+ All Categories
Home > Documents > Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash...

Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash...

Date post: 29-Jan-2016
Category:
Upload: nicholas-park
View: 277 times
Download: 1 times
Share this document with a friend
42
Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions
Transcript
Page 1: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Chapter 5Hash Functions

What is a Hash Function?The Birthday Problem

Tiger HashUses of Hash Functions

Page 2: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Hash function?

A hash function is a reproducible method of turning some kind of data into a (relatively) small number that may serve as a digital "fingerprint" of the data.

Chapter 5 Hash Function 2

Crypto Hash function: a hash function with certain additional security properties to make it suitable for use as various info security applications

Page 3: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Hash Function Motivation

Suppose Alice signs M Alice sends M and S = [M]Alice to Bob Bob verifies that M = {S}Alice

Aside: Is it OK to just send S? If M is big, [M]Alice is costly to compute Suppose instead, Alice signs h(M),

where h(M) is much smaller than M Alice sends M and S = [h(M)]Alice to Bob Bob verifies that h(M) = {S}Alice

3Chapter 5 Hash Function

Page 4: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Crypto Hash Function

Crypto hash function h(x) must provide the following properties

Compression output length is small

Efficiency h(x) easy to computer for any x

One-way given a value y it is infeasible to find an x

such that h(x) = y

4Chapter 5 Hash Function

Page 5: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Crypto Hash Function

Weak collision resistance given x and h(x), infeasible to find y

with y x such that h(y) = h(x) Strong collision resistance

infeasible to find any x and y, with x y such that h(x) = h(y)

Lots of collisions exist, but hard to find one

5Chapter 5 Hash Function

Page 6: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Pre-Birthday Problem

Suppose N people in a room How large must N be before the

probability someone has same birthday as me is 1/2 Solve: 1/2 = 1 (364/365)N for N Find N = 253

6Chapter 5 Hash Function

Page 7: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Birthday Problem

How many people must be in a room before probability is 1/2 that two or more have same birthday? 1 365/365 364/365 (365N+1)/365

Set equal to 1/2 and solve: N = 23

Surprising? A paradox?

Maybe not: “Should be” about sqrt(365) since we compare all pairs x and y

7Chapter 5 Hash Function

Page 8: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Birthday Problem

8Chapter 5 Hash Function

Page 9: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Of Hashes and Birthdays

If h(x) is N bits, then 2N different hash values are possible

sqrt(2N) = 2N/2

Therefore, hash about 2N/2 random values and you expect to find a collision

Implication: secure N bit symmetric key requires 2N1 work to “break” while secure N bit hash requires 2N/2 work to “break”

9Chapter 5 Hash Function

Page 10: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Non-Crytpo Hash

Chapter 5 Hash Function 10

Page 11: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Non-crypto Hash (1)

Data X = (X0,X1,X2,…,Xn-1), each Xi is a byte

Spse hash(X) = X0+X1+X2+…+Xn-1 mod 256 Output is always 8 bits

Is this secure? Example:

X = (10101010,00001111) = 170+15 = 185 = 10111001Hash is 10111001But so is hash of Y = (00001111,10101010)

Easy to find collisions, so not secure…

11Chapter 5 Hash Function

Page 12: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Non-crypto Hash (2)

Data X = (X0,X1,X2,…,Xn-1) Suppose hash is

h(X) = nX0+(n-1)X1+(n-2)X2+…+1Xn-1 mod 256

Is this hash secure? At least

h(10101010,00001111)h(00001111,10101010) But hash of (00000001,00001111) is same

as hash of (00000000,00010001) Not one-way, but this hash is used in the

(non-crypto) application rsync12Chapter 5 Hash Function

Page 13: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Non-crypto Hash (3)

Redundancy check (ex: parity bit) Extra data added to a message for the

purposes of error detection and correction Any hash function can be used as a

redundancy check Checksum:

A form of redundancy check, a simple way to protect the integrity of data by detecting errors in data

It works by adding up the basic components of the message, and later compare it to the authentic checksum

13Chapter 5 Hash Function

Page 14: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Non-crypto Hash (3)

Example of Checksum: Given 4 byte data: 0x(25 62 3F 52) Step1: Adding all byte together -> 0x(118) Step2: Drop the Carry Nibble to give you

0x(18) Step3: Get the two’s complement of 0x(18)

to get 0x(E8). This 0x(E8) is checksum byte To test the checksum byte, simply add it to

the original group of bytes This should give you 0x(200) Drop the carry nibble again giving 0x(00) Since it is 0x(00) this means the bytes were

probably not changed14Chapter 5 Hash Function

Page 15: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Non-crypto Hash (3)

Cyclic Redundancy Check (CRC) A CRC "checksum" is the remainder of a

binary division with no bit carry (XOR used instead of subtraction), of the message bit stream, by a predefined (short) bit stream of length n + 1, which represents the coefficients of a polynomial with degree n.

Before the division, n zeros are appended to the message stream. (example)

15Chapter 5 Hash Function

Page 16: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Non-crypto Hash (3)

Read paper in http://www.repairfaq.org/filipg/LINK/F_crc_v31.html#CRCV_006

(A painless guide to CRC error detection alg)

CRCs and similar checksum methods are only designed to detect transmission errors

Not to detect intentional tampering with data

But CRC sometimes mistakenly used in crypto applications (WEP)

16Chapter 5 Hash Function

Page 17: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Crytpo Hash

Chapter 5 Hash Function 17

Page 18: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Crypto Hash Design

No collisions Then we say the hash function is secure Change in input should not be correlated

with output Desired property: avalanche effect

Change to 1 bit of input should affect about half of output bits

Avalanche effect should occur after few rounds

18Chapter 5 Hash Function

Page 19: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Crypto Hash Design

Efficiency Otherwise, no point of using hash function

Crypto hash functions consist of some number of rounds Analogous to design of block ciphers Similar trade-offs as the iterated block

cipher Want security and speed but simple

rounds

19Chapter 5 Hash Function

Page 20: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Popular Crypto Hashes

MD(Message Digest) 5 invented by Rivest 128 bit output MD2 → MD4 → MD5 MD2 and MD4 are no longer secure, due

to collision found Note: even MD5, collision recently found

20Chapter 5 Hash Function

Page 21: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Popular Crypto Hashes

SHA(Secure Hash Algorithm)-1 A US government standard (similar to

MD5) “The world’s most popular hash

function” 180 bit output SHA-0 → SHA-1

Many others hashes, but MD5 and SHA-1 most widely used

21Chapter 5 Hash Function

Page 22: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Popular Crypto Hashes

Here, we discuss Tiger hash instead of MD5 or SHA-1

Since Tiger is more structured design than MD5 or SHA-1.

22Chapter 5 Hash Function

Page 23: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Tiger Hash

Chapter 5 Hash Function 23

Page 24: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Tiger Hash

Designed by Ross Anderson & Eli Biham leading cryptographers

“Fast and strong” like its name Design criteria

Secure Optimized for 64-bit processors Easy replacement for MD5 or SHA-1

24Chapter 5 Hash Function

Page 25: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Tiger Hash

Like MD5/SHA-1, input divided into 512 bit blocks (padded)

Unlike MD5/SHA-1, output is 192 bits (three 64-bit words) Recall MD5: 128 bit, SHA-1: 180 bit Truncate output if replacing MD5 or SHA-1

Intermediate rounds are all 192 bits 4 S-boxes, each maps 8 bits to 64 bits A “key schedule” is used

25Chapter 5 Hash Function

Page 26: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Tiger Outer Round

F7

F9

W

ca b

ca b

F5

key schedule

key schedule

Input is X X = (X0,X1,…,Xn-1) X is padded Each Xi is 512 bits

There are n iterations of diagram at left One for each input block

Initial (a,b,c) constants Final (a,b,c) is hash Looks like block cipher!ca b

W

W

Xi

26Chapter 5 Hash Function

Page 27: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Tiger Inner Rounds

fm,0

fm.1

fm,2

fm,7

w0

w1

w2

w7

ca b

ca b

Each Fm consists of precisely 8 rounds

512 bit input W to Fm

W=(w0,w1,…,w7) W is one of the input

blocks Xi

All lines are 64 bits The fm,i depend on the

S-boxes (next slide)

27Chapter 5 Hash Function

Page 28: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Tiger Hash: One Round

Each fm,i is a function of a,b,c,wi and m Input values of a,b,c from previous round And wi is 64-bit block of 512 bit W Subscript m is multiplier And c = (c0,c1,…,c7): ci is a single byte

Output of fm,i is c = c wi

a = a (S0[c0] S1[c2] S2[c4] S3[c6]) b = b + (S3[c1] S2[c3] S1[c5] S0[c7]) b = b m

Each Si is S-box: 8 bits mapped to 64 bits28Chapter 5 Hash Function

Page 29: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Tiger Hash Key Schedule

Input is X X=(x0,x1,

…,x7) Small

change in X will produce large change in key schedule output

x0 = x0 (x7 0xA5A5A5A5A5A5A5A5)

x1 = x1 x0 , x2 = x2 x1

x3 = x3 (x2 ((~x1) << 19))

x4 = x4 x3 , x5 = x5 +x4

x6 = x6 (x5 ((~x4) >> 23))

x7 = x7 x6 ,

x0 = x0 +x7

x1 = x1 (x0 ((~x7) << 19))

x2 = x2 x1 , x3 = x3 +x2

x4 = x4 (x3 ((~x2) >> 23))

x5 = x5 x4 , x6 = x6 +x5

x7 = x7 (x6 0x0123456789ABCDEF)

29Chapter 5 Hash Function

Page 30: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Tiger Hash Summary (1)

Hash and intermediate values are 192 bits 24 (3-outer X 8-inner)rounds

S-boxes: Claimed that each input bit affects a, b and c after 3 rounds

Key schedule: Small change in message affects many bits of intermediate hash values

Multiply: Designed to insure that input to S-box in one round mixed into many S-boxes in next

S-boxes, key schedule and multiply together designed to insure strong avalanche effect

30Chapter 5 Hash Function

Page 31: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Tiger Hash Summary (2)

Uses lots of ideas from block ciphers S-boxes Multiple rounds Mixed mode arithmetic

At a higher level, Tiger employs Confusion Diffusion

31Chapter 5 Hash Function

Page 32: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

HMAC

Chapter 5 Hash Function 32

Page 33: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

HMAC

Recall MAC is for message integrity The final encrypted block, CBC residue

We can not send M and h(M) together Trudy can change M to M’ and h(M) to h(M’)

How can we solve the above problem? One solution: make hash depend on

the Key, so called hashed MAC, HMAC The key is known only to sender and

receiver33Chapter 5 Hash Function

Page 34: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Message Authentication Code(MAC)

mess

ag

e

H( )

mess

ag

e

mess

ag

e

H( )

compare

Message integrity No encryption!

34

Page 35: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

HMACm

ess

ag

e

H( )

s

mess

ag

e

mess

ag

e

s

H( )

compare

s = shared secret(MAC key)

Authenticate sender Message integrity No encryption! Also called “keyed hash” Notation: MDm = H(s||m) ; send m||MDm

35

Page 36: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Hash Uses

Chapter 5 Hash Function 36

Page 37: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Hash Uses

Authentication (HMAC) Message integrity (HMAC) Message fingerprint Data corruption detection Digital signature efficiency Anything you can do with symmetric

crypto ???

37Chapter 5 Hash Function

Page 38: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Online Auction

Suppose Alice, Bob and Charlie are bidders Alice plans to bid A, Bob B and Charlie C They don’t trust that bids will stay secret Solution?

Alice, Bob, Charlie submit hashes h(A), h(B), h(C) All hashes received and posted online Then bids A, B and C revealed

Hashes don’t reveal bids (one way) Can’t change bid after hash sent (collision)

38Chapter 5 Hash Function

Page 39: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Spam Reduction

Before I accept an email from you, I want proof that you spent “effort” (e.g., CPU cycles) to create the email Limit amount of email that can be sent Make spam much more costly to send

We can do it by hash value computation method Sender: Works depend on requirements Receiver: Simple constant work only

39Chapter 5 Hash Function

Page 40: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Spam Reduction

Let M = email message R = value to be determined T = current time

Sender must find R such that hash(M,R,T) = (00…0,X),

where N initial bits of hash are all zero Sender then sends (M,R,T) Recipient accepts email, provided

hash(M,R,T) begins with N zeros

40Chapter 5 Hash Function

Page 41: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Spam Reduction

Work for Sender to find R such that hash(M,R,T) begins with N zeros 2N hashes (why?) Sender’s work increases exponentially in

N Work for Recipient to verify such that

hash(M,R,T) begins with N zeros 1 hash – just check that hash(M,R,T)

begins with N zeros or not Same work for recipient regardless of N

41Chapter 5 Hash Function

Page 42: Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions.

Spam Reduction

Choose N so that Work acceptable for normal email users Work unacceptably high for spammers!

42Chapter 5 Hash Function


Recommended