The document discusses hash functions and message authentication codes (MACs). It begins by defining hash functions and MACs, noting that hash functions generate a fingerprint for a message without a key while MACs use a keyed hash function. It then covers security requirements for hash functions like one-wayness and collision resistance. Popular hash functions are described like MD5, SHA-1, and the SHA-2 family. Constructions for hash functions based on block ciphers and iterated hash functions are also outlined. The document concludes by comparing hash functions and MACs and describing common MAC constructions.
Shai Halevi discusses new ways to protect cloud data and security. Presented at "New Techniques for Protecting Cloud Data and Security" organized by the New York Technology Council.
In this paper, we present a complete digital signature message stream, just the way the RSA digital
signature scheme does it. We will focus on the operations with large numbers due to the fact that operating
with large numbers is the essence of RSA that cannot be understood by the usual illustrative examples with
small numbers[1].
Two further methods for obtaining post-quantum security are discussed, namely code-based and isogeny-based cryptography. Topic 1: Revocable Identity-based Encryption from Codes with Rank Metric (will be presented by Dr. Reza Azarderakhsh) Authors: Donghoon Chang; Amit Kumar Chauhan; Sandeep Kumar; Somitra Kumar Sanadhya Topic 2: An Exposure Model for Supersingular Isogeny Diffie-Hellman Key Exchange Authors: Brian Koziel; Reza Azarderakhsh; David Jao
(Source: RSA Conference USA 2018)
Shai Halevi discusses new ways to protect cloud data and security. Presented at "New Techniques for Protecting Cloud Data and Security" organized by the New York Technology Council.
In this paper, we present a complete digital signature message stream, just the way the RSA digital
signature scheme does it. We will focus on the operations with large numbers due to the fact that operating
with large numbers is the essence of RSA that cannot be understood by the usual illustrative examples with
small numbers[1].
Two further methods for obtaining post-quantum security are discussed, namely code-based and isogeny-based cryptography. Topic 1: Revocable Identity-based Encryption from Codes with Rank Metric (will be presented by Dr. Reza Azarderakhsh) Authors: Donghoon Chang; Amit Kumar Chauhan; Sandeep Kumar; Somitra Kumar Sanadhya Topic 2: An Exposure Model for Supersingular Isogeny Diffie-Hellman Key Exchange Authors: Brian Koziel; Reza Azarderakhsh; David Jao
(Source: RSA Conference USA 2018)
Key Topics are ....
Number Theory
Public key encryption
Modular Arithmetic
Euclid’s Algorithm
Chinese Remainder Theorem
Euler's Theorem
Fermat's Theorem
RSA Public Key Encryption
Convolution codes - Coding/Decoding Tree codes and Trellis codes for multiple...Madhumita Tamhane
In contrast to block codes, Convolution coding scheme has an information frame together with previous m information frames encoded into a single code word frame, hence coupling successive code word frames. Convolution codes are most important Tree codes that satisfy certain additional linearity and time invariance properties. Decoding procedure is mainly devoted to correcting errors in first frame. The effect of these information symbols on subsequent code word frames can be computed and subtracted from subsequent code word frames. Hence in spite of infinitely long code words, computations can be arranged so that the effect of earlier frames, properly decoded, on the current frame is zero.
Cloud computing is an ever-growing field in today‘s era.With the accumulation of data and the
advancement of technology,a large amount of data is generated everyday.Storage, availability and security of
the data form major concerns in the field of cloud computing.This paper focuses on homomorphic encryption,
which is largely used for security of data in the cloud.Homomorphic encryption is defined as the technique of
encryption in which specific operations can be carried out on the encrypted data.The data is stored on a remote
server.The task here is operating on the encrypted data.There are two types of homomorphic encryption, Fully
homomorphic encryption and patially homomorphic encryption.Fully homomorphic encryption allow arbitrary
computation on the ciphertext in a ring, while the partially homomorphic encryption is the one in which
addition or multiplication operations can be carried out on the normal ciphertext.Homomorphic encryption
plays a vital role in cloud computing as the encrypted data of companies is stored in a public cloud, thus taking
advantage of the cloud provider‘s services.Various algorithms and methods of homomorphic encryption that
have been proposed are discussed in this paper
Error Detection and Correction in SRAM Cell Using Decimal Matrix Codeiosrjce
Error Correction Codes (ECCs) are commonly used to protect memories from soft errors. As
technology scales, Multiple Cell Upsets (MCUs) become more common and affect a larger number of cells. To
prevent the occurrence of MCUs several error correction codes (ECCs) are used, but the main problem is that
they require complex encoder and decoder architecture and higher delay overheads. The decimal matrix code
(DMC) minimizes the area and delay overheads compared to the existing codes such as hamming, RS codes and
also improves the memory reliability by enhancing the error correction capability. In this paper, novel
decimal matrix code (DMC) based on divide-symbol is proposed to enhance memory reliability with
lower delay overhead. The proposed DMC utilizes decimal algorithm to obtain the maximum error
detection capability. Moreover, the encoder-reuse technique (ERT) is proposed to minimize the area
overhead of extra circuits without disturbing the whole encoding and decoding processes. ERT uses DMC encoder itself to be part of the decoder.
The battle between Google and Oracle may finally be over, but let's face it, the relationship between Android developers and Java is still a rocky one.
In this presentation I would like to look at the potential for Android development with a series of alternatives to Java, especially Go, Dart, Kotlin and Swift.
I will introduce the languages, analyze their potential and what is achievable with them, seeing if any of them are viable alternatives to the Java behemoth.
Versión estenográfica de la Reunión Nacional de Infraestructura Hidráulica 2014, “Infraestructura hidráulica, el gran reto de México”, llevada a cabo en el estado de Campeche.
Presentador: Señoras y señores, sean todos bienvenidos a la ciudad de San Francisco de Campeche, lugar sede de la inauguración de la Reunión Nacional de Infraestructura Hidráulica 2014.
ICU of the Future- Egyptian Critical Care Summit 2015Dr.Mahmoud Abbas
ICU of the Future lecture presented by Dr Lluis Blanch at the Egyptian Critical Care Summit 2015. Egyptian Critical care Summit is the leading medical event and exhibition in Egypt
Key Topics are ....
Number Theory
Public key encryption
Modular Arithmetic
Euclid’s Algorithm
Chinese Remainder Theorem
Euler's Theorem
Fermat's Theorem
RSA Public Key Encryption
Convolution codes - Coding/Decoding Tree codes and Trellis codes for multiple...Madhumita Tamhane
In contrast to block codes, Convolution coding scheme has an information frame together with previous m information frames encoded into a single code word frame, hence coupling successive code word frames. Convolution codes are most important Tree codes that satisfy certain additional linearity and time invariance properties. Decoding procedure is mainly devoted to correcting errors in first frame. The effect of these information symbols on subsequent code word frames can be computed and subtracted from subsequent code word frames. Hence in spite of infinitely long code words, computations can be arranged so that the effect of earlier frames, properly decoded, on the current frame is zero.
Cloud computing is an ever-growing field in today‘s era.With the accumulation of data and the
advancement of technology,a large amount of data is generated everyday.Storage, availability and security of
the data form major concerns in the field of cloud computing.This paper focuses on homomorphic encryption,
which is largely used for security of data in the cloud.Homomorphic encryption is defined as the technique of
encryption in which specific operations can be carried out on the encrypted data.The data is stored on a remote
server.The task here is operating on the encrypted data.There are two types of homomorphic encryption, Fully
homomorphic encryption and patially homomorphic encryption.Fully homomorphic encryption allow arbitrary
computation on the ciphertext in a ring, while the partially homomorphic encryption is the one in which
addition or multiplication operations can be carried out on the normal ciphertext.Homomorphic encryption
plays a vital role in cloud computing as the encrypted data of companies is stored in a public cloud, thus taking
advantage of the cloud provider‘s services.Various algorithms and methods of homomorphic encryption that
have been proposed are discussed in this paper
Error Detection and Correction in SRAM Cell Using Decimal Matrix Codeiosrjce
Error Correction Codes (ECCs) are commonly used to protect memories from soft errors. As
technology scales, Multiple Cell Upsets (MCUs) become more common and affect a larger number of cells. To
prevent the occurrence of MCUs several error correction codes (ECCs) are used, but the main problem is that
they require complex encoder and decoder architecture and higher delay overheads. The decimal matrix code
(DMC) minimizes the area and delay overheads compared to the existing codes such as hamming, RS codes and
also improves the memory reliability by enhancing the error correction capability. In this paper, novel
decimal matrix code (DMC) based on divide-symbol is proposed to enhance memory reliability with
lower delay overhead. The proposed DMC utilizes decimal algorithm to obtain the maximum error
detection capability. Moreover, the encoder-reuse technique (ERT) is proposed to minimize the area
overhead of extra circuits without disturbing the whole encoding and decoding processes. ERT uses DMC encoder itself to be part of the decoder.
The battle between Google and Oracle may finally be over, but let's face it, the relationship between Android developers and Java is still a rocky one.
In this presentation I would like to look at the potential for Android development with a series of alternatives to Java, especially Go, Dart, Kotlin and Swift.
I will introduce the languages, analyze their potential and what is achievable with them, seeing if any of them are viable alternatives to the Java behemoth.
Versión estenográfica de la Reunión Nacional de Infraestructura Hidráulica 2014, “Infraestructura hidráulica, el gran reto de México”, llevada a cabo en el estado de Campeche.
Presentador: Señoras y señores, sean todos bienvenidos a la ciudad de San Francisco de Campeche, lugar sede de la inauguración de la Reunión Nacional de Infraestructura Hidráulica 2014.
ICU of the Future- Egyptian Critical Care Summit 2015Dr.Mahmoud Abbas
ICU of the Future lecture presented by Dr Lluis Blanch at the Egyptian Critical Care Summit 2015. Egyptian Critical care Summit is the leading medical event and exhibition in Egypt
I create themes for each PeopleSoft module roll-out. The theme for the Manager Talent Management presentation was "The ROAD to Employee Engagement" and a logo was added to communications, etc.
BCH codes, part of the cyclic codes, are very powerful error correcting codes widely used in the information coding techniques. This presentation explains these codes with an example.
A Decompiler for Blackhain-Based Smart Contracts BytecodeShakacon
Ethereum is gaining a significant popularity in the blockchain community, mainly due to fact that it is design in a way that enables developers to write decentralized applications (Dapps) and smart-contract using blockchain technology.
Ethereum blockchain is a consensus-based globally executed virtual machine, also referred as Ethereum Virtual Machine (EVM) by implemented its own micro-kernel supporting a handful number of instructions, its own stack, memory and storage. This enables the radical new concept of distributed applications.
Contracts live on the blockchain in an Ethereum-specific binary format (EVM bytecode). However, contracts are typically written in some high-level language such as Solidity and then compiled into byte code to be uploaded on the blockchain. Solidity is a contract-oriented, high-level language whose syntax is similar to that of JavaScript.
This new paradigm of applications opens the door to many possibilities and opportunities. Blockchain is often referred as secure by design, but now that blockchains can embed applications this raise multiple questions regarding architecture, design, attack vectors and patch deployments.
As we, reverse engineers, know having access to source code is often a luxury. Hence, the need for an open-source tool like Porosity: decompiler for EVM bytecode into readable Solidity-syntax contracts – to enable static and dynamic analysis of compiled contracts but also vulnerability discovery.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
4. 4
Hash Function
Generate a fixed length “Fingerprint” for an arbitrary
length message
No Key involved
Must be at least One-way to be useful
Applications
Keyed hash: MAC/ICV generation
Unkeyed hash: digital signature, password file, key
stream / pseudo-random number generator
Constructions
Iterated hash functions (MD4-family hash functions):
MD5, SHA1, SHA2, RMD160, HAS160
Hash functions based on block ciphers:
MDC(Manipulation Detection Code)
Hash Functions
H
Message M
Message Digest D
D = H(M)
5. 5
MAC
Generate a fixed length MAC for an
arbitrary length message
A keyed hash function
Message origin authentication
Message integrity
Entity authentication
Transaction authentication
Constructions
Keyed hash: HMAC, KMAC
Block cipher: CBC-MAC
Dedicated MAC: MAA, UMAC
Message Authentication Codes (MACs)
MAC
SEND
MAC
MAC
Shared
Secret Key
6. 6
Comparison of Hash Function & MAC
Hash
function
Arbitrary length
message
Hash
fixed length
MAC
function
Arbitrary length
message
MAC
fixed length
Secret key
Easy to compute
Compression: arbitrary length input to fixed length output
Unkeyed function vs. Keyed function
7. 7
Symmetric Authentication (MAC)
Secret key
algorithm
KAB
Shared
Secret key
between
Alice and Bob
Secret key
algorithm
KAB
yes no
Message MAC
transmit
Message MAC
MAC
Alice Bob
Shared
Secret key
between
Alice and Bob
8. 8
Digital Signature
Hash
function
Alice’s
Public keyyes no
Message Signature transmit Message Signature
Alice Bob
Public key
algorithm
Alice’s
Private key
Hash value
Hash
function
Hash value 1
Public key
algorithm
Hash value 2
9. 9
MAC (Message Authentication Code)
Generated and verified by a secret key algorithm
Message origin authentication & Message integrity
Schemes
Keyed hash: HMAC
Block cipher: CBC-MAC, XCBC-MAC
Dedicated MAC: UMAC
Digital Signature
Generated and verified by a public key algorithm and a hash function
Message origin authentication & Message integrity
Non-repudiation
Schemes
Hash + Digital signature algorithm
RSA; DSA, KCDSA; ECDSA, EC-KCDSA
MAC and Digital Signature
11. 11
Hash Functions – Requirements
Definition
Compression: arbitrary length input to fixed length output
Ease of computation
Security Properties
Preimage resistance (One-wayness) :
Given y, it is computationally infeasible to find any input x
such that y = h(x)
2nd preimage resistance (Weak collision resistance) :
Given x, it is computationally infeasible to find another input
x x such that h(x) = h(x)
Collision resistance (Strong collision resistance) :
It is computationally infeasible to find any two distinct inputs
x and x such that h(x) = h(x)
12. 12
Brute Force Attack on One-Way Hash Functions
h
mi
h(mi)
Given y,
find m such that
h(m) = y
n bits
h(mi) = y ?
for i = 1, 2, . . . 2n
Arbitrary message m
Or
m of the same meaning ?
13. 13
Constructing Multiple Versions of the Same Message
I state thereby that I borrowed $10,000 from
confirm received ten thousand dollars
Mr. Kris Gaj on October 15, 2001. This money
Dr. Krzysztof 15 October amount of money
should be returned to Mr. Gaj by November 30, 2001.
is required to given back Dr. 30 November
11 different positions of similar expressions
211 different messages of the same meaning
14. 14
Finding Collision in Collision-Resistant
Hash Functions
h
mi
h(mi)
Find any two distinct messages m, m such that h(m) = h(m).
n bits
for i = 1, 2, . . . 2m
h
mi
h(mi)
n bits
How large m should be
to get a match ?
15. 15
Birthday Paradox
How many students there must be in a class for there be a
greater than 50% chance that
1. One of the students shares the teacher’s birthday ?
(complexity breaking one-wayness)
365/2 188
2. Any two of the students share the same birthday ?
(complexity breaking collision resistance)
1 – 365 364 . . . (365-k+1) / 365k > 0.5 k 23
In general, the probability of a match being found when k
samples are randomly selected between 1 and n equals
( 1)
2
!
1 1
( )!
k k
n
k
n
e
n k n
16. 16
One Million $ Hardware Brute Force Attack
One-Way Hash Functions (complexity = 2n)
n = 64 n = 80 n = 128
Year 2001 4 days 718 years 1017 years
Collision-Resistant Hash Functions (complexity = 2n/2)
n = 128 n = 160 n = 256
Year 2001 4 days 718 years 1017 years
17. 17
f f f fIV=H0
H1 H2
Ht-1
Ht. . .
b b b b
n n n n n
n
Legend:
IV : Initial Value
Hi : i-th Chaining variable
Mi : i-th input block
f : Compression function
g : Output transformation (optional)
t : Number of input blocks
b : Block size in bits
n : Hash code size in bits
g
h(m)
General Construction of a Secure Hash Function
Message m 100…000 length
M1 M2 M3
Mt
Padding & length encoding
18. 18
General Construction of a Secure Hash Function
f
Hi-1
Hi
Mi
b
n
n
Entire hash
Compression
Function
(fixed-size hash function)
H0 = IV
Hi = f (Hi-1, Mi) for 1 i t
H(m) = g(Ht)
Fact(by Merkle-Damgård)
Any collision-resistant compression function f can
be extended to a collision-resistant hash function h
19. 19
Typical Hash Padding
Message m 100…000 length
64 bit integer
(bit-length of
message m)
Assume Block size = 512 bits (MD5, SHA1, RMD160, HAS160 …)
Last 512-bit block
Let r = |m| mod 512
If 512-r > 64
padding = 512-(r+64) bits
else
padding = 512-r+448 bits
(two padding blocks)
20. 20
Classification of Hash Functions
Dedicated
(Customized)
Based on
block ciphers
Based on
Modular Arith.
MD2
MD4
MD5 SHA0
SHA1
RIPEMD-128
RIPEMD-160
HAS-160
MDC-1
MDC-2
MDC-4
MASH-1Broken
Broken
Broken Broken
Reduced round
Version broken
SHA2
Weakness
discovered
21. 21
SHA (Secure Hash Algorithm) (1/2)
SHA was designed by NIST (national institute of standards and
technology) & NSA (National Security Agency)
US standard for use with DSA signature scheme
The algorithm is SHA, the standard is SHS
Based on the design of MD4 and MD5 by R. Rivest MIT
SHA-0: FIPS PUB 180, 1993
SHA-1: FIPS Pub 180-1, 1995
bitwise rotation of message schedule of SHA-0 changed
widely-used security applications and protocols such as
TLS and SSL, PGP, SSH, S/MIME, and IPsec
SHA-2: FIPS Pub 180-2, 2001
SHA-224, SHA-256, SHA-384, and SHA-512
Not so popular as SHA-1
* Federal Information Processing Standard
22. 22
Algorithm and
variant
Output
size (bits)
Internal
state siz
e (bits)
Block
size (bits)
Max me-
ssage siz
e (bits)
Word
size (bits)
Rounds Operation
Collisions
found
SHA-0 160 160 512 264 − 1 32 80
+,and,or,
xor,rot
Yes
SHA-1 160 160 512 264 − 1 32 80
+,and,or,
xor,rot
Yes
(252
attack (*)[
SHA-2
SHA-25
6/224
256/224 256 512 264 − 1 32 64
+,and,or,
xor,shr,rot
None
SHA-51
2/384
512/384 512 1024 2128 − 1 64 80
+,and,or,
xor,shr,rot
None
SHA (Secure Hash Algorithm) (2/2)
* Cameron McDonald, Philip Hawkes and Josef Pieprzyk, SHA-1 collisions now 2^52, Eurocrypt 2009
Rump session, http://eurocrypt2009rump.cr.yp.to/ 837a0a8086fa6ca714249409ddfae43d.pdf.
23. 23
SHA-1 Overview
round 0 f1, ABCDE, Yq, K0, w0
round 1 f2, ABCDE, Yq, K1, w1
round 79 f80, ABCDE, Yq, K79, w79
A B C D E
A B C D E
160
CVq+1
CVq
A B C D E
160
Yq
512
25. 25
SHA-1
Initial values
A = 6 7 4 5 2 3 0 1
B = E F C D A B 8 9
C = 9 8 B A D C F E
D = 1 0 3 2 5 4 7 6
E = C 3 D 2 E 1 F 0
Constants Kt
t = 0 ~ 19 Kt = 5 A 8 2 7 9 9 9
t = 20 ~ 39 Kt = 6 E D 9 E B A 1
t = 40 ~ 59 Kt = 8 F 1 B B C D C
t = 60 ~ 79 Kt = C A 6 2 C 1 D 6
Boolean function ft
t = 0 ~ 19 ft (B, C, D) = B · C + B · D
t = 20 ~ 39 ft (B, C, D) = B C D
t = 40 ~ 59 ft (B, C, D) = B · C + B · D + C · D
t = 60 ~ 79 ft (B, C, D) = B C D
27. 27
Step Operations of MD5 & SHA1
A B C D E
A B C D E
fr
<<30
<<5
+
+
+
+
Mi
Kr
0 1 19. . .
. . .
D C B A
D C B A
fr
<<si
+
Mi
Kr
+
+
+
0 115
Big
endian
Little
endian
28. 28
Step Operations of SHA1 & HAS160
A B C D E
A B C D E
fr
<<30
<<5
+
+
+
+
Mi
Kr
ABCDE
ABCDE
fr
<<sr
<<si
+
+
+
+
Mi
Kr
0 1 19 1 019
<<sr
. . . . . .
29. 29
Comparison of Popular Hash Functions
Hash Func. MD5 SHA1 RMD160 HAS160
Digest size(bits) 128 160 160 160
Block size(bits) 512 512 512 512
No of steps 64(4x16) 80(4x20) 160(5x2x16) 80(4x20)
Boolean func. 4 4(3) 5 4(3)
Constants 64 4 9 4
Endianness Little Big Little Little
Speed ratio 1.0 0.57 0.5 0.94
30. 30
Hash Functions Based on Block Ciphers: MDC1
Matyas-Meyer-Oseas Scheme
g: a function mapping an
input Hi to a key
suitable for E, might be
the identity function
Compression
function f
Eg
Hi
MiHi-1
block size
block size
block size
• Provably Secure under
an appropriate black-
box model
• But produces too short
hash codes for use in
most applications
31. 31
Hash Functions Based on Block Ciphers: MDC2
Compression
function f
Mi
Hi
EgHi-1
A B
E g
C D
A D C B
Hi-1
Hi
32. Ex. of MD5 Collisions
32
Collision1.bin Collision2.bin
Same MD5 Hashed Value !!
33. Practical Collision Attacks (MD5)
• Colliding valid X.509 certificates
– Lenstra, Wang, Weger, forged X.509 certificates,
http://eprint.iacr.org/2005/067.pdf
Same owner with different public keys (2048 bits)
– Stevens, Lenstra, Weger, Eurocrypt 2007
8192-bit public key (8-block collision)
– Stevens etc. Crypto 2009
Pass the browser authentication, different owners,
different public keys (See next page.)
33