SlideShare a Scribd company logo

Hash functions, digital signatures and hmac

Download as PPT, PDF
S
ssuserec53e73

Hash

Education
1 of 17
CSCI 172/283 Fall 2010 Hash Functions, HMACs, and Digital Signatures
What ciphers do  Encryption ciphers  Provide confidentiality  Eve can’t see what Alice and Bob are saying  Can Eve do anything? Alice Bob Eve ? C= Encrypt(M)
What ciphers don’t do  Suppose Eve can get between Alice and Bob  What if Eve can manipulate the data? Alice Bob Eve M M’ I’ll send Bob M Alice sent me M’ Now for a few changes Eve replaces M with M’ How can Bob tell if Alice’s message was modified?
Hash functions  Map a variable length message to a fixed length message  y = h(x)  If h is a 64-bit hash function, then y always fits in 64 bits  0 ≤ y < 264  Actual hash value may be represented with fewer bits, since 0, 1, etc. are in the output range  Should include leading zeros  Pigeonhole principle  If n+1 pigeons nest in n holes, at least one hole has more than one pigeon  Maybe each hole has one pigeon, except for one that has two
Was the message modified?  Alice sends Bob {C = Encrypt(M), h(M)}  When Bob gets {C, h(M)} , he checks  M’=Decrypt(C)  Bob computes h(M’)  h(M) = h(M’)?  If Eve modifies the message, it probably won’t match  If it does match, assume that it is the message Alice sent
What could go wrong?  Suppose h(x) maps to 1 or 0 with equal probability?  Eve has a 50/50 chance of fooling Bob  Suppose h(x) does not map to the entire range with equal probability  Forget about the encryption for a moment  What could Eve do? Suppose:  Eve can calculate f(h(M)) = M  Eve knows some M’, h(M’) = h(M) Nice try! We need some properties that provide security!
Cryptographic hash functions  When security people talk about hash functions, they mean cryptographic (or secure) hash functions  These should provide  Collision resistance  Difficult to find any M, M’≠ M s.t. h(M) = h(M’)  Preimage resistance  Given h(M), difficult to find M’ s.t. h(M’)=h(M)  Second preimage resistance  Given M, difficult to find M’ s.t. h(M’)=h(M), M’≠M  If a hash function h does not meet these requirements…
But what does it all mean?  If h is secure  Easy to compute in one direction  Very difficult to compute in the other direction  Computationally infeasible  i.e. your grandchildren’s grandchildren’s grandchildren will be long gone before that computation finishes  Very difficult to find two messages that hash to the same value  Can anyone name any?
Secure Hash Algorithm (SHA)  NIST standards  Mandatory in US Government  Adopted globally  SHA (SHA-0) is no good anymore  SHA-1 has attacks and is not recommended  SHA-2 looks good for now  What happens when there’s an attack?  It takes years to create and analyze functions
SHA-3  About halfway through the process of choosing the next SHA family of hash functions  International competition  64 submissions  Round 1: 54  Round 2: 14  Round 3: ~5  And the winner is… ?  Winner gets massive bragging rights  A lot of new design techniques  A lot of new attack techniques
Who can compute a hash?  A hash is a keyless algorithm  Anyone can compute h(x) if they know x  Eve could replace M with M’ and h(M) with h(M’)  The hash matches what Bob computes, so he assumes that Alice sent him M’  How could we stop Eve from doing this?
HMAC  Hash-based Message Authentication Code  Keyed hash  y = HMAC(M, k)  Provides some level of authentication  If only and Alice and Bob know the key and the HMAC is correct, it must have come from one of them  Can make an HMAC algorithm from an unkeyed hash algorithm  Why not just make a keyed hash algorithm?  Import/export restrictions  Keyless algorithms are not restricted
How to key an unkeyed hash  We have hash function h, which processes a message in b-byte blocks  Let k be a key, |k| ≤ b  Pad k with zeros to form k’, |k’| = b  Let ipad be 00110110, repeated b times  Let opad be 01011100, repeated b times  HMAC-h is formed by HMAC-h(k,m) = h(k’  opad || h(k’  ipad || m))
Who sent it?  For HMACs, the key is shared  Fine for some applications  What if instead of knowing if someone who knows the key sent it, we want to know that Alice sent it?
Digital signatures  Use public key cryptography  Recall that only Alice knows Alice’s private key  Alice digitally signs her message, M  Alice computes h(M)  Alice encrypts h(M) using her private key (signing)  Alice sends Bob {M, Enc(h(M), Apriv)}  Bob verifies the message was sent by Alice  Computes y’ = h(M)  Decrypts Enc(h(M), Apriv) with Alice’s public key  y = Dec(Enc(h(M), Apriv), Apub)  Does y’ = y?  If yes, Alice must have sent it
Digital Signatures  Digital signatures provide checks for integrity and origin  Because only Alice knows her private key, it must have been her that sent it  Non-repudiation  Suppose Alice wants to encrypt M so that Eve can’t see it Should she:  Encrypt, then sign  Sign, then encrypt  Does it matter?  Why?
Conclusion by xkcd http://xkcd.com/177/

Recommended

Bitcoin MOOC Lecture 1.pptx
Bitcoin MOOC Lecture 1.pptxBitcoin MOOC Lecture 1.pptx
Bitcoin MOOC Lecture 1.pptxOluseyi Akindeinde
 
1329 n 9460
1329 n 94601329 n 9460
1329 n 9460kicknit123
 
Cryptography
CryptographyCryptography
Cryptographysharmili priyadarsini
 
introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptographyPriyamvada Singh
 
A 2,000-BIT MESSAGE IS USED TO GENERATE A 256-BIT HASH. ONE THE AVERAGE, HOW ...
A 2,000-BIT MESSAGE IS USED TO GENERATE A 256-BIT HASH. ONE THE AVERAGE, HOW ...A 2,000-BIT MESSAGE IS USED TO GENERATE A 256-BIT HASH. ONE THE AVERAGE, HOW ...
A 2,000-BIT MESSAGE IS USED TO GENERATE A 256-BIT HASH. ONE THE AVERAGE, HOW ...SophiaMorgans
 
crypto1.ppt
crypto1.pptcrypto1.ppt
crypto1.ppttommychauhan
 
introduction to cryptography (basics of it)
introduction to cryptography (basics of it)introduction to cryptography (basics of it)
introduction to cryptography (basics of it)neonaveen
 
crypto.ppt
crypto.pptcrypto.ppt
crypto.pptGanesh Chavan
 

Recommended

Bitcoin MOOC Lecture 1.pptx
Bitcoin MOOC Lecture 1.pptxBitcoin MOOC Lecture 1.pptx
Bitcoin MOOC Lecture 1.pptxOluseyi Akindeinde
 
1329 n 9460
1329 n 94601329 n 9460
1329 n 9460kicknit123
 
Cryptography
CryptographyCryptography
Cryptographysharmili priyadarsini
 
introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptographyPriyamvada Singh
 
A 2,000-BIT MESSAGE IS USED TO GENERATE A 256-BIT HASH. ONE THE AVERAGE, HOW ...
A 2,000-BIT MESSAGE IS USED TO GENERATE A 256-BIT HASH. ONE THE AVERAGE, HOW ...A 2,000-BIT MESSAGE IS USED TO GENERATE A 256-BIT HASH. ONE THE AVERAGE, HOW ...
A 2,000-BIT MESSAGE IS USED TO GENERATE A 256-BIT HASH. ONE THE AVERAGE, HOW ...SophiaMorgans
 
crypto1.ppt
crypto1.pptcrypto1.ppt
crypto1.ppttommychauhan
 
introduction to cryptography (basics of it)
introduction to cryptography (basics of it)introduction to cryptography (basics of it)
introduction to cryptography (basics of it)neonaveen
 
crypto.ppt
crypto.pptcrypto.ppt
crypto.pptGanesh Chavan
 
needed.ppt
needed.pptneeded.ppt
needed.pptfaizalkhan673954
 
network security
network security network security
network security SayantanRoy14
 
Crypto2
Crypto2Crypto2
Crypto2phanleson
 
6.hash mac
6.hash mac6.hash mac
6.hash macVirendrakumar Dhotre
 
Hash Techniques in Cryptography
Hash Techniques in CryptographyHash Techniques in Cryptography
Hash Techniques in CryptographyBasudev Saha
 
public-key cryptography Shamir
public-key cryptography Shamirpublic-key cryptography Shamir
public-key cryptography ShamirInformation Security Awareness Group
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptxSurendraBasnet6
 
Computer Network Homework Help
Computer Network Homework HelpComputer Network Homework Help
Computer Network Homework HelpComputer Network Assignment Help
 
Network Security Lec5
Network Security Lec5Network Security Lec5
Network Security Lec5Federal Urdu University
 
Public-Key Protocols
Public-Key ProtocolsPublic-Key Protocols
Public-Key ProtocolsDavid Evans
 
Zero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they workZero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they workAll Things Open
 
A Good Hash Function is Hard to Find, and Vice Versa
A Good Hash Function is Hard to Find, and Vice VersaA Good Hash Function is Hard to Find, and Vice Versa
A Good Hash Function is Hard to Find, and Vice VersaJoshua Holden
 
2.15 Message Authentication Code and Hash Functions.pptx
2.15 Message Authentication Code and Hash Functions.pptx2.15 Message Authentication Code and Hash Functions.pptx
2.15 Message Authentication Code and Hash Functions.pptxgirilogu2
 
Threats in network that can be noted in security
Threats in network that can be noted in securityThreats in network that can be noted in security
Threats in network that can be noted in securityssuserec53e73
 
Lsn21_NumPy in data science using python
Lsn21_NumPy in data science using pythonLsn21_NumPy in data science using python
Lsn21_NumPy in data science using pythonssuserec53e73
 
OpenSecure socket layerin cyber security
OpenSecure socket layerin cyber securityOpenSecure socket layerin cyber security
OpenSecure socket layerin cyber securityssuserec53e73
 
Asian Elephant Adaptations - Chelsea P..pptx
Asian Elephant Adaptations - Chelsea P..pptxAsian Elephant Adaptations - Chelsea P..pptx
Asian Elephant Adaptations - Chelsea P..pptxssuserec53e73
 
Module 10-Introduction to OOP.pptx
Module 10-Introduction to OOP.pptxModule 10-Introduction to OOP.pptx
Module 10-Introduction to OOP.pptxssuserec53e73
 
unit-1-l3.ppt
unit-1-l3.pptunit-1-l3.ppt
unit-1-l3.pptssuserec53e73
 
AI.ppt
AI.pptAI.ppt
AI.pptssuserec53e73
 
50134147-Knowledge-Representation-Using-Rules.ppt
50134147-Knowledge-Representation-Using-Rules.ppt50134147-Knowledge-Representation-Using-Rules.ppt
50134147-Knowledge-Representation-Using-Rules.pptssuserec53e73
 
Dr Jose Reena K.pdf
Dr Jose Reena K.pdfDr Jose Reena K.pdf
Dr Jose Reena K.pdfssuserec53e73
 

More Related Content

Similar to Hash functions, digital signatures and hmac

Hash Techniques in Cryptography
Hash Techniques in CryptographyHash Techniques in Cryptography
Hash Techniques in CryptographyBasudev Saha
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptxSurendraBasnet6
 
Public-Key Protocols
Public-Key ProtocolsPublic-Key Protocols
Public-Key ProtocolsDavid Evans
 
Zero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they workZero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they workAll Things Open
 
A Good Hash Function is Hard to Find, and Vice Versa
A Good Hash Function is Hard to Find, and Vice VersaA Good Hash Function is Hard to Find, and Vice Versa
A Good Hash Function is Hard to Find, and Vice VersaJoshua Holden
 
2.15 Message Authentication Code and Hash Functions.pptx
2.15 Message Authentication Code and Hash Functions.pptx2.15 Message Authentication Code and Hash Functions.pptx
2.15 Message Authentication Code and Hash Functions.pptxgirilogu2
 

Similar to Hash functions, digital signatures and hmac (13)

needed.ppt
needed.pptneeded.ppt
needed.ppt
 
network security
network security network security
network security
 
Crypto2
Crypto2Crypto2
Crypto2
 
6.hash mac
6.hash mac6.hash mac
6.hash mac
 
Hash Techniques in Cryptography
Hash Techniques in CryptographyHash Techniques in Cryptography
Hash Techniques in Cryptography
 
public-key cryptography Shamir
public-key cryptography Shamirpublic-key cryptography Shamir
public-key cryptography Shamir
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
 
Computer Network Homework Help
Computer Network Homework HelpComputer Network Homework Help
Computer Network Homework Help
 
Network Security Lec5
Network Security Lec5Network Security Lec5
Network Security Lec5
 
Public-Key Protocols
Public-Key ProtocolsPublic-Key Protocols
Public-Key Protocols
 
Zero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they workZero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they work
 
A Good Hash Function is Hard to Find, and Vice Versa
A Good Hash Function is Hard to Find, and Vice VersaA Good Hash Function is Hard to Find, and Vice Versa
A Good Hash Function is Hard to Find, and Vice Versa
 
2.15 Message Authentication Code and Hash Functions.pptx
2.15 Message Authentication Code and Hash Functions.pptx2.15 Message Authentication Code and Hash Functions.pptx
2.15 Message Authentication Code and Hash Functions.pptx
 

More from ssuserec53e73

Threats in network that can be noted in security
Threats in network that can be noted in securityThreats in network that can be noted in security
Threats in network that can be noted in securityssuserec53e73
 
Lsn21_NumPy in data science using python
Lsn21_NumPy in data science using pythonLsn21_NumPy in data science using python
Lsn21_NumPy in data science using pythonssuserec53e73
 
OpenSecure socket layerin cyber security
OpenSecure socket layerin cyber securityOpenSecure socket layerin cyber security
OpenSecure socket layerin cyber securityssuserec53e73
 
Asian Elephant Adaptations - Chelsea P..pptx
Asian Elephant Adaptations - Chelsea P..pptxAsian Elephant Adaptations - Chelsea P..pptx
Asian Elephant Adaptations - Chelsea P..pptxssuserec53e73
 
Module 10-Introduction to OOP.pptx
Module 10-Introduction to OOP.pptxModule 10-Introduction to OOP.pptx
Module 10-Introduction to OOP.pptxssuserec53e73
 
50134147-Knowledge-Representation-Using-Rules.ppt
50134147-Knowledge-Representation-Using-Rules.ppt50134147-Knowledge-Representation-Using-Rules.ppt
50134147-Knowledge-Representation-Using-Rules.pptssuserec53e73
 
IoT Reference Architecture.pptx
IoT Reference Architecture.pptxIoT Reference Architecture.pptx
IoT Reference Architecture.pptxssuserec53e73
 
Introduction to measurement.pptx
Introduction to measurement.pptxIntroduction to measurement.pptx
Introduction to measurement.pptxssuserec53e73
 
ML-DecisionTrees.ppt
ML-DecisionTrees.pptML-DecisionTrees.ppt
ML-DecisionTrees.pptssuserec53e73
 

More from ssuserec53e73 (20)

Threats in network that can be noted in security
Threats in network that can be noted in securityThreats in network that can be noted in security
Threats in network that can be noted in security
 
Lsn21_NumPy in data science using python
Lsn21_NumPy in data science using pythonLsn21_NumPy in data science using python
Lsn21_NumPy in data science using python
 
OpenSecure socket layerin cyber security
OpenSecure socket layerin cyber securityOpenSecure socket layerin cyber security
OpenSecure socket layerin cyber security
 
Asian Elephant Adaptations - Chelsea P..pptx
Asian Elephant Adaptations - Chelsea P..pptxAsian Elephant Adaptations - Chelsea P..pptx
Asian Elephant Adaptations - Chelsea P..pptx
 
Module 10-Introduction to OOP.pptx
Module 10-Introduction to OOP.pptxModule 10-Introduction to OOP.pptx
Module 10-Introduction to OOP.pptx
 
unit-1-l3.ppt
unit-1-l3.pptunit-1-l3.ppt
unit-1-l3.ppt
 
AI.ppt
AI.pptAI.ppt
AI.ppt
 
50134147-Knowledge-Representation-Using-Rules.ppt
50134147-Knowledge-Representation-Using-Rules.ppt50134147-Knowledge-Representation-Using-Rules.ppt
50134147-Knowledge-Representation-Using-Rules.ppt
 
Dr Jose Reena K.pdf
Dr Jose Reena K.pdfDr Jose Reena K.pdf
Dr Jose Reena K.pdf
 
Enumeration.pptx
Enumeration.pptxEnumeration.pptx
Enumeration.pptx
 
footscan.PPT
footscan.PPTfootscan.PPT
footscan.PPT
 
UNIT II.pptx
UNIT II.pptxUNIT II.pptx
UNIT II.pptx
 
Unit 1 iot.pptx
Unit 1 iot.pptxUnit 1 iot.pptx
Unit 1 iot.pptx
 
IoT Reference Architecture.pptx
IoT Reference Architecture.pptxIoT Reference Architecture.pptx
IoT Reference Architecture.pptx
 
patent ppt.pptx
patent ppt.pptxpatent ppt.pptx
patent ppt.pptx
 
Introduction to measurement.pptx
Introduction to measurement.pptxIntroduction to measurement.pptx
Introduction to measurement.pptx
 
ML-DecisionTrees.ppt
ML-DecisionTrees.pptML-DecisionTrees.ppt
ML-DecisionTrees.ppt
 
ML_Lecture_7.ppt
ML_Lecture_7.pptML_Lecture_7.ppt
ML_Lecture_7.ppt
 
070308-simmons.ppt
070308-simmons.ppt070308-simmons.ppt
070308-simmons.ppt
 
14_526_topic11.ppt
14_526_topic11.ppt14_526_topic11.ppt
14_526_topic11.ppt
 

Recently uploaded

CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 

Recently uploaded (20)

CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 

Hash functions, digital signatures and hmac

  • 1. CSCI 172/283 Fall 2010 Hash Functions, HMACs, and Digital Signatures
  • 2. What ciphers do  Encryption ciphers  Provide confidentiality  Eve can’t see what Alice and Bob are saying  Can Eve do anything? Alice Bob Eve ? C= Encrypt(M)
  • 3. What ciphers don’t do  Suppose Eve can get between Alice and Bob  What if Eve can manipulate the data? Alice Bob Eve M M’ I’ll send Bob M Alice sent me M’ Now for a few changes Eve replaces M with M’ How can Bob tell if Alice’s message was modified?
  • 4. Hash functions  Map a variable length message to a fixed length message  y = h(x)  If h is a 64-bit hash function, then y always fits in 64 bits  0 ≤ y < 264  Actual hash value may be represented with fewer bits, since 0, 1, etc. are in the output range  Should include leading zeros  Pigeonhole principle  If n+1 pigeons nest in n holes, at least one hole has more than one pigeon  Maybe each hole has one pigeon, except for one that has two
  • 5. Was the message modified?  Alice sends Bob {C = Encrypt(M), h(M)}  When Bob gets {C, h(M)} , he checks  M’=Decrypt(C)  Bob computes h(M’)  h(M) = h(M’)?  If Eve modifies the message, it probably won’t match  If it does match, assume that it is the message Alice sent
  • 6. What could go wrong?  Suppose h(x) maps to 1 or 0 with equal probability?  Eve has a 50/50 chance of fooling Bob  Suppose h(x) does not map to the entire range with equal probability  Forget about the encryption for a moment  What could Eve do? Suppose:  Eve can calculate f(h(M)) = M  Eve knows some M’, h(M’) = h(M) Nice try! We need some properties that provide security!
  • 7. Cryptographic hash functions  When security people talk about hash functions, they mean cryptographic (or secure) hash functions  These should provide  Collision resistance  Difficult to find any M, M’≠ M s.t. h(M) = h(M’)  Preimage resistance  Given h(M), difficult to find M’ s.t. h(M’)=h(M)  Second preimage resistance  Given M, difficult to find M’ s.t. h(M’)=h(M), M’≠M  If a hash function h does not meet these requirements…
  • 8. But what does it all mean?  If h is secure  Easy to compute in one direction  Very difficult to compute in the other direction  Computationally infeasible  i.e. your grandchildren’s grandchildren’s grandchildren will be long gone before that computation finishes  Very difficult to find two messages that hash to the same value  Can anyone name any?
  • 9. Secure Hash Algorithm (SHA)  NIST standards  Mandatory in US Government  Adopted globally  SHA (SHA-0) is no good anymore  SHA-1 has attacks and is not recommended  SHA-2 looks good for now  What happens when there’s an attack?  It takes years to create and analyze functions
  • 10. SHA-3  About halfway through the process of choosing the next SHA family of hash functions  International competition  64 submissions  Round 1: 54  Round 2: 14  Round 3: ~5  And the winner is… ?  Winner gets massive bragging rights  A lot of new design techniques  A lot of new attack techniques
  • 11. Who can compute a hash?  A hash is a keyless algorithm  Anyone can compute h(x) if they know x  Eve could replace M with M’ and h(M) with h(M’)  The hash matches what Bob computes, so he assumes that Alice sent him M’  How could we stop Eve from doing this?
  • 12. HMAC  Hash-based Message Authentication Code  Keyed hash  y = HMAC(M, k)  Provides some level of authentication  If only and Alice and Bob know the key and the HMAC is correct, it must have come from one of them  Can make an HMAC algorithm from an unkeyed hash algorithm  Why not just make a keyed hash algorithm?  Import/export restrictions  Keyless algorithms are not restricted
  • 13. How to key an unkeyed hash  We have hash function h, which processes a message in b-byte blocks  Let k be a key, |k| ≤ b  Pad k with zeros to form k’, |k’| = b  Let ipad be 00110110, repeated b times  Let opad be 01011100, repeated b times  HMAC-h is formed by HMAC-h(k,m) = h(k’  opad || h(k’  ipad || m))
  • 14. Who sent it?  For HMACs, the key is shared  Fine for some applications  What if instead of knowing if someone who knows the key sent it, we want to know that Alice sent it?
  • 15. Digital signatures  Use public key cryptography  Recall that only Alice knows Alice’s private key  Alice digitally signs her message, M  Alice computes h(M)  Alice encrypts h(M) using her private key (signing)  Alice sends Bob {M, Enc(h(M), Apriv)}  Bob verifies the message was sent by Alice  Computes y’ = h(M)  Decrypts Enc(h(M), Apriv) with Alice’s public key  y = Dec(Enc(h(M), Apriv), Apub)  Does y’ = y?  If yes, Alice must have sent it
  • 16. Digital Signatures  Digital signatures provide checks for integrity and origin  Because only Alice knows her private key, it must have been her that sent it  Non-repudiation  Suppose Alice wants to encrypt M so that Eve can’t see it Should she:  Encrypt, then sign  Sign, then encrypt  Does it matter?  Why?