The document discusses hash functions and message authentication codes (MACs). It begins by defining hash functions and MACs, noting that hash functions generate a fingerprint for a message without a key while MACs use a keyed hash function. It then covers security requirements for hash functions like one-wayness and collision resistance. Popular hash functions are described like MD5, SHA-1, and the SHA-2 family. Constructions for hash functions based on block ciphers and iterated hash functions are also outlined. The document concludes by comparing hash functions and MACs and describing commonly used MAC constructions.
Shai Halevi discusses new ways to protect cloud data and security. Presented at "New Techniques for Protecting Cloud Data and Security" organized by the New York Technology Council.
In this paper, we present a complete digital signature message stream, just the way the RSA digital
signature scheme does it. We will focus on the operations with large numbers due to the fact that operating
with large numbers is the essence of RSA that cannot be understood by the usual illustrative examples with
small numbers[1].
Two further methods for obtaining post-quantum security are discussed, namely code-based and isogeny-based cryptography. Topic 1: Revocable Identity-based Encryption from Codes with Rank Metric (will be presented by Dr. Reza Azarderakhsh) Authors: Donghoon Chang; Amit Kumar Chauhan; Sandeep Kumar; Somitra Kumar Sanadhya Topic 2: An Exposure Model for Supersingular Isogeny Diffie-Hellman Key Exchange Authors: Brian Koziel; Reza Azarderakhsh; David Jao
(Source: RSA Conference USA 2018)
Shai Halevi discusses new ways to protect cloud data and security. Presented at "New Techniques for Protecting Cloud Data and Security" organized by the New York Technology Council.
In this paper, we present a complete digital signature message stream, just the way the RSA digital
signature scheme does it. We will focus on the operations with large numbers due to the fact that operating
with large numbers is the essence of RSA that cannot be understood by the usual illustrative examples with
small numbers[1].
Two further methods for obtaining post-quantum security are discussed, namely code-based and isogeny-based cryptography. Topic 1: Revocable Identity-based Encryption from Codes with Rank Metric (will be presented by Dr. Reza Azarderakhsh) Authors: Donghoon Chang; Amit Kumar Chauhan; Sandeep Kumar; Somitra Kumar Sanadhya Topic 2: An Exposure Model for Supersingular Isogeny Diffie-Hellman Key Exchange Authors: Brian Koziel; Reza Azarderakhsh; David Jao
(Source: RSA Conference USA 2018)
Key Topics are ....
Number Theory
Public key encryption
Modular Arithmetic
Euclid’s Algorithm
Chinese Remainder Theorem
Euler's Theorem
Fermat's Theorem
RSA Public Key Encryption
Convolution codes - Coding/Decoding Tree codes and Trellis codes for multiple...Madhumita Tamhane
In contrast to block codes, Convolution coding scheme has an information frame together with previous m information frames encoded into a single code word frame, hence coupling successive code word frames. Convolution codes are most important Tree codes that satisfy certain additional linearity and time invariance properties. Decoding procedure is mainly devoted to correcting errors in first frame. The effect of these information symbols on subsequent code word frames can be computed and subtracted from subsequent code word frames. Hence in spite of infinitely long code words, computations can be arranged so that the effect of earlier frames, properly decoded, on the current frame is zero.
Cloud computing is an ever-growing field in today‘s era.With the accumulation of data and the
advancement of technology,a large amount of data is generated everyday.Storage, availability and security of
the data form major concerns in the field of cloud computing.This paper focuses on homomorphic encryption,
which is largely used for security of data in the cloud.Homomorphic encryption is defined as the technique of
encryption in which specific operations can be carried out on the encrypted data.The data is stored on a remote
server.The task here is operating on the encrypted data.There are two types of homomorphic encryption, Fully
homomorphic encryption and patially homomorphic encryption.Fully homomorphic encryption allow arbitrary
computation on the ciphertext in a ring, while the partially homomorphic encryption is the one in which
addition or multiplication operations can be carried out on the normal ciphertext.Homomorphic encryption
plays a vital role in cloud computing as the encrypted data of companies is stored in a public cloud, thus taking
advantage of the cloud provider‘s services.Various algorithms and methods of homomorphic encryption that
have been proposed are discussed in this paper
Error Detection and Correction in SRAM Cell Using Decimal Matrix Codeiosrjce
Error Correction Codes (ECCs) are commonly used to protect memories from soft errors. As
technology scales, Multiple Cell Upsets (MCUs) become more common and affect a larger number of cells. To
prevent the occurrence of MCUs several error correction codes (ECCs) are used, but the main problem is that
they require complex encoder and decoder architecture and higher delay overheads. The decimal matrix code
(DMC) minimizes the area and delay overheads compared to the existing codes such as hamming, RS codes and
also improves the memory reliability by enhancing the error correction capability. In this paper, novel
decimal matrix code (DMC) based on divide-symbol is proposed to enhance memory reliability with
lower delay overhead. The proposed DMC utilizes decimal algorithm to obtain the maximum error
detection capability. Moreover, the encoder-reuse technique (ERT) is proposed to minimize the area
overhead of extra circuits without disturbing the whole encoding and decoding processes. ERT uses DMC encoder itself to be part of the decoder.
Key Topics are ....
Number Theory
Public key encryption
Modular Arithmetic
Euclid’s Algorithm
Chinese Remainder Theorem
Euler's Theorem
Fermat's Theorem
RSA Public Key Encryption
Convolution codes - Coding/Decoding Tree codes and Trellis codes for multiple...Madhumita Tamhane
In contrast to block codes, Convolution coding scheme has an information frame together with previous m information frames encoded into a single code word frame, hence coupling successive code word frames. Convolution codes are most important Tree codes that satisfy certain additional linearity and time invariance properties. Decoding procedure is mainly devoted to correcting errors in first frame. The effect of these information symbols on subsequent code word frames can be computed and subtracted from subsequent code word frames. Hence in spite of infinitely long code words, computations can be arranged so that the effect of earlier frames, properly decoded, on the current frame is zero.
Cloud computing is an ever-growing field in today‘s era.With the accumulation of data and the
advancement of technology,a large amount of data is generated everyday.Storage, availability and security of
the data form major concerns in the field of cloud computing.This paper focuses on homomorphic encryption,
which is largely used for security of data in the cloud.Homomorphic encryption is defined as the technique of
encryption in which specific operations can be carried out on the encrypted data.The data is stored on a remote
server.The task here is operating on the encrypted data.There are two types of homomorphic encryption, Fully
homomorphic encryption and patially homomorphic encryption.Fully homomorphic encryption allow arbitrary
computation on the ciphertext in a ring, while the partially homomorphic encryption is the one in which
addition or multiplication operations can be carried out on the normal ciphertext.Homomorphic encryption
plays a vital role in cloud computing as the encrypted data of companies is stored in a public cloud, thus taking
advantage of the cloud provider‘s services.Various algorithms and methods of homomorphic encryption that
have been proposed are discussed in this paper
Error Detection and Correction in SRAM Cell Using Decimal Matrix Codeiosrjce
Error Correction Codes (ECCs) are commonly used to protect memories from soft errors. As
technology scales, Multiple Cell Upsets (MCUs) become more common and affect a larger number of cells. To
prevent the occurrence of MCUs several error correction codes (ECCs) are used, but the main problem is that
they require complex encoder and decoder architecture and higher delay overheads. The decimal matrix code
(DMC) minimizes the area and delay overheads compared to the existing codes such as hamming, RS codes and
also improves the memory reliability by enhancing the error correction capability. In this paper, novel
decimal matrix code (DMC) based on divide-symbol is proposed to enhance memory reliability with
lower delay overhead. The proposed DMC utilizes decimal algorithm to obtain the maximum error
detection capability. Moreover, the encoder-reuse technique (ERT) is proposed to minimize the area
overhead of extra circuits without disturbing the whole encoding and decoding processes. ERT uses DMC encoder itself to be part of the decoder.
BCH codes, part of the cyclic codes, are very powerful error correcting codes widely used in the information coding techniques. This presentation explains these codes with an example.
A Decompiler for Blackhain-Based Smart Contracts BytecodeShakacon
Ethereum is gaining a significant popularity in the blockchain community, mainly due to fact that it is design in a way that enables developers to write decentralized applications (Dapps) and smart-contract using blockchain technology.
Ethereum blockchain is a consensus-based globally executed virtual machine, also referred as Ethereum Virtual Machine (EVM) by implemented its own micro-kernel supporting a handful number of instructions, its own stack, memory and storage. This enables the radical new concept of distributed applications.
Contracts live on the blockchain in an Ethereum-specific binary format (EVM bytecode). However, contracts are typically written in some high-level language such as Solidity and then compiled into byte code to be uploaded on the blockchain. Solidity is a contract-oriented, high-level language whose syntax is similar to that of JavaScript.
This new paradigm of applications opens the door to many possibilities and opportunities. Blockchain is often referred as secure by design, but now that blockchains can embed applications this raise multiple questions regarding architecture, design, attack vectors and patch deployments.
As we, reverse engineers, know having access to source code is often a luxury. Hence, the need for an open-source tool like Porosity: decompiler for EVM bytecode into readable Solidity-syntax contracts – to enable static and dynamic analysis of compiled contracts but also vulnerability discovery.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
4. 4
Hash Function
Generate a fixed length “Fingerprint” for an arbitrary
length message
No Key involved
Must be at least One-way to be useful
Applications
Keyed hash: MAC/ICV generation
Unkeyed hash: digital signature, password file, key
stream / pseudo-random number generator
Constructions
Iterated hash functions (MD4-family hash functions):
MD5, SHA1, SHA2, RMD160, HAS160
Hash functions based on block ciphers:
MDC(Manipulation Detection Code)
Hash Functions
H
Message M
Message Digest D
D = H(M)
5. 5
MAC
Generate a fixed length MAC for an
arbitrary length message
A keyed hash function
Message origin authentication
Message integrity
Entity authentication
Transaction authentication
Constructions
Keyed hash: HMAC, KMAC
Block cipher: CBC-MAC
Dedicated MAC: MAA, UMAC
Message Authentication Codes (MACs)
MAC
SEND
MAC
MAC
Shared
Secret Key
6. 6
Comparison of Hash Function & MAC
Hash
function
Arbitrary length
message
Hash
fixed length
MAC
function
Arbitrary length
message
MAC
fixed length
Secret key
Easy to compute
Compression: arbitrary length input to fixed length output
Unkeyed function vs. Keyed function
7. 7
Symmetric Authentication (MAC)
Secret key
algorithm
KAB
Shared
Secret key
between
Alice and Bob
Secret key
algorithm
KAB
yes no
Message MAC
transmit
Message MAC
MAC
Alice Bob
Shared
Secret key
between
Alice and Bob
8. 8
Digital Signature
Hash
function
Alice’s
Public keyyes no
Message Signature transmit Message Signature
Alice Bob
Public key
algorithm
Alice’s
Private key
Hash value
Hash
function
Hash value 1
Public key
algorithm
Hash value 2
9. 9
MAC (Message Authentication Code)
Generated and verified by a secret key algorithm
Message origin authentication & Message integrity
Schemes
Keyed hash: HMAC
Block cipher: CBC-MAC, XCBC-MAC
Dedicated MAC: UMAC
Digital Signature
Generated and verified by a public key algorithm and a hash function
Message origin authentication & Message integrity
Non-repudiation
Schemes
Hash + Digital signature algorithm
RSA; DSA, KCDSA; ECDSA, EC-KCDSA
MAC and Digital Signature
11. 11
Hash Functions – Requirements
Definition
Compression: arbitrary length input to fixed length output
Ease of computation
Security Properties
Preimage resistance (One-wayness) :
Given y, it is computationally infeasible to find any input x
such that y = h(x)
2nd preimage resistance (Weak collision resistance) :
Given x, it is computationally infeasible to find another input
x x such that h(x) = h(x)
Collision resistance (Strong collision resistance) :
It is computationally infeasible to find any two distinct inputs
x and x such that h(x) = h(x)
12. 12
Brute Force Attack on One-Way Hash Functions
h
mi
h(mi)
Given y,
find m such that
h(m) = y
n bits
h(mi) = y ?
for i = 1, 2, . . . 2n
Arbitrary message m
Or
m of the same meaning ?
13. 13
Constructing Multiple Versions of the Same Message
I state thereby that I borrowed $10,000 from
confirm received ten thousand dollars
Mr. Kris Gaj on October 15, 2001. This money
Dr. Krzysztof 15 October amount of money
should be returned to Mr. Gaj by November 30, 2001.
is required to given back Dr. 30 November
11 different positions of similar expressions
211 different messages of the same meaning
14. 14
Finding Collision in Collision-Resistant
Hash Functions
h
mi
h(mi)
Find any two distinct messages m, m such that h(m) = h(m).
n bits
for i = 1, 2, . . . 2m
h
mi
h(mi)
n bits
How large m should be
to get a match ?
15. 15
Birthday Paradox
How many students there must be in a class for there be a
greater than 50% chance that
1. One of the students shares the teacher’s birthday ?
(complexity breaking one-wayness)
365/2 188
2. Any two of the students share the same birthday ?
(complexity breaking collision resistance)
1 – 365 364 . . . (365-k+1) / 365k > 0.5 k 23
In general, the probability of a match being found when k
samples are randomly selected between 1 and n equals
( 1)
2
!
1 1
( )!
k k
n
k
n
e
n k n
16. 16
One Million $ Hardware Brute Force Attack
One-Way Hash Functions (complexity = 2n)
n = 64 n = 80 n = 128
Year 2001 4 days 718 years 1017 years
Collision-Resistant Hash Functions (complexity = 2n/2)
n = 128 n = 160 n = 256
Year 2001 4 days 718 years 1017 years
17. 17
f f f fIV=H0
H1 H2
Ht-1
Ht. . .
b b b b
n n n n n
n
Legend:
IV : Initial Value
Hi : i-th Chaining variable
Mi : i-th input block
f : Compression function
g : Output transformation (optional)
t : Number of input blocks
b : Block size in bits
n : Hash code size in bits
g
h(m)
General Construction of a Secure Hash Function
Message m 100…000 length
M1 M2 M3
Mt
Padding & length encoding
18. 18
General Construction of a Secure Hash Function
f
Hi-1
Hi
Mi
b
n
n
Entire hash
Compression
Function
(fixed-size hash function)
H0 = IV
Hi = f (Hi-1, Mi) for 1 i t
H(m) = g(Ht)
Fact(by Merkle-Damgård)
Any collision-resistant compression function f can
be extended to a collision-resistant hash function h
19. 19
Typical Hash Padding
Message m 100…000 length
64 bit integer
(bit-length of
message m)
Assume Block size = 512 bits (MD5, SHA1, RMD160, HAS160 …)
Last 512-bit block
Let r = |m| mod 512
If 512-r > 64
padding = 512-(r+64) bits
else
padding = 512-r+448 bits
(two padding blocks)
20. 20
Classification of Hash Functions
Dedicated
(Customized)
Based on
block ciphers
Based on
Modular Arith.
MD2
MD4
MD5 SHA0
SHA1
RIPEMD-128
RIPEMD-160
HAS-160
MDC-1
MDC-2
MDC-4
MASH-1Broken
Broken
Broken Broken
Reduced round
Version broken
SHA2
Weakness
discovered
21. 21
SHA (Secure Hash Algorithm) (1/2)
SHA was designed by NIST (national institute of standards and
technology) & NSA (National Security Agency)
US standard for use with DSA signature scheme
The algorithm is SHA, the standard is SHS
Based on the design of MD4 and MD5 by R. Rivest MIT
SHA-0: FIPS PUB 180, 1993
SHA-1: FIPS Pub 180-1, 1995
bitwise rotation of message schedule of SHA-0 changed
widely-used security applications and protocols such as
TLS and SSL, PGP, SSH, S/MIME, and IPsec
SHA-2: FIPS Pub 180-2, 2001
SHA-224, SHA-256, SHA-384, and SHA-512
Not so popular as SHA-1
* Federal Information Processing Standard
22. 22
Algorithm and
variant
Output
size (bits)
Internal
state siz
e (bits)
Block
size (bits)
Max me-
ssage siz
e (bits)
Word
size (bits)
Rounds Operation
Collisions
found
SHA-0 160 160 512 264 − 1 32 80
+,and,or,
xor,rot
Yes
SHA-1 160 160 512 264 − 1 32 80
+,and,or,
xor,rot
Yes
(252
attack (*)[
SHA-2
SHA-25
6/224
256/224 256 512 264 − 1 32 64
+,and,or,
xor,shr,rot
None
SHA-51
2/384
512/384 512 1024 2128 − 1 64 80
+,and,or,
xor,shr,rot
None
SHA (Secure Hash Algorithm) (2/2)
* Cameron McDonald, Philip Hawkes and Josef Pieprzyk, SHA-1 collisions now 2^52, Eurocrypt 2009
Rump session, http://eurocrypt2009rump.cr.yp.to/ 837a0a8086fa6ca714249409ddfae43d.pdf.
23. 23
SHA-1 Overview
round 0 f1, ABCDE, Yq, K0, w0
round 1 f2, ABCDE, Yq, K1, w1
round 79 f80, ABCDE, Yq, K79, w79
A B C D E
A B C D E
160
CVq+1
CVq
A B C D E
160
Yq
512
25. 25
SHA-1
Initial values
A = 6 7 4 5 2 3 0 1
B = E F C D A B 8 9
C = 9 8 B A D C F E
D = 1 0 3 2 5 4 7 6
E = C 3 D 2 E 1 F 0
Constants Kt
t = 0 ~ 19 Kt = 5 A 8 2 7 9 9 9
t = 20 ~ 39 Kt = 6 E D 9 E B A 1
t = 40 ~ 59 Kt = 8 F 1 B B C D C
t = 60 ~ 79 Kt = C A 6 2 C 1 D 6
Boolean function ft
t = 0 ~ 19 ft (B, C, D) = B · C + B · D
t = 20 ~ 39 ft (B, C, D) = B C D
t = 40 ~ 59 ft (B, C, D) = B · C + B · D + C · D
t = 60 ~ 79 ft (B, C, D) = B C D
27. 27
Step Operations of MD5 & SHA1
A B C D E
A B C D E
fr
<<30
<<5
+
+
+
+
Mi
Kr
0 1 19. . .
. . .
D C B A
D C B A
fr
<<si
+
Mi
Kr
+
+
+
0 115
Big
endian
Little
endian
28. 28
Step Operations of SHA1 & HAS160
A B C D E
A B C D E
fr
<<30
<<5
+
+
+
+
Mi
Kr
ABCDE
ABCDE
fr
<<sr
<<si
+
+
+
+
Mi
Kr
0 1 19 1 019
<<sr
. . . . . .
29. 29
Comparison of Popular Hash Functions
Hash Func. MD5 SHA1 RMD160 HAS160
Digest size(bits) 128 160 160 160
Block size(bits) 512 512 512 512
No of steps 64(4x16) 80(4x20) 160(5x2x16) 80(4x20)
Boolean func. 4 4(3) 5 4(3)
Constants 64 4 9 4
Endianness Little Big Little Little
Speed ratio 1.0 0.57 0.5 0.94
30. 30
Hash Functions Based on Block Ciphers: MDC1
Matyas-Meyer-Oseas Scheme
g: a function mapping an
input Hi to a key
suitable for E, might be
the identity function
Compression
function f
Eg
Hi
MiHi-1
block size
block size
block size
• Provably Secure under
an appropriate black-
box model
• But produces too short
hash codes for use in
most applications
31. 31
Hash Functions Based on Block Ciphers: MDC2
Compression
function f
Mi
Hi
EgHi-1
A B
E g
C D
A D C B
Hi-1
Hi
32. Ex. of MD5 Collisions
32
Collision1.bin Collision2.bin
Same MD5 Hashed Value !!
33. Practical Collision Attacks (MD5)
• Colliding valid X.509 certificates
– Lenstra, Wang, Weger, forged X.509 certificates,
http://eprint.iacr.org/2005/067.pdf
Same owner with different public keys (2048 bits)
– Stevens, Lenstra, Weger, Eurocrypt 2007
8192-bit public key (8-block collision)
– Stevens etc. Crypto 2009
Pass the browser authentication, different owners,
different public keys (See next page.)
33