chooses M
– Signer chooses random salt
– Attacker needs M‘,salt’ s.t. H(salt,M)=H(salt',M')
Attack is still inherently on-line
[H-Krawczyk 2006]
attacker can use
different salt’
Signatures with enhanced TCR
28. Randomized hashing with RMX
Use simple message-randomization
– RMX: M=(M1,M2,…,ML), r
(r, M1r,M2r,…,MLr)
Hash( RMX(r,M) ) is eTCR when:
– Hash is Merkle-Damgård, and
– Compression function is ~ 2nd-preimage-resistant
Signature: [ r, SIGN( Hash( RMX(r,M) )) ]
– r fresh per signature, one block (e.g. 512 bits)
– No change in Hash, no signing of r
[H-Krawczyk 2006]
30. Application 2:
Message authentication
Sender, Receiver, share a secret key
Compute an authentication tag
– tag = MAC(key, M)
Sender sends (M, tag)
Receiver verifies that tag matches M
Attacker cannot forge tags without key
31. Authentication with HMAC
Simple key-prepend/append have problems
when used with a Merkle-Damgård hash
– tag=H(key | M) subject to extension attacks
– tag=H(M | key) relies on collision resistance
HMAC: Compute tag = H(key | H(key | M))
– About as fast as key-prepend for a MD hash
Relies only on PRF quality of hash
– MH(key|M) looks random when key is secret
[Bellare-Canetti-Krawczyk 1996]
32. Authentication with HMAC
Simple key-prepend/append have problems
when used with a Merkle-Damgård hash
– tag=H(key | M) subject to extension attacks
– tag=H(M | key) relies on collision resistance
HMAC: Compute tag = H(key | H(key | M))
– About as fast as key-prepend for a MD hash
Relies only on PRF property of hash
– MH(key|M) looks random when key is secret
[Bellare-Canetti-Krawczyk 1996]
As a result, barely
affected by collision
attacks on
MD5/SHA1
33. Carter-Wegman authentication
Compress message with hash, t=H(key1,M)
Hide t using a PRF, tag =
tPRF(key2,nonce)
– PRF can be AES, HMAC, RC4, etc.
– Only applied to a short nonce, typically not a
performance bottleneck
Secure if the PRF is good, H is “universal”
– For MM’,D, Prkey[ H(key,M)H(key,M’)=D ]<e)
– Not cryptographic, can be very fast
[Wegman-Carter 1981,…]
34. Fast Universal Hashing
“Universality” is combinatorial, provable
no need for “security margins” in design
Many works on fast implementations
From inner-product, Hk1,k2(M1,M2)=(K1+M1)·(K2+M2)
[H-Krawczyk’97, Black et al.’99, …]
From polynomial evaluation Hk(M1,…,ML)=Si Mi ki
[Krawczyk’94, Shoup’96, Bernstein’05, McGrew-
Viega’06,…]
As fast as 2-3 cycle-per-byte (for long M’s)
– Software implementation, contemporary CPUs
35. Part III:
Designing a hash function
Fugue: IBM’s candidate for the
NIST hash competition
36. Design a compression function?
PROs: modular design, reduce to the “simpler
problem” of compressing fixed-length strings
– Many things are known about transforming
compression into hash
CONs: compressionhash has its problems
– It’s not free (e.g. message encoding)
– Some attacks based on the MD structure
Extension attacks ( rely on H(x|y)=h(H(x),y) )
“Birthday attacks” (herding, multicollisions, …)
h h h
…
h
37. Find many off-line collisions
– “Tree structure” with ~2n/3 di,j’s
– Takes ~ 22n/3 time
Publish final d
Then for any prefix P
– Find “linking block” L s.t. H(P|L) in the tree
– Takes ~ 22n/3 time
– Read off the tree the suffix S to get to d
Show an extension of P s.t. H(P|L|S) = d
Example attack: herding
[Kelsey-Kohno 2006]
h
h
h
h
d2,1 h
h
d
M1,1
M1,2
M1,3
M1,4
M2,1
M2,2
d1,1
d1,2
d1,3
d1,4
d2,2
38. The culprit: small intermediate state
With a compression function, we:
– Work hard on current message block
– Throw away this work, keep only n-bit state
Alternative: keep a large state
– Work hard on current message block/word
– Update some part of the big state
More flexible approach
– Also more opportunities to mess things up
39. The hash function Grindahl
State is 13 words = 52 bytes
Process one 4-byte word at a time
– One AES-like mixing step per word of input
After some final processing, output 8 words
Collision attack by Peyrin (2007)
– Complexity ~ 2112 (still better than brute-force)
Recently improved to ~ 2100 [Khovratovich 2009]
– “Start from a collision and go backwards”
[Knudsen-Rechberger-Thomsen 2007]
40. The hash function “Fugue”
Proof-driven design
– Designed to enable analysis
Proofs that Peyrin-style attacks do not work
State of 30 4-byte words = 120 bytes
Two “super-mixing” rounds per word of input
– Each applied to only 16 bytes of the state
– With some extra linear diffusion
Super-mixing is AES-like
– But uses stronger MDS codes
[H-Hall-Jutla 2008]
41. Initial State (30 words)
Process
New State
M1
Mi
Final Processing
Output 8 words = 256 bits
Iterate
State
Fugue-256
42. Initial State (30 words)
Process
New State
DM1
DMi
Final Processing
D = 0
Iterate
State
Collision attacks
D State = 0? D State = 0
Internal collision
D State 0
External collision
Collision
means that
DMi’s are
not all zero
Think of M1, …,ML
and M’1,…,M’L
43. Initial State (30 words)
Process
New State
Final Stage
Iterate
State
Process
M1
SMIX
M1
Repeat 2-4 once more
Processing one input word
1. Input one word
2. Shift 3 columns to right
3. XOR into columns 1-3
4. “super-mix” operation
on columns 1-4
This is
where the
crypto
happens
44. SMIX in Fugue
Similar to one AES round
– Works on a 4x4 matrix of bytes
– Starts with S-box substitution
Byte b, S[256] = {...};
...
b = S[b];
– Does linear mixing
Stronger mixing than AES
– Diagonal bytes as in AES
– Other bytes are mixed into both column and row
45. SMIX in Fugue
In algebraic notation:
M generates a good linear code
– If all the bi’ bytes but 4 are zero
then 13 of the S[bi] bytes must be nonzero
– And other such properties
b16
= M16x16
b2
b1
'
M
'
'
S[b2]
S[b1]
M
S[b16]
46. Analyzing internal collisions*
SMIX
D
After last input word: DState=0
before input word: D10
4 nonzero byte diffs
before SMIX: D1-40
still D1-40
now D28-10 3 columns
* a bit oversimplified
47.
Analyzing internal collisions*
SMIX
D
after input word: DState=0
before input word: D10
before SMIX: D1-40
still D1-40
now D28-10 3 columns
SMIX
D28-40
D28-40
3 columns
D25-10
4 nonzero byte diffs
* a bit oversimplified
48.
Analyzing internal collisions*
SMIX
D
after input word: DState=0
before input word: D10
before SMIX: D1-40
still D1-40
now D28-10 3 columns
SMIX
D28-40
D28-40
3 columns
D25-10
D’
before input: D1=?, D25-300
* a bit oversimplified
51. Analyzing internal collisions
What does this mean? Consider this attack:
– Attacker feeds in random M1,M2,… and M’1,M’2,…
– Until StateL State’L = some “good D”
– Then it searches for suffixed (ML+1,…,ML+4),
(M’L+1,…,M’L+4) that will induce internal collision
Theorem*: For any fixed D,
Pr[ suffixes that induce collision ] < 2-150
* Relies on a very mild independence assumptions
52. Analyzing internal collisions
Why do we care about this analysis?
Peyrin’s attacks are of this type
All differential attacks can be seen as
(optimizations of) this attack
– Entities that are not controlled by attack are
always presumed random
A known “collision trace” is as close as we
can get to understanding collision resistance
53. Fugue: concluding remarks
Similar analysis also for external collisions
– “Unusually thorough” level of analysis
Performance comparable to SHA-256
– But more amenable to parallelism
One of 14 submissions that were selected
by NIST to advance to 2nd round of the
SHA3 competition
54. Morals
Hash functions are very useful
We want them to behave “just like random
functions”
– But they don’t really
Applications should be designed to rely on
“as weak as practical” properties of hashing
– E.g., TCR/eTCR rather than collision-resistance
A taste of how a hash function is built