MD5 - Hash Functions & RIPEMD160

MD5
1
Hash functions MD5 and RIPEMD 160
Instructor: TS Trương Tuấn Anh.
HV: Chu Xuân Tình - 1870583

2
• Introduction
• MD5 Algorithm Structure
• RIPEMD 160
• Summary
Hash functions MD5 and RIPEMD

3
Introduction:
Ø MD5 algorithm was developed by Professor Ronald L.
Rivest in 1991
ü MD5 message-digest algorithm takes as input a
message of arbitrary length and produces as output a
128-bit "fingerprint" or "message digest" of the input
Ø Application:
ü Integrity checking: User compare the checksum of the
downloaded file
ü Used to store a one-way hash of a password.
Hash functions MD5

MD5 Message Digest Algorithm
6
L ¥ 512bits = N ¥ 32bits
Message
Message length
(K mod 2 64)
• • • • • •
512bits 512bits 512bits 512bits
Y0 Y1 Yq YL–1
128
512
HMD5IV
CV1 CVq CVL–1
128
512
128
512
128
512
128-bit
digest
Figure 12.1 Message Digest Generation Using MD5
100...0
Padding
(1 to 512bits)
K bits
HMD5 HMD5 HMD5

7
qStep 1: append padding bits
Ø The message is padded so that its length in bits
is congruent to 448 mod 512 (length ≡ 448 mod
512)
Ø Padding is always added (1 to 512 bits)
Ø The padding pattern is 100...0

8
q Step 2: append length
Ø A 64-bit length in bits of the original message is
appended
Ø If the original length is greater than 2^64, the length is
modulo 2^64 ( 2 pow 64)
- The expanded message is L×512 bits: Y0, Y1, ..., YL-1
- A total of L×16 32-bit words: M[0...N-1], N = L×16 (32*
16=512)

9
q Step 3: initialize MD buffer
Ø A 128-bit buffer is used to hold intermediate and final results of
the hash function
Ø The buffer is represented as 4 32-bit registers (A, B, C, D)
initialized to the following integers (hexadecimal values):
A = 67452301
B = EFCDAB89
C = 98BADCFE
D = 10325476
Ø The values are stored in little-ending order, i.e., the least
significant byte of a word in the low-address byte position:
word A = 01 23 45 67
word B = 89 AB CD EF
word C = FE DC BA 98
word D = 76 54 32 10

10
q Step 4: process message in 512-bit (16-word) blocks
Ø A compression function MD5 consists of 4 “rounds” of
processing
ü In put 512-bit block Yq and 128-bit buffer value CVq represented
by ABCD
üOutput 128-bit chaining variable CVq+1
Ø For each round operation
ü Input –Yq and ABCD
ü Output – updated ABCD
ü Each round makes use of 1/4 of a 64-element table T[1...64] –
T[i] is the integer part of 2^32 × abs[sin(i)], where i is in radian
ü Provides a “randomized” set of 32-bit patterns and thus
eliminate the regularities in the input data
Ø The output of the last round is added to the input of the first
round (CVq) to produce CVq+1

11

12
q Step 5: output
Ø The output from the L-th stage is the 128-bit message digest
Ø Summary of the MD5:
# var int digest (MD):= h0 append h1 append h2 append h3
# Convert the buffers to little-endian.

13
q MD5 Compression Function
Ø Each round consists of 16 steps operating on the buffer ABCD
with each step of the form:
a ← b + ((a + g(b, c, d) + X[k] + T[I]) <<< s)
Where:
a,b,c,d = the four words of the buffer
g = one of the primitive functions F, G, H, I
<<<s = circular left shift (rotation) of the X[k] 32-bit
argument by s bits
X[k] = M[q×16 + k] = the k-th 32-bit word in
(Word 32-bit thứ k của khối dữ liệu 512 bits.k=1..15 )
T[i] = the q-th 512-bit block of the message (Table T)
+ = addition modulo 2^32 (pow)

14
MD5 Compression Function

17
Ø Primitive functions F,G,H,I:
ü Input – 3 32-bit words
ü Output – a 32-bit word
ü Each function performs a set of bitwise logical operations

18
Ø Permutations on the 32-bit words X[0..15] vary from round to
round:
Ø Note that for each step, only one of the four bytes of the ABCD
buffer is updated
Ø Four different circular left shift amounts are used each round and
different from round to round:
round 1: 7, 12, 17, 22
round 2: 5, 9, 14, 20
round 3: 4, 11, 16, 23
round 4: 6, 10, 15, 21
=> Difficult to generate collisions (two blocks produce the same
output)

RIPEMD-160
qDevelopment
ü RIPEMD-160 was developed under the European RACE
Integrity Primitives Evaluation (RIPE) project
ü Originally developed a 128-bit version of RIPEM
ü H. Dobbertin found attacks on two rounds of RIPEMD and
later on MD4 and MD5
ü Upgraded RIPEMD: RIPEMD-160
qRIPEMD-160 Logic
ü Input – a message of arbitrary length, processed in 512-
bit block
ü Output – 160-bit message digest
19

RIPEMD-160
vRIPEMD-160 Logic
q Step 1: append padding bits
Ø The message is padded so that its length is congruent to
448 mod 512 (length ≡ 448 mod 512)
Ø Padding is always added (1 to 512 bits)
Ø The padding pattern is 100...0
q Step 2: append length
Ø A 64-bit length in bits of the original message is appended
Ø If the original length is greater than 2^64, the length is
modulo 2^64
Ø A 160-bit buffer is used to hold intermediate and final
results of the hash function
20

RIPEMD-160 (cont..)
vRIPEMD-160 Logic
ü The buffer is represented as 5 32-bit registers (A, B, C, D, E)
initialized to the following integers (hexadecimal values):
A = 67452301
B = EFCDAB89
C = 98BADCFE
D = 10325476
E = C3D2E1F0
ü The values are stored in little-ending order, i.e., the least
significant byte of a word in the low-address byte position:
word A = 01 23 45 67
word B = 89 AB CD EF
word C = FE DC BA 98
word D = 76 54 32 10
word E = F0 E1 D2 C3 21

RIPEMD-160 (cont..)
q Step 4: process message in 512-bit (16-word) blocks
Ø A module with 10 rounds of processing of 16 steps each
Ø The 10 rounds are arranged in 2 parallel lines of 5 rounds
each
ü Input – 512-bit block Yq, 160-bit buffer value CVq (ABCDE or
A’B’C’D’E’)
ü Output – 160-bit chaining variable CVq+1 (updated ABCDE)
ü Makes use of additive constant Kj
22

RIPEMD-160 (cont..)
§ Step 4: process message in 512-bit (16-word) blocks
23

RIPEMD-160 (cont..)
q Step 4: cont…
Ø The output of the last round is added to the input of the first
round (CVq) to produce CVq+1 in the following fashion:
ü CVq+1(0) = CVq(1) + C + D’
ü CVq+1(1) = CVq(2) + D + E’
ü CVq+1(2) = CVq(3) + E + A’
ü CVq+1(3) = CVq(4) + A + B’
ü CVq+1(4) = CVq(0) + B + C’
q Step 5: output
Ø The output from the L-th stage is the 160-bit message digest
24

RIPEMD-160 (cont..)
qStep 5: RIPEMD-160 Compression Function
Ø Each round consists of 16 steps operating with each round:
• A := CVq(0); B := CVq(1); C := CVq(2); D := CVq(3); E := CVq(4);
A’ := CVq(0); B’ := CVq(1); C’ := CVq(2); D’ := CVq(3); E’ := CVq(4);
• For j := 0 to 79 do
{
T := rols(j)(A + (j,B,C,D) + X[R[j]] + K(j)) + E;
A := E; E := D; D : = rol10(C); C := B; B := T;
T := rols’(j)(A’ + f(79-j, B’, C’, D’) + X[R’[j]] + K’(j)) + E’;
A’ := E’; E’ := D’; D’ := rol10(C’); C’ := B’; B’ := T’;
}
• CVq+1(0) := CVq(1) + C+ D’; CVq+1(1) = CVq(2) + D + E’;
CVq+1(2) = CVq(3)+E+A’; CVq+1(3) = CVq(4)+A+B’; CVq+1(4) = CVq(0)+B+C’;
25

RIPEMD-160 (cont..)
26

RIPEMD-160 (cont..)
Ø Where
ü A,B,C,D,E = the five words of the buffer for the left line
ü A’,B’,C’,D’,E’ = the five words of the buffer for the right line
ü j = step number, 0 ≤ j ≤ 79
ü f(j,B,C,D) = primitive logical function for step j of left line
and step 79-j of right line
ü rols(j) = circular left shift (rotation) of the 32-bit argument
by s(j) bits
ü Xr(j) = a 32-bit word derived from the 512-bit input block
determined by r(j)
ü K(j) = an additive constant used in step j
ü + = addition modulo 2^32
27

RIPEMD-160 (cont..)
Ø Primitive functions f(j,B,C,D):
ü Input – 3 32-bit words
ü Output – a 32-bit word
ü Each function performs a set of bitwise logical operations
28

RIPEMD-160
q RIPEMD-160 Compression Function
Ø Circular left shift s(j):
Ø Derivation of the 32-bit word Xr(j) from the 512-bit input block
ü The first 16 values of Xr(j) holds the value of the current 512-bit
block
ü The remaining values are permuted using ρ(i) and π(i):
29

RIPEMD-160
qComparison with MD5 and SHA-1
30

Referents
• [1] Kenneth H.Rosen, Cryptography Theory
and Practice Third Edition.
• [2] Wiki & Internet.
31

MD5 - Hash Functions & RIPEMD160

More Related Content

What's hot (20)

Similar to MD5 - Hash Functions & RIPEMD160 (20)

Recently uploaded (20)

MD5 - Hash Functions & RIPEMD160