CNS - Unit - 5 - Cryptographic Hash Functions
1,027 views
55 slides
Feb 10, 2022
Slide 1 of 55
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
About This Presentation
Cryptographic Hash Functions, their applications, Simple hash functions, its requirements and security, Hash functions based on Cipher Block Chaining, Secure Hash Algorithm (SHA)
Slide Content
Cryptography and Network Security
UNIT - 5
Cryptographic Hash Functions
UNIT - 5
Cryptographic Hash Functions
Outline...
* Cryptographic Hash Functions and their application
+ Simple Hash Functions and its requirements and security
* Hash functions based on Cipher Block Chaining
* Secure Hash Algorithm (SHA)
* Cryptographic Hash Functions and their application
+ Simple Hash Functions and its requirements and security
* Hash functions based on Cipher Block Chaining
* Secure Hash Algorithm (SHA)
Cryptographic Hash Function
* A cryptographic hash function is an algorithm that takes an arbitrary
amount of data input—a credential—and produces a fixed-size
output of enciphered text called a hash value, or just “hash.”
* That enciphered text can then be stored instead of the password
itself, and later used to verify the user.
* A cryptographic hash function is an algorithm that takes an arbitrary
amount of data input—a credential—and produces a fixed-size
output of enciphered text called a hash value, or just “hash.”
* That enciphered text can then be stored instead of the password
itself, and later used to verify the user.
Cryptographic Hash Function - Properties
+ Non-reversibility, or one-way function. A good hash should make it
very hard to reconstruct the original password from the output or
hash.
* Diffusion, or avalanche effect. A change in just one bit of the original
password should result in change to half the bits of its hash. In other
words, when a password is changed slightly, the output of enciphered
text should change significantly and unpredictably.
« Determinism. A given password must always generate the same hash
value or enciphered text.
* Collision resistance. lt should be hard to find two different passwords
that hash to the same enciphered text.
* Non-predictable. The hash value should not be predictable from the
password.
+ Non-reversibility, or one-way function. A good hash should make it
very hard to reconstruct the original password from the output or
hash.
* Diffusion, or avalanche effect. A change in just one bit of the original
password should result in change to half the bits of its hash. In other
words, when a password is changed slightly, the output of enciphered
text should change significantly and unpredictably.
« Determinism. A given password must always generate the same hash
value or enciphered text.
* Collision resistance. lt should be hard to find two different passwords
that hash to the same enciphered text.
* Non-predictable. The hash value should not be predictable from the
password.
Hash Function
+ Hash functions are extremely useful and appear in almost all
information security applications.
* A hash function is a mathematical function that converts a numerical
input value into another compressed numerical value. The input to
the hash function is of arbitrary length but output is always of fixed
length.
* Values returned by a hash function are called message digest or
simply hash values.
Hashing Algorithm
#bleld
(ade
REN [He | > más |
Plain Text Hash Function Hashed Text
+ Hash functions are extremely useful and appear in almost all
information security applications.
* A hash function is a mathematical function that converts a numerical
input value into another compressed numerical value. The input to
the hash function is of arbitrary length but output is always of fixed
length.
* Values returned by a hash function are called message digest or
simply hash values.
Hashing Algorithm
#bleld
(ade
REN [He | > más |
Plain Text Hash Function Hashed Text
Hash Function
Hash Value h
(fixed length)
Hash Value h
(fixed length)
Hash Function
* In hash function H accepts a variable length block of input data called
as ‘M’ and produces the fixed size hash value can be represented as
h =H (M)
* A good hash function provides a property that has function applied
on large amount of data (M) and then it produces the fixed amount of
output data.
* If any bit or bits changes in the data, then whole hash function output
data will also change.
* When hash function provides security application this is called
cryptographic hash functions.
* Cipher block chaining method is mostly used for to implementing
hash function.
* In hash function H accepts a variable length block of input data called
as ‘M’ and produces the fixed size hash value can be represented as
h =H (M)
* A good hash function provides a property that has function applied
on large amount of data (M) and then it produces the fixed amount of
output data.
* If any bit or bits changes in the data, then whole hash function output
data will also change.
* When hash function provides security application this is called
cryptographic hash functions.
* Cipher block chaining method is mostly used for to implementing
hash function.
Hash Function Applications
* It is used in a wide variety of security applications and Internet
protocols.
* Message Authentication
* Message authentication is a mechanism or service used to verify the
integrity of a message.
* Message authentication assures that data received are exactly as sent
(i.e., contain no modification, insertion, deletion, or replay).
+ In many cases, there is a requirement that the authentication
mechanism assures that purported identity of the sender is valid.
* When a hash function is used to provide message authentication, the
hash function value is often referred to as a message digest.
* It is used in a wide variety of security applications and Internet
protocols.
* Message Authentication
* Message authentication is a mechanism or service used to verify the
integrity of a message.
* Message authentication assures that data received are exactly as sent
(i.e., contain no modification, insertion, deletion, or replay).
+ In many cases, there is a requirement that the authentication
mechanism assures that purported identity of the sender is valid.
* When a hash function is used to provide message authentication, the
hash function value is often referred to as a message digest.
Hash Function Applications
*The message plus concatenated hash code is encrypted using
symmetric encryption.
* Because only A and B share the secret key, the message must have
come from A and has not been altered.
* The hash code provides the structure or redundancy required to
achieve authentication.
* Because encryption is applied to the entire message plus hash code,
confidentiality is also provided.
4 Source A — + Destination B——>
“ 105) m a
> Compare
= ECK. IM | HOD, = 7
/
@ Han
*The message plus concatenated hash code is encrypted using
symmetric encryption.
* Because only A and B share the secret key, the message must have
come from A and has not been altered.
* The hash code provides the structure or redundancy required to
achieve authentication.
* Because encryption is applied to the entire message plus hash code,
confidentiality is also provided.
4 Source A — + Destination B——>
“ 105) m a
> Compare
= ECK. IM | HOD, = 7
/
@ Han
Hash Function Applications
* Only the hash code is encrypted, using symmetric encryption.
* This reduces the processing burden for those applications that do not
require confidentiality.
* Only the hash code is encrypted, using symmetric encryption.
* This reduces the processing burden for those applications that do not
require confidentiality.
Hash Function Applications
* It is possible to use a hash function but no encryption for message
authentication.
* The technique assumes that the two communicating parties share a
common secret value S. A computes the hash value over the
concatenation of M and S and appends the resulting hash value to M.
* Because B possesses S, it can recompute the hash value to verify.
Because the secret value itself is not sent, an opponent
cannot modify an intercepted message and cannot generate a false
message.
* It is possible to use a hash function but no encryption for message
authentication.
* The technique assumes that the two communicating parties share a
common secret value S. A computes the hash value over the
concatenation of M and S and appends the resulting hash value to M.
* Because B possesses S, it can recompute the hash value to verify.
Because the secret value itself is not sent, an opponent
cannot modify an intercepted message and cannot generate a false
message.
Hash Function Applications
* Confidentiality can be added to the approach of method (c) by
encrypting the entire message plus the hash code.
Ta)
HM |S)
* When confidentiality is not required, method (b) has an advantage
over methods (a) and (d), which encrypts the entire message, in that
less computation is required.
* Confidentiality can be added to the approach of method (c) by
encrypting the entire message plus the hash code.
Ta)
HM |S)
* When confidentiality is not required, method (b) has an advantage
over methods (a) and (d), which encrypts the entire message, in that
less computation is required.
Hash Function Applications - Digital Signatures
+ Another important application, which is similar to the message
authentication application, is the digital signature.
« In the case of the digital signature, the hash value of a message is
encrypted with a user’s private key.
* Anyone who knows the user's public key can
verify the integrity of the message that is associated with the digital
signature.
+ In this case, an attacker who wishes to alter the message would need
to know the user's private key.
+ Another important application, which is similar to the message
authentication application, is the digital signature.
« In the case of the digital signature, the hash value of a message is
encrypted with a user’s private key.
* Anyone who knows the user's public key can
verify the integrity of the message that is associated with the digital
signature.
+ In this case, an attacker who wishes to alter the message would need
to know the user's private key.
Hash Function Applications - Digital Signatures
* The hash code is encrypted, using public-key encryption with the
sender’s private key this provides authentication.
« It also provides a digital signature, because only the sender could
have produced the encrypted hash code. In fact, this is the essence of
the digital signature technique.
<+——— Source A—___-» <+——— Destination B———-»
* The hash code is encrypted, using public-key encryption with the
sender’s private key this provides authentication.
« It also provides a digital signature, because only the sender could
have produced the encrypted hash code. In fact, this is the essence of
the digital signature technique.
<+——— Source A—___-» <+——— Destination B———-»
Hash Function Applications - Digital Signatures
* If confidentiality as well as a digital signature is desired, then the
message plus the private-key-encrypted hash code can be encrypted
using a symmetric secret key.
Tee ES TE
KK [MPR HO
(>) EAR, MON)
* If confidentiality as well as a digital signature is desired, then the
message plus the private-key-encrypted hash code can be encrypted
using a symmetric secret key.
Tee ES TE
KK [MPR HO
(>) EAR, MON)
Simple Hash Function
* The most popular hashing algorithm is MDS and SHA.
* All hash functions operate using the following general principles. The
input (message, file, etc.) is viewed as a sequence of n-bit blocks.
* The input is processed one block at a time in an iterative fashion to
produce an -bit hash function.
* One of the simplest hash functions is the bit-by-bit exclusive-OR
(XOR) of every block.
Ci= bil O bi2 O .... O bim
* To improve the matter performance, use simple ways i.e. One-bit
circular shift, and also the rotation on hash value after the every block
is processed.
* The most popular hashing algorithm is MDS and SHA.
* All hash functions operate using the following general principles. The
input (message, file, etc.) is viewed as a sequence of n-bit blocks.
* The input is processed one block at a time in an iterative fashion to
produce an -bit hash function.
* One of the simplest hash functions is the bit-by-bit exclusive-OR
(XOR) of every block.
Ci= bil O bi2 O .... O bim
* To improve the matter performance, use simple ways i.e. One-bit
circular shift, and also the rotation on hash value after the every block
is processed.
Simple Hash Function
* The procedure can be summarized as follows.
1. Initially set the n-bit hash value to zero.
2. Process each successive n-bit block of data as follows:
a. Rotate the current hash value to the left by one bit.
b. XOR the block into the hash value.
* The procedure can be summarized as follows.
1. Initially set the n-bit hash value to zero.
2. Process each successive n-bit block of data as follows:
a. Rotate the current hash value to the left by one bit.
b. XOR the block into the hash value.
Simple Hash Function
* Properties
* It is quick to compute hash value for any given message.
* It is infeasible to generate message from its hash value except by
trying all possible messages.
* Asmall change to a message should change the hash value.
*It is infeasible to find two different message with the same hash
value.
* Properties
* It is quick to compute hash value for any given message.
* It is infeasible to generate message from its hash value except by
trying all possible messages.
* Asmall change to a message should change the hash value.
*It is infeasible to find two different message with the same hash
value.
Simple Hash Function
* Characteristics
*The hash function should generate different hash values for the
similar string.
* The hash function is easy to understand and simple to compute.
* The hash function should produce the keys which will get distributed,
uniformly over an array.
* A number of collisions should be less while placing the data in the
hash table.
* The hash function is a perfect hash function when it uses all the input
data.
* For any given value h, it is computationally infeasible to find x such
that H(x) = h. This is sometimes referred as one-way property.
* Characteristics
*The hash function should generate different hash values for the
similar string.
* The hash function is easy to understand and simple to compute.
* The hash function should produce the keys which will get distributed,
uniformly over an array.
* A number of collisions should be less while placing the data in the
hash table.
* The hash function is a perfect hash function when it uses all the input
data.
* For any given value h, it is computationally infeasible to find x such
that H(x) = h. This is sometimes referred as one-way property.
Simple Hash Function
* Although a simple XOR or rotated XOR (RXOR) is insufficient if only
the hash code is encrypted.
* A technique originally proposed by the National Bureau of Standards
used the simple XOR applied to 64-bit blocks of the mess age and
then an encryption of the entire message that used the cipher block
chaining (CBC) mode.
» We can define the scheme as follows: Given a message M consisting
of a sequence of 64-bit blocks X1, X2,....,Xn, define the hash code h =
H(M) as the block — by — block XOR of all blocks and append the hash
code as the final block:
h=Xn+1=X10X20..0 Xn
* Although a simple XOR or rotated XOR (RXOR) is insufficient if only
the hash code is encrypted.
* A technique originally proposed by the National Bureau of Standards
used the simple XOR applied to 64-bit blocks of the mess age and
then an encryption of the entire message that used the cipher block
chaining (CBC) mode.
» We can define the scheme as follows: Given a message M consisting
of a sequence of 64-bit blocks X1, X2,....,Xn, define the hash code h =
H(M) as the block — by — block XOR of all blocks and append the hash
code as the final block:
h=Xn+1=X10X20..0 Xn
Simple Hash Function
* Encrypt the entire message plus hash code using CBC mode to
produce the encrypted message Y1, Y2, ... Yn+1.
X1 = IV O D(K, Y1)
Xi = Yi-1 @ D(K, Yi)
Xn+1 = Yn O D(K, Yn+1)
* But Xn+1 is the hash code:
Xn+1 = X1 @ X2@...® Xn
=1V@ D(K, Y1) ] @[Y1 O D(K, Y2)] O .... O [Yn-1 O D(K, Yn)]
* Encrypt the entire message plus hash code using CBC mode to
produce the encrypted message Y1, Y2, ... Yn+1.
X1 = IV O D(K, Y1)
Xi = Yi-1 @ D(K, Yi)
Xn+1 = Yn O D(K, Yn+1)
* But Xn+1 is the hash code:
Xn+1 = X1 @ X2@...® Xn
=1V@ D(K, Y1) ] @[Y1 O D(K, Y2)] O .... O [Yn-1 O D(K, Yn)]
Requirement and Security
* Before proceeding, we need to define two terms. For a hash value h =
H(x), we say that x is the preimage of h.
* That is, x is a data block whose hash function, using the function H, is
h. Because H is a many-to-one mapping, for any given hash value h,
there will in general be multiple preimages.
+ A collision occurs if we have x + y and H(x) # H(y). Because we are
using hash function for data integrity, collisions are clearly
undesirable.
* Suppose the length of the hash code is n bits, and the function H
takes as input messages or data blocks of length b bits with b > n.
Then, the total number of possible hash values is 2b and total number
of possible hash values is 2" On an average, each hash value
corresponds to 2b/n preimages.
* Before proceeding, we need to define two terms. For a hash value h =
H(x), we say that x is the preimage of h.
* That is, x is a data block whose hash function, using the function H, is
h. Because H is a many-to-one mapping, for any given hash value h,
there will in general be multiple preimages.
+ A collision occurs if we have x + y and H(x) # H(y). Because we are
using hash function for data integrity, collisions are clearly
undesirable.
* Suppose the length of the hash code is n bits, and the function H
takes as input messages or data blocks of length b bits with b > n.
Then, the total number of possible hash values is 2b and total number
of possible hash values is 2" On an average, each hash value
corresponds to 2b/n preimages.
Requirement and Security
Requirement Description
Variable input size H can be applied to a block of data of any size.
Fixed output size H producesa fixed-length output.
Efficiency H() is relatively easy to compute for any given x,
making both hardware and software implementations
practical.
Preimage resistant (one-way property) For any given hash value h, it is computationally
infeasible to find y such that H(y) =h.
Second preimage resistant (weak collision For any given block x, it is computationally
resistant) infeasible to find y # x and H(y) + H(x) with H(y) = H(x)
Collision resistant (strong collision It is computationally infeasible to find any pair (x, y) such that
resistant) H(x) = H(y).
Pseudo randomness Output of H meets standard tests for
pseudo randomness.
Requirement Description
Variable input size H can be applied to a block of data of any size.
Fixed output size H producesa fixed-length output.
Efficiency H() is relatively easy to compute for any given x,
making both hardware and software implementations
practical.
Preimage resistant (one-way property) For any given hash value h, it is computationally
infeasible to find y such that H(y) =h.
Second preimage resistant (weak collision For any given block x, it is computationally
resistant) infeasible to find y # x and H(y) + H(x) with H(y) = H(x)
Collision resistant (strong collision It is computationally infeasible to find any pair (x, y) such that
resistant) H(x) = H(y).
Pseudo randomness Output of H meets standard tests for
pseudo randomness.
Secure Hash Algorithm (SHA)
*The secure hash algorithm (SHA) was developed by National
Institute of Standards and Technology (NIST). It is based on MD4
algorithm. Based on different digest lengths, SHA includes
algorithms such as SHA-1, SHA-256, SHA-384 and SHA-512.
+ Unlike encryption, given a variable length message x, a secure
hash algorithm computes a function H(x) which has a fixed bits.
When a message of any length is less than 2% bits is input, the
SHA-1 produces a 160-bit output called message digest.
+ SHA-1 called secure because it is computationally infeasible to
find a message which corresponds to a given message digest, or
to find two different messages which produce the same message
digest.
*The secure hash algorithm (SHA) was developed by National
Institute of Standards and Technology (NIST). It is based on MD4
algorithm. Based on different digest lengths, SHA includes
algorithms such as SHA-1, SHA-256, SHA-384 and SHA-512.
+ Unlike encryption, given a variable length message x, a secure
hash algorithm computes a function H(x) which has a fixed bits.
When a message of any length is less than 2% bits is input, the
SHA-1 produces a 160-bit output called message digest.
+ SHA-1 called secure because it is computationally infeasible to
find a message which corresponds to a given message digest, or
to find two different messages which produce the same message
digest.
Secure Hash Algorithm (SHA)
* The SHA-1 is used to compute a message digest for a message or
data file that is provided as input.
* The message or data file should be considered to be a bit string.
* The length of the message is the number of bits in the message
(the empty message has length 0).
* The purpose of message padding is to make the total length of a
padded message a multiple of 512.
*The SHA-1 sequentially processes blocks of 512 bits when
computing the message digest.
* The message is padded and then processed by the SHA-1 as n
512-bit block.
* The SHA-1 is used to compute a message digest for a message or
data file that is provided as input.
* The message or data file should be considered to be a bit string.
* The length of the message is the number of bits in the message
(the empty message has length 0).
* The purpose of message padding is to make the total length of a
padded message a multiple of 512.
*The SHA-1 sequentially processes blocks of 512 bits when
computing the message digest.
* The message is padded and then processed by the SHA-1 as n
512-bit block.
Secure Hash Algorithm (SHA)
+ SHA — 1 was cracked in the year 2005. New hash function SHA-
512 is introduced to overcome problem SHA-1.
* Comparison of SHA Parameters
|" parameters | SHA) SHAZ24| SHA256 SHA-384_ SHA-12
Message Digest Size 160 224 256 384 512
Message Size | a < 20 <2128 < 2128
Block Size 512 512 512 1024 1024
Word Size 32 32 32 64 64
Number of Steps 80 64 64 80 80
+ SHA — 1 was cracked in the year 2005. New hash function SHA-
512 is introduced to overcome problem SHA-1.
* Comparison of SHA Parameters
|" parameters | SHA) SHAZ24| SHA256 SHA-384_ SHA-12
Message Digest Size 160 224 256 384 512
Message Size | a < 20 <2128 < 2128
Block Size 512 512 512 1024 1024
Word Size 32 32 32 64 64
Number of Steps 80 64 64 80 80
Secure Hash Algorithm 1 (SHA-1)
+ The Secure Hash Algorithm 1 (SHA-1) is a cryptographic computer
security algorithm. It was created by the US National Security
Agency in 1995, after the SHA-O algorithm in 1993, and it is part of
the Digital Signature Algorithm or the Digital Signature Standard
(DSS).
* SHA-1 produces a 160-bit hash value or message digests from the
inputted data (data that requires encryption), which resembles the
hash value of the MDS algorithm.
* It uses 80 rounds of cryptographic operations to encrypt and secure
a data object.
*SHA-1 is commonly used in cryptographic applications and
environments where the need for data integrity is high.
+ The Secure Hash Algorithm 1 (SHA-1) is a cryptographic computer
security algorithm. It was created by the US National Security
Agency in 1995, after the SHA-O algorithm in 1993, and it is part of
the Digital Signature Algorithm or the Digital Signature Standard
(DSS).
* SHA-1 produces a 160-bit hash value or message digests from the
inputted data (data that requires encryption), which resembles the
hash value of the MDS algorithm.
* It uses 80 rounds of cryptographic operations to encrypt and secure
a data object.
*SHA-1 is commonly used in cryptographic applications and
environments where the need for data integrity is high.
Secure Hash Algorithm 1 (SHA-1)
+ SHA-1 works by feeding a message as a bit string of length less than
2% bits, and producing a 160-bit hash value known as a message
digest. Note that the message below is represented in hexadecimal
notation for compactness.
+ SHA-1 works by feeding a message as a bit string of length less than
2% bits, and producing a 160-bit hash value known as a message
digest. Note that the message below is represented in hexadecimal
notation for compactness.
Secure Hash Algorithm 1 - Pseudocode
* Suppose the message ‘abc’ were to be encoded using SHA-1, with the
message ‘abc’ in binary being
01100001 01100010 01100011
* and that in hex being
616263
1. The first step is to initialize five random strings of hex characters
that will serve as part of the hash function (shown in hex):
HO =67DE2A01
H1 =BBO3E28C
H2 =011EF1DC
H3 =9293E9E2
H4=CDEF23A9
* Suppose the message ‘abc’ were to be encoded using SHA-1, with the
message ‘abc’ in binary being
01100001 01100010 01100011
* and that in hex being
616263
1. The first step is to initialize five random strings of hex characters
that will serve as part of the hash function (shown in hex):
HO =67DE2A01
H1 =BBO3E28C
H2 =011EF1DC
H3 =9293E9E2
H4=CDEF23A9
Secure Hash Algorithm 1 - Pseudocode
2. The message is then padded by appending a 1, followed by enough
3,
Os until the message is 448 bits. The length of the message
represented by 64 bits is then added to the end, producing a
message that is 512 bits long:
448 Length of string
. x aa
01100001 01100010 01100011 1 00.00 00... 01100
A O Nay scat
de “pr e 423 64
bits bits
The padded input obtained above, M, is then divided into 512-bit
chunks, and each chunk is further divided into sixteen 32-bit words,
WO...W15. In the case of ‘abc’, there's only one chunk, as the
message is less than 512-bits total.
2. The message is then padded by appending a 1, followed by enough
3,
Os until the message is 448 bits. The length of the message
represented by 64 bits is then added to the end, producing a
message that is 512 bits long:
448 Length of string
. x aa
01100001 01100010 01100011 1 00.00 00... 01100
A O Nay scat
de “pr e 423 64
bits bits
The padded input obtained above, M, is then divided into 512-bit
chunks, and each chunk is further divided into sixteen 32-bit words,
WO...W15. In the case of ‘abc’, there's only one chunk, as the
message is less than 512-bits total.
Secure Hash Algorithm 1 - Pseudocode
4. For each chunk, begin the 80 iterations, i, necessary for hashing (80 is the
determined number for SHA-1), and execute the following steps on each
chunk, Mn:
* For iterations 16 through 79, where 16< | <79, perform the following
operation:
W(i)=S(W(i-3)9W(i-8) 9D W(i-14) 0 W(i-16)),
+ For example, when iii is 16, the words chosen are W(13), W(8), W(2), W(0)
and the output is a new word, W(16).
* Where S is the Circular Right or Left Shift Operation
\\
PPPPEEEE Gehrehhne
Right Rotate Lot Rotate
4. For each chunk, begin the 80 iterations, i, necessary for hashing (80 is the
determined number for SHA-1), and execute the following steps on each
chunk, Mn:
* For iterations 16 through 79, where 16< | <79, perform the following
operation:
W(i)=S(W(i-3)9W(i-8) 9D W(i-14) 0 W(i-16)),
+ For example, when iii is 16, the words chosen are W(13), W(8), W(2), W(0)
and the output is a new word, W(16).
* Where S is the Circular Right or Left Shift Operation
\\
PPPPEEEE Gehrehhne
Right Rotate Lot Rotate
Secure Hash Algorithm 1 - Pseudocode
5. Now, store the hash values defined in step 1 in the following variables:
A=HO
B=H1
C=H2
D=H3
E=H4
6. For 80 iterations, where 0 <i < 79, compute
TEMP=S5 x (A) + f(i; B, C, D) + E+ W(i) + K(i)
5. Now, store the hash values defined in step 1 in the following variables:
A=HO
B=H1
C=H2
D=H3
E=H4
6. For 80 iterations, where 0 <i < 79, compute
TEMP=S5 x (A) + f(i; B, C, D) + E+ W(i) + K(i)
Secure Hash Algorithm 1 - Pseudocode
A [ 8 | et D E
| I] Process
a ADD
1
$ ADD
y
ADD k—| wit) ]
ano ——[ ko ]
y 11
A B E D E
A [ 8 | et D E
| I] Process
a ADD
1
$ ADD
y
ADD k—| wit) ]
ano ——[ ko ]
y 11
A B E D E
Secure Hash Algorithm 1 - Pseudocode
* See below for details on the logical function, f, and on the values of K(i).
Reassign the following variables:
E=D
D=C
C= 530 (B)
B=A
A=TEMP
* See below for details on the logical function, f, and on the values of K(i).
Reassign the following variables:
E=D
D=C
C= 530 (B)
B=A
A=TEMP
Secure Hash Algorithm 1 - Pseudocode
7. Store the result of the chunk’s hash to the overall hash value of all
chunks, as shown below, and proceed to execute the next chunk:
HO=HO+A
H1=H1+B
H2=H2+C
H3=H3+D
H4=H4+E
7. Store the result of the chunk’s hash to the overall hash value of all
chunks, as shown below, and proceed to execute the next chunk:
HO=HO+A
H1=H1+B
H2=H2+C
H3=H3+D
H4=H4+E
Secure Hash Algorithm 1 - Pseudocode
8. As a final step, when all the chunks have been processed, the message
digest is represented as the 160-bit string comprised of the OR logical
operator, V, of the 5 hashed values:
H = $228 (HO) V S96 (H1) V 5% (H2) V S22 (H3) V H4
* So, the string ‘abc’ becomes represented by a hash value akin to
a9993e364706816aba3e25717850c26c9cd0d89d.
« If the string changed to ‘abcd’, for instance, the hashed value would
be drastically different so attackers cannot tell that it is similar to the
original message.
+ The hash value for 'abcd' is
81fe8bfe87576c3ech22426f8e5 784738291 7acf.
8. As a final step, when all the chunks have been processed, the message
digest is represented as the 160-bit string comprised of the OR logical
operator, V, of the 5 hashed values:
H = $228 (HO) V S96 (H1) V 5% (H2) V S22 (H3) V H4
* So, the string ‘abc’ becomes represented by a hash value akin to
a9993e364706816aba3e25717850c26c9cd0d89d.
« If the string changed to ‘abcd’, for instance, the hashed value would
be drastically different so attackers cannot tell that it is similar to the
original message.
+ The hash value for 'abcd' is
81fe8bfe87576c3ech22426f8e5 784738291 7acf.
Secure Hash Algorithm - 512
* The algorithm takes as input a message with a maximum length of
less than 21% bits and and produces as output a 512-bit message
digest.
* The input is processed in 1024-bit blocks.
* The algorithm takes as input a message with a maximum length of
less than 21% bits and and produces as output a 512-bit message
digest.
* The input is processed in 1024-bit blocks.
Secure Hash Algorithm - 512
Nx 1024 bits
Nx 1024 bits
Secure Hash Algorithm - 512 - Steps
1. Append padding bits: The message is padded so that its length is
congruent to 896 modulo 1024. Padding is always added, even if
the message is already of the desired length. Thus, the number of
padding bits is in the range of 1 to 1024. The padding consists of
a single 1 bit followed by the necessary number of O bits.
msg + pad + size.
Nx 1024 bits
a L bits (L< 2-2) pe Pbits (P> 1) «128 bits
Message 1000000000......00 L 1
ge)
(padding) (size of Mess:
1. Append padding bits: The message is padded so that its length is
congruent to 896 modulo 1024. Padding is always added, even if
the message is already of the desired length. Thus, the number of
padding bits is in the range of 1 to 1024. The padding consists of
a single 1 bit followed by the necessary number of O bits.
msg + pad + size.
Nx 1024 bits
a L bits (L< 2-2) pe Pbits (P> 1) «128 bits
Message 1000000000......00 L 1
ge)
(padding) (size of Mess:
Secure Hash Algorithm — 512 - Steps
2. Append length: A block of 128 bits is appended to the message.
This block is treated as an unsigned 128-bit integer (most
significant byte first) and contains the length of the original
message (before the padding).
* The outcome of the first two steps yields a message that is an integer
multiple of 1024 bits in length. the expanded message is represented
as the sequence of 1024-bit blocks M1, M2, ...., Mn so that the total
length of the expanded message is N * 1024 bits.
2. Append length: A block of 128 bits is appended to the message.
This block is treated as an unsigned 128-bit integer (most
significant byte first) and contains the length of the original
message (before the padding).
* The outcome of the first two steps yields a message that is an integer
multiple of 1024 bits in length. the expanded message is represented
as the sequence of 1024-bit blocks M1, M2, ...., Mn so that the total
length of the expanded message is N * 1024 bits.
Secure Hash Algorithm — 512 - Steps
3. Initialize hash buffer: A 512-bit buffer is used to hold intermediate
and final results of the hash function. The buffer can be
represented as eight 64-bit registers (a, b, c, d, e, f, g, h)
a = 6A09E667F3BCC908 e = 510E527FADE682D1
b = BB67AE8584CAA73B f = 9B05688C2B3E6C1F
c= 3C6EF372FE94F82B g = 1F83D9ABFB41BD6B
d=A54FF53A5F1D36F1 h =5BE0CD19137E2179
3. Initialize hash buffer: A 512-bit buffer is used to hold intermediate
and final results of the hash function. The buffer can be
represented as eight 64-bit registers (a, b, c, d, e, f, g, h)
a = 6A09E667F3BCC908 e = 510E527FADE682D1
b = BB67AE8584CAA73B f = 9B05688C2B3E6C1F
c= 3C6EF372FE94F82B g = 1F83D9ABFB41BD6B
d=A54FF53A5F1D36F1 h =5BE0CD19137E2179
Secure Hash Algorithm — 512 - Steps
4. Process message in 1024-bit (128-word) blocks: The heart of the
algorithm is a module that consists of 80 rounds; this module is
labeled F in figure.
* Each round takes as input the 512-bit buffer value, abcdefgh, and
updates the contents of the buffer.
* Each round t makes use of a 64-bits value Wt. The output of the
last round is added to the input to the first round (Hi-1) to produce
Hi.
* Each round also makes use of an additive constant Kt, where O<t<
79 indicates one of the 80 rounds.
* These words represent the first 64 bits of the fractional parts of the
cube roots of the first 80 prime numbers.
4. Process message in 1024-bit (128-word) blocks: The heart of the
algorithm is a module that consists of 80 rounds; this module is
labeled F in figure.
* Each round takes as input the 512-bit buffer value, abcdefgh, and
updates the contents of the buffer.
* Each round t makes use of a 64-bits value Wt. The output of the
last round is added to the input to the first round (Hi-1) to produce
Hi.
* Each round also makes use of an additive constant Kt, where O<t<
79 indicates one of the 80 rounds.
* These words represent the first 64 bits of the fractional parts of the
cube roots of the first 80 prime numbers.
Secure Hash Algorithm - 512 - Steps
Wer
=
+
=) a
schedule ) „| ol cl al el A al $
Me Round O. La
MELILLA
e CE D
Um
Wer
=
+
=) a
schedule ) „| ol cl al el A al $
Me Round O. La
MELILLA
e CE D
Um
Secure Hash Algorithm — 512 - Steps
5. Output: After all N 1024-bit blocks have been processed, the output
from the th stage is the 512-bit message digest.
* The behavior of SHA-512 is follows
HO = IV
Hi = SUM,, (H;_, abcdefghj)
MD = Hy
+ Where, IV = initial value of the abcdefgh buffer, defined in step 3
* abcdefgh; = the output of the last round of processing of the i th
message block.
* N =the number of blocks in the message (including padding and length
fields)
5. Output: After all N 1024-bit blocks have been processed, the output
from the th stage is the 512-bit message digest.
* The behavior of SHA-512 is follows
HO = IV
Hi = SUM,, (H;_, abcdefghj)
MD = Hy
+ Where, IV = initial value of the abcdefgh buffer, defined in step 3
* abcdefgh; = the output of the last round of processing of the i th
message block.
* N =the number of blocks in the message (including padding and length
fields)
Secure Hash Algorithm - 512 - Steps
* SUM, = addition modulo 2% performed separately on each word of the
pair of inputs
* MD = final message digest value
* SUM, = addition modulo 2% performed separately on each word of the
pair of inputs
* MD = final message digest value
SHA-— 512 — Round Function
* Let us look in more detail at the logic in each of the 80 steps of the
processing of one 512-bit block. Each round is defined by the following
set of equations:
Ti = h + Ch(e, f,g) + (
(3 Fu
Pe) + Wı+ K;
a) + Maj(a, b, a
oud ot
ya FO AF Hoy
+
a
see Rata > 0
Il
Il
ı+2
* Let us look in more detail at the logic in each of the 80 steps of the
processing of one 512-bit block. Each round is defined by the following
set of equations:
Ti = h + Ch(e, f,g) + (
(3 Fu
Pe) + Wı+ K;
a) + Maj(a, b, a
oud ot
ya FO AF Hoy
+
a
see Rata > 0
Il
Il
ı+2
SHA-— 512 — Round Function
* where
+ t=step number; 0 <t < 79
* Ch(e, f, g) = (e AND f) O (NOT e AND g)
* Maj(a, b, c) = (a AND b) € (a AND c) O (b AND c)
+ (2512 a) = ROTR8(a) O ROTR*4(a) © ROTR?(a)
+ (13% e) = ROTR!*(e) € ROTR!8(e) @ ROTR(e)
+ ROTR"(X)* circular right shift (rotation) of the 64-bit argument x by n bits
+ Wt = a 64-bit word derived from the current 512-bit input block
* Kt =a 64-bit additive constant
* + = addition modulo 254
* where
+ t=step number; 0 <t < 79
* Ch(e, f, g) = (e AND f) O (NOT e AND g)
* Maj(a, b, c) = (a AND b) € (a AND c) O (b AND c)
+ (2512 a) = ROTR8(a) O ROTR*4(a) © ROTR?(a)
+ (13% e) = ROTR!*(e) € ROTR!8(e) @ ROTR(e)
+ ROTR"(X)* circular right shift (rotation) of the 64-bit argument x by n bits
+ Wt = a 64-bit word derived from the current 512-bit input block
* Kt =a 64-bit additive constant
* + = addition modulo 254
SHA-— 512 — Round Function
Message Digest
+ A message digest algorithm is also called a hash function or a
cryptographic hash function.
* It accepts a message as input and generates a fixed-length output,
which is generally less than the length of the input message. The
output is called a hash value, a fingerprint or a message digest.
* Message Digest 5 (MD5) process the input text in 512-bit blocks.
These blocks are further divided into 16 32-bit sub blocks.
* MDS is a 128-bit hash.
*The MDS algorithm is intended for digital signature application,
where a large file must be “compressed” in a secure manner before
being encrypted with a private key under a public-key cryptosystem
such RAS.
+ A message digest algorithm is also called a hash function or a
cryptographic hash function.
* It accepts a message as input and generates a fixed-length output,
which is generally less than the length of the input message. The
output is called a hash value, a fingerprint or a message digest.
* Message Digest 5 (MD5) process the input text in 512-bit blocks.
These blocks are further divided into 16 32-bit sub blocks.
* MDS is a 128-bit hash.
*The MDS algorithm is intended for digital signature application,
where a large file must be “compressed” in a secure manner before
being encrypted with a private key under a public-key cryptosystem
such RAS.
Message Digest - Steps
Step — 1: Append Padding Bits
*The message is “padded” so that its length is congruent to 448,
modulo 512. Padding is always performed, even if the length of the
message is already congruent to 448, modulo 512.
* Padding is performed as follows : a single “1” bit is appended to the
message, and then “0” bits are appended so that the length in bits of
the padded message becomes congruent to 448, modulo 512. In all,
at least one bit at most 512 bits are appended.
Step — 1: Append Padding Bits
*The message is “padded” so that its length is congruent to 448,
modulo 512. Padding is always performed, even if the length of the
message is already congruent to 448, modulo 512.
* Padding is performed as follows : a single “1” bit is appended to the
message, and then “0” bits are appended so that the length in bits of
the padded message becomes congruent to 448, modulo 512. In all,
at least one bit at most 512 bits are appended.
Message Digest - Steps
Step — 2 : Append Length
+ A 64-bit representation of b is appended to the result of the previous
step. In the unlikely event that b is greater than 2% , and then only
the low-order 64 bits of b are used.
* At this point the resulting message (after padding with bits and with
b) has a length that is an exact multiple of 512 bits. Equivalently, this
message has a length that is an exact multiple of 16 (32-bit) words.
+ Let M[O ... N-1] denote the words of the resulting message, where N is
a multiple of 16.
Step — 2 : Append Length
+ A 64-bit representation of b is appended to the result of the previous
step. In the unlikely event that b is greater than 2% , and then only
the low-order 64 bits of b are used.
* At this point the resulting message (after padding with bits and with
b) has a length that is an exact multiple of 512 bits. Equivalently, this
message has a length that is an exact multiple of 16 (32-bit) words.
+ Let M[O ... N-1] denote the words of the resulting message, where N is
a multiple of 16.
Message Digest - Steps
Step — 3 : Initialize MD Buffer
+ A four-word buffer (A, B, C, and D)is used to computer the message
digest. Here each of A, B, C, and D is a 32-bit register. These are
initialized to the following values in hexadecimal.
WORD A: 01 23 45 67
WORD B : 89 ab cd ef
WORD C: fe dc ba 98
WORD D : 76 54 32 10
Step — 3 : Initialize MD Buffer
+ A four-word buffer (A, B, C, and D)is used to computer the message
digest. Here each of A, B, C, and D is a 32-bit register. These are
initialized to the following values in hexadecimal.
WORD A: 01 23 45 67
WORD B : 89 ab cd ef
WORD C: fe dc ba 98
WORD D : 76 54 32 10
Message Digest - Steps
Step — 4 : Process Message in 16-Word Blocks
+ We first define four auxiliary function that each take as input three
32-bit words and produce as output one 32-bit word.
F(XY2) : XY V not(X) Z
G(X,Y,Z) : XZ V Y not(Z)
H(XY,Z) : X xor Y xor Z
I(XY,Z) : Y xor (X V not(Z))
* In each bit position F act a conditional: if X then Y else Z. The function
F could have been defined using + instead of V since XY and not(X)Z
will never have 1’s in the same bit position.
Step — 4 : Process Message in 16-Word Blocks
+ We first define four auxiliary function that each take as input three
32-bit words and produce as output one 32-bit word.
F(XY2) : XY V not(X) Z
G(X,Y,Z) : XZ V Y not(Z)
H(XY,Z) : X xor Y xor Z
I(XY,Z) : Y xor (X V not(Z))
* In each bit position F act a conditional: if X then Y else Z. The function
F could have been defined using + instead of V since XY and not(X)Z
will never have 1’s in the same bit position.
Message Digest - Steps
* It is interesting to note that if the bits of X, Y, and Z are independent
and unbiased, the each bit of F(X, Y, Z) will be independent and
unbiased.
* The function G, H and | are similar to the function F, in that they act in
“bitwise parallel” to produce their output from the bits of X, Y, and Z
are independent and unbiased.
Step — 5 : Output
* The message digest produced as output is A, B, C and D. That is, we
begin with the low-order bytes of A, and end with the high-order byte
of D.
* It is interesting to note that if the bits of X, Y, and Z are independent
and unbiased, the each bit of F(X, Y, Z) will be independent and
unbiased.
* The function G, H and | are similar to the function F, in that they act in
“bitwise parallel” to produce their output from the bits of X, Y, and Z
are independent and unbiased.
Step — 5 : Output
* The message digest produced as output is A, B, C and D. That is, we
begin with the low-order bytes of A, and end with the high-order byte
of D.
Difference between MD5 and SHA
PS SHA
MD length is 128-bits Length is 160-bits
Speed is faster than SHA Slower than MD5
Number of iteration is 64 Number of iteration is 80
Buffer space is 128-bits Buffer space is 160-bits
MDS is vulnerable to cryptanalytic SHA-1 appears not to be vulnerable to
attacks cryptanalytic attack
Simple to implement and do not Simple to implement and do not need
need any large programs or any large programs or complex table.
complex table
No limit on maximum message size. Maximum message size is 2°*— 1 bits.
PS SHA
MD length is 128-bits Length is 160-bits
Speed is faster than SHA Slower than MD5
Number of iteration is 64 Number of iteration is 80
Buffer space is 128-bits Buffer space is 160-bits
MDS is vulnerable to cryptanalytic SHA-1 appears not to be vulnerable to
attacks cryptanalytic attack
Simple to implement and do not Simple to implement and do not need
need any large programs or any large programs or complex table.
complex table
No limit on maximum message size. Maximum message size is 2°*— 1 bits.
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1,027
- Slides 55
- Age 1392 days
Related Slideshows
1
MGV Residential Design projects for different clients, including a New Mexico Adobe project-1-.pdf
mannyvesa
27 views
16
EUNITED_Advocacy and Public Engagement through Visual Media
GeorgeDiamandis11
32 views
31
DESIGN THINKINGGG PPT 2 TOPIC IDEATION.pptx
HibaZaidi2
25 views
36
DESIGN THINKING CHAPTER 1 PPTT PPT 1.pptx
HibaZaidi2
29 views
112
Hinduism and Its History - PowerPoint Slides.pptx
ConorMcCormack10
25 views
20
Service Attributes of Manufactured Parts.pptx
MustafaEnesKrmac
25 views