Michael Austin

Review of hash functions

Cryptographic hash functions

Secure Hash Algorithm (SHA)

Message Authentication Codes (MACs)

Hash Function ◦ Input: A variable-length message M (divided into

blocks)

◦ Output: A fixed-length hash value H(M)

◦ Efficiency: H(M) is easy to compute

Uses multiple rounds (one block per round)

Large set of inputs produces even distribution of outputs

One bit change in M leads to different H(M) with high probability

Hash functions necessarily have collisions

A good hash function has a large enough output space and even distribution to minimize collisions

Cryptographic Hash Function ◦ Has all the characteristics of a hash function

◦ Output hash value meets tests for pseudo-randomness

◦ Relies on confusion and diffusion principles to meet even distribution requirement

Optionally, a key is used, such as in a DES-based hash function

Computationally infeasible to find:

◦ A message that maps to a pre-specified hash value

(pre-image resistant or one-way property)

◦ Two blocks that map to the same hash value (2nd pre-image resistant or weak collision resistance)

◦ Two entire messages that map to the same hash value (strong collision resistance)

SHA-512 (A version of SHA-2) Input: Message of size multiple of 1024 Output: Hash value of size 512 bits

Sidenote: NIST will announce the winner of the SHA-3 competition

sometime in 2012

1. Append padding bits to obtain length 896 mod 1024

2. Append 128-bit message length 3. Initialize the 512-bit hash buffer (8 64-bit

registers a, b, c, d, e, f, g, h)

4. Process the message in 1024-bit blocks

SHA-512 (A version of SHA-2) Given a message M,

a=6A09E667F3BCC908

b=BB67AE8584CAA73B

c=3C6EF372FE94F82B

d=A54FF53A5F1D36F1

e=510E527FADE682D1

f=9B05688C2B3E6C1F

g=1F83D9ABFB41BD6B

h=5BE0CD19137E2179

First 64 bits of the fractional parts of the square roots of the first 8 prime numbers

(see next slide)

σ functions consist of bitwise circular rotations and shifts

Kt= First 64 bits of the fractional

parts of the cube roots of the first 80 prime numbers

Ch(e, f, g) = If e then f else g Maj(a, b, c) = True only if majority (2 or 3) arguments are true Σ = summation

A cryptographic checksum used by sender and receiver to authenticate messages

Uses a secret key known only to the sender and receiver

MAC is computed, attached to a message and sent, receiver verifies by computing MAC and comparing to attached MAC

Difference between MACs and cryptographic hash functions

◦ MAC must be resistant to existential forgery under chosen plaintext attacks

Attacker can generate MACs for any chosen message via an oracle possessing the secret key

Must be computationally infeasible for the attacker to find the secret key under these conditions

Difference between MACs and digital signatures

◦ Digital signatures rely on public key cryptography

◦ MACs rely on symmetric key cryptography

◦ Anyone who can verify a MAC can also produce MACs for different messages (shared secret key)

Can use cryptographic hash functions (called HMACs)

Can use block cipher algorithms

Can use universal hashing ◦ Hash value calculated using a randomly-chosen

hashing algorithm from a family of hash algorithms

◦ Lower expected number of collisions

Stallings, William. Cryptography and Network Security: Principles and Practice. 5th ed. Boston: Prentice Hall, 2011. Print.

"Message Authentication Code." Wikipedia. Wikimedia Foundation, 23 Feb. 2012. Web. 25 Feb. 2012.