SlideShare a Scribd company logo

secure hash function for authentication in CNS

Download as PPT, PDF
N
NithyasriA2

Cryptographic hash functions are used for message authentication, digital signatures, and other applications. They must be resistant to preimage, second preimage, and collision attacks. Popular hash functions include SHA-1, SHA-2 (SHA-256, SHA-384, SHA-512), and the new standard SHA-3. SHA-3 uses a sponge construction that partitions inputs into blocks processed sequentially by an iteration function f to produce an output block. This provides resistance against cryptanalysis attacks on previous hash functions.

Engineering
1 of 42
Download to read offline
1
2
3
4
5
6
7
8
9
Most read
10
11
12
13
Most read
14
15
16
17
18
19
20
21
22
23
24
Most read
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Cryptography and Network Security Sixth Edition by William Stallings
Chapter 11 Cryptographic Hash Functions
“Each of the messages, like each one he had ever read of Stern's commands, began with a number and ended with a number or row of numbers. No efforts on the part of Mungo or any of his experts had been able to break Stern's code, nor was there any clue as to what the preliminary number and those ultimate numbers signified.” —Talking to Strange Men, Ruth Rendell
“The Douglas Squirrel has a distinctive eating habit. It usually eats pine cones from the bottom end up. Partially eaten cones can indicate the presence of these squirrels if they have been attacked from the bottom first. If, instead, the cone has been eaten from the top end down, it is more likely to have been a crossbill finch that has been doing the dining.” —Talking to Strange Men, Ruth Rendell
Hash Functions • A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value • h = H(M) • Principal object is data integrity • Cryptographic hash function • An algorithm for which it is computationally infeasible to find either: (a) a data object that maps to a pre-specified hash result (the one-way property) (b) two data objects that map to the same hash result (the collision-free property)
secure hash function for authentication in CNS
secure hash function for authentication in CNS
secure hash function for authentication in CNS
Message Authentication Code (MAC) • Also known as a keyed hash function • Typically used between two parties that share a secret key to authenticate information exchanged between those parties Takes as input a secret key and a data block and produces a hash value (MAC) which is associated with the protected message •If the integrity of the message needs to be checked, the MAC function can be applied to the message and the result compared with the associated MAC value •An attacker who alters the message will be unable to alter the associated MAC value without knowledge of the secret key
Digital Signature • Operation is similar to that of the MAC • The hash value of a message is encrypted with a user’s private key • Anyone who knows the user’s public key can verify the integrity of the message • An attacker who wishes to alter the message would need to know the user’s private key • Implications of digital signatures go beyond just message authentication
secure hash function for authentication in CNS
Other Hash Function Uses Commonly used to create a one-way password file When a user enters a password, the hash of that password is compared to the stored hash value for verification This approach to password protection is used by most operating systems Can be used for intrusion and virus detection Store H(F) for each file on a system and secure the hash values One can later determine if a file has been modified by recomputing H(F) An intruder would need to change F without changing H(F) Can be used to construct a pseudorandom function (PRF) or a pseudorandom number generator (PRNG) A common application for a hash-based PRF is for the generation of symmetric keys
Two Simple Hash Functions • Consider two simple insecure hash functions that operate using the following general principles: • The input is viewed as a sequence of n-bit blocks • The input is processed one block at a time in an iterative fashion to produce an n-bit hash function • Bit-by-bit exclusive-OR (XOR) of every block • Ci = bi1 xor bi2 xor . . . xor bim • Produces a simple parity for each bit position and is known as a longitudinal redundancy check • Reasonably effective for random data as a data integrity check • Perform a one-bit circular shift on the hash value after each block is processed • Has the effect of randomizing the input more completely and overcoming any regularities that appear in the input
Two Simple Hash Functions
Requirements and Security • x is the preimage of h for a hash value h = H(x) • Is a data block whose hash function, using the function H, is h • Because H is a many-to- one mapping, for any given hash value h, there will in general be multiple preimages • Occurs if we have x ≠ y and H(x) = H(y) • Because we are using hash functions for data integrity, collisions are clearly undesirable
Table 11.1 Requirements for a Cryptographic Hash Function H (Table can be found on page 323 in textbook.)
secure hash function for authentication in CNS
* Resistance required if attacker is able to mount a chosen message attack Table 11.2 Hash Function Resistance Properties Required for Various Data Integrity Applications
Attacks on Hash Functions • Does not depend on the specific algorithm, only depends on bit length • In the case of a hash function, attack depends only on the bit length of the hash value • Method is to pick values at random and try each one until a collision occurs • An attack based on weaknesses in a particular cryptographic algorithm • Seek to exploit some property of the algorithm to perform some attack other than an exhaustive search
Birthday Attacks • For a collision resistant attack, an adversary wishes to find two messages or data blocks that yield the same hash function • The effort required is explained by a mathematical result referred to as the birthday paradox • How the birthday attack works: • The source (A) is prepared to sign a legitimate message x by appending the appropriate m-bit hash code and encrypting that hash code with A’s private key • Opponent generates 2m/2 variations x’ of x, all with essentially the same meaning, and stores the messages and their hash values • Opponent generates a fraudulent message y for which A’s signature is desired • Two sets of messages are compared to find a pair with the same hash • The opponent offers the valid variation to A for signature which can then be attached to the fraudulent variation for transmission to the intended recipient • Because the two variations have the same hash code, they will produce the same signature and the opponent is assured of success even though the encryption key is not known
(Letter is located on page 326 in textbook) A Letter in 237 Variation
secure hash function for authentication in CNS
Hash Functions Based on Cipher Block Chaining • Can use block ciphers as hash functions • Using H0 initial value • Compute: Hi = E(Mi Hi-1) • Use final block Hn as the hash value • Similar to CBC but without a key • Resulting hash is too small (64-bit) • Both due to direct birthday attack • And “meet-in-the-middle” attack • Other variants also susceptible to attack
Secure Hash Algorithm (SHA) • SHA was originally designed by the National Institute of Standards and Technology (NIST) and published as a federal information processing standard (FIPS 180) in 1993 • Was revised in 1995 as SHA-1 • Based on the hash function MD4 and its design closely models MD4 • Produces 160-bit hash values • In 2002 NIST produced a revised version of the standard that defined three new versions of SHA with hash value lengths of 256, 384, and 512 • Collectively known as SHA-2
Note: All sizes are measured in bits. Table 11.3 Comparison of SHA Parameters
secure hash function for authentication in CNS
secure hash function for authentication in CNS
Table 11.4 SHA-512 Constants (Table can be found on page 333 in textbook)
secure hash function for authentication in CNS
secure hash function for authentication in CNS
(Figure can be found on page 337 in textbook) SHA-512 Logic
SHA-3 SHA-1 has not yet been "broken” • No one has demonstrated a technique for producing collisions in a practical amount of time • Considered to be insecure and has been phased out for SHA-2 SHA-2 shares the same structure and mathematical operations as its predecessors so this is a cause for concern • Because it will take years to find a suitable replacement for SHA-2 should it become vulnerable, NIST decided to begin the process of developing a new hash standard NIST announced in 2007 a competition for the SHA-3 next generation NIST hash function • Winning design was announced by NIST in October 2012 • SHA-3 is a cryptographic hash function that is intended to complement SHA-2 as the approved standard for a wide range of applications
The Sponge Construction • Underlying structure of SHA-3 is a scheme referred to by its designers as a sponge construction • Takes an input message and partitions it into fixed-size blocks • Each block is processed in turn with the output of each iteration fed into the next iteration, finally producing an output block • The sponge function is defined by three parameters: • f = the internal function used to process each input block • r = the size in bits of the input blocks, called the bitrate • pad = the padding algorithm
secure hash function for authentication in CNS
secure hash function for authentication in CNS
Table 11.5 SHA-3 Parameters
secure hash function for authentication in CNS
SHA-3 Iteration Function f
Table 11.6 Step Functions in SHA-3
secure hash function for authentication in CNS
secure hash function for authentication in CNS
Summary • Applications of cryptographic hash functions • Message authentication • Digital signatures • Other applications • Requirements and security • Security requirements for cryptographic hash functions • Brute-force attacks • Cryptanalysis • Hash functions based on cipher block chaining • Secure hash algorithm (SHA) • SHA-512 logic • SHA-512 round function • SHA-3 • The sponge construction • The SHA-3 Iteration Function f

More Related Content

PPTX
Smtp, pop3, imapv 4
Shwetanshu Gupta
 
PDF
Cyber Security - Unit - 4 - Introduction to Cyber Crime and law Cyber Crimes
Gyanmanjari Institute Of Technology
 
PPT
Message authentication and hash function
omarShiekh1
 
PDF
Lecture 9 electronic_mail_representation_and_transfer
Serious_SamSoul
 
PDF
Self assessment true-false Quiz: Chapter 2 - Computer Networking a top-down A...
Andy Juan Sarango Veliz
 
PDF
Electronic mail
Jyothishmathi Institute of Technology and Science Karimnagar
 
PDF
CNS - Unit - 4 - Public Key Cryptosystem
Gyanmanjari Institute Of Technology
 
PDF
CNS - Unit - 1 - Introduction
Gyanmanjari Institute Of Technology
 
Smtp, pop3, imapv 4
Shwetanshu Gupta
 
Cyber Security - Unit - 4 - Introduction to Cyber Crime and law Cyber Crimes
Gyanmanjari Institute Of Technology
 
Message authentication and hash function
omarShiekh1
 
Lecture 9 electronic_mail_representation_and_transfer
Serious_SamSoul
 
Self assessment true-false Quiz: Chapter 2 - Computer Networking a top-down A...
Andy Juan Sarango Veliz
 
Electronic mail
Jyothishmathi Institute of Technology and Science Karimnagar
 
CNS - Unit - 4 - Public Key Cryptosystem
Gyanmanjari Institute Of Technology
 
CNS - Unit - 1 - Introduction
Gyanmanjari Institute Of Technology
 

What's hot (20)

DOCX
SMTP - SIMPLE MAIL TRANSFER PROTOCOL
Vidhu Arora
 
PPTX
Application layer
Mukesh Chinta
 
PPTX
OSI Model Assignment Help
smithjonny9876
 
PPT
Internetworking devices
Online
 
PDF
NIIT Certificate
Abhishek Gupta
 
PPT
Cryptography and Network Security
Ramki M
 
PDF
Email - Electronic Mail
Peter R. Egli
 
PDF
CNS - Unit - 5 - Cryptographic Hash Functions
Gyanmanjari Institute Of Technology
 
PPT
Application layer protocols
JUW Jinnah University for Women
 
PPTX
Application layer protocol - Electronic Mail
AmishaSahu3
 
PPT
Chapter 23
Faisal Mehmood
 
PPT
Smtp protocol
alibefkani
 
PPTX
Module 19 tracking emails and investigating email crimes
sagaroceanic11
 
PPTX
chapter 7A peter norton Operating system basic
M Malik
 
PPT
Ch6 1 v1
bhagavanprasad
 
PPTX
TELNET and SSH by MUSTAFA SAKHAI
MUSTAFA SAKHAI
 
PDF
CNS - Unit - 2 - Stream Ciphers and Block Ciphers
Gyanmanjari Institute Of Technology
 
PPT
Digital signature
AJAL A J
 
PDF
CNS - Unit - 8 - Key Management and Distribution
Gyanmanjari Institute Of Technology
 
PPTX
Cryptography and network security
patisa
 
SMTP - SIMPLE MAIL TRANSFER PROTOCOL
Vidhu Arora
 
Application layer
Mukesh Chinta
 
OSI Model Assignment Help
smithjonny9876
 
Internetworking devices
Online
 
NIIT Certificate
Abhishek Gupta
 
Cryptography and Network Security
Ramki M
 
Email - Electronic Mail
Peter R. Egli
 
CNS - Unit - 5 - Cryptographic Hash Functions
Gyanmanjari Institute Of Technology
 
Application layer protocols
JUW Jinnah University for Women
 
Application layer protocol - Electronic Mail
AmishaSahu3
 
Chapter 23
Faisal Mehmood
 
Smtp protocol
alibefkani
 
Module 19 tracking emails and investigating email crimes
sagaroceanic11
 
chapter 7A peter norton Operating system basic
M Malik
 
Ch6 1 v1
bhagavanprasad
 
TELNET and SSH by MUSTAFA SAKHAI
MUSTAFA SAKHAI
 
CNS - Unit - 2 - Stream Ciphers and Block Ciphers
Gyanmanjari Institute Of Technology
 
Digital signature
AJAL A J
 
CNS - Unit - 8 - Key Management and Distribution
Gyanmanjari Institute Of Technology
 
Cryptography and network security
patisa
 
Ad

Similar to secure hash function for authentication in CNS (20)

PDF
Public Key Encryption & Hash functions
Dr.Florence Dayana
 
DOCX
Cryptography and Network Security Principles and Practice.docx
richardnorman90310
 
PPTX
Information and data security cryptographic hash functions
Mazin Alwaaly
 
PPTX
All details of cryptography and all the topics of cryptography was explained
khitishKumarSahoo1
 
PPTX
Digital Signature Message Digest Network Security
sxccomputerscience
 
PPTX
Cryptography.pptx basics and detailed toptics also
2k5preethi
 
PPTX
Information and network security 38 birthday attacks and security of hash fun...
Vaibhav Khanna
 
PDF
Cs8792 cns - unit iv
ArthyR3
 
PDF
Cs8792 cns - unit iv
ArthyR3
 
PPT
Hash Function & Analysis
Pawandeep Kaur
 
PPTX
Hash Functions from Information Security
AdeelAsghar36
 
PDF
HASH FUNCTIONS.pdf
KalsoomTahir2
 
PDF
Hash Functions - Uses, Requirements, Secure Hash Algorithm
GoldenMIT
 
ODP
CISSP Week 20
jemtallon
 
PPTX
cryptography module-5 cyber securityantipatterns ,
shaziasulthana2
 
PPT
NSC_Unit-III_final.ppt
DrVASAVIBANDE
 
PDF
Hash Functions in Software Security.p df
HaiderAli84963
 
PDF
Cns
ArthyR3
 
PPTX
Message Digest message digest ppttsx.pptx
LaxmipujaBiradar
 
PPT
Hash crypto
David Hoen
 
Public Key Encryption & Hash functions
Dr.Florence Dayana
 
Cryptography and Network Security Principles and Practice.docx
richardnorman90310
 
Information and data security cryptographic hash functions
Mazin Alwaaly
 
All details of cryptography and all the topics of cryptography was explained
khitishKumarSahoo1
 
Digital Signature Message Digest Network Security
sxccomputerscience
 
Cryptography.pptx basics and detailed toptics also
2k5preethi
 
Information and network security 38 birthday attacks and security of hash fun...
Vaibhav Khanna
 
Cs8792 cns - unit iv
ArthyR3
 
Cs8792 cns - unit iv
ArthyR3
 
Hash Function & Analysis
Pawandeep Kaur
 
Hash Functions from Information Security
AdeelAsghar36
 
HASH FUNCTIONS.pdf
KalsoomTahir2
 
Hash Functions - Uses, Requirements, Secure Hash Algorithm
GoldenMIT
 
CISSP Week 20
jemtallon
 
cryptography module-5 cyber securityantipatterns ,
shaziasulthana2
 
NSC_Unit-III_final.ppt
DrVASAVIBANDE
 
Hash Functions in Software Security.p df
HaiderAli84963
 
Cns
ArthyR3
 
Message Digest message digest ppttsx.pptx
LaxmipujaBiradar
 
Hash crypto
David Hoen
 
Ad

More from NithyasriA2 (8)

PPTX
Network Security - Intrusion Detection System.pptx
NithyasriA2
 
PPTX
Secure Hash Authentication in Network Security.pptx
NithyasriA2
 
PPTX
Module III CNS Kerberos and its example.pptx
NithyasriA2
 
PPTX
IETF - Internet of Things chapter and its expl.pptx
NithyasriA2
 
PPT
bgp1 cryptogrphy and network security.ppt
NithyasriA2
 
PPTX
Data Encryption standard in cryptography
NithyasriA2
 
PPTX
unit 4.pptx of hash function in cryptography
NithyasriA2
 
PPTX
Intro.pptx
NithyasriA2
 
Network Security - Intrusion Detection System.pptx
NithyasriA2
 
Secure Hash Authentication in Network Security.pptx
NithyasriA2
 
Module III CNS Kerberos and its example.pptx
NithyasriA2
 
IETF - Internet of Things chapter and its expl.pptx
NithyasriA2
 
bgp1 cryptogrphy and network security.ppt
NithyasriA2
 
Data Encryption standard in cryptography
NithyasriA2
 
unit 4.pptx of hash function in cryptography
NithyasriA2
 
Intro.pptx
NithyasriA2
 

Recently uploaded (20)

PPTX
Welding lecture in detail for understanding
sahilpoonia10
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PPTX
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PDF
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PPTX
additive manufacturing of ss316l using mig welding
premcdr7799
 
PPTX
Sustainable Sites - Green Building Construction
mhdumerali
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PPTX
Construction Project Organization Group 2.pptx
vj5agdales
 
PDF
composite construction of structures.pdf
AinieButt1
 
PDF
Well-logging-methods_new................
ZafriFarid
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PPTX
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
PDF
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
PPTX
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
PDF
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
PPTX
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
PPTX
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
Welding lecture in detail for understanding
sahilpoonia10
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
additive manufacturing of ss316l using mig welding
premcdr7799
 
Sustainable Sites - Green Building Construction
mhdumerali
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
Construction Project Organization Group 2.pptx
vj5agdales
 
composite construction of structures.pdf
AinieButt1
 
Well-logging-methods_new................
ZafriFarid
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
UNIT 4 Total Quality Management .pptx
gokuld13012005
 

secure hash function for authentication in CNS

  • 3. “Each of the messages, like each one he had ever read of Stern's commands, began with a number and ended with a number or row of numbers. No efforts on the part of Mungo or any of his experts had been able to break Stern's code, nor was there any clue as to what the preliminary number and those ultimate numbers signified.” —Talking to Strange Men, Ruth Rendell
  • 4. “The Douglas Squirrel has a distinctive eating habit. It usually eats pine cones from the bottom end up. Partially eaten cones can indicate the presence of these squirrels if they have been attacked from the bottom first. If, instead, the cone has been eaten from the top end down, it is more likely to have been a crossbill finch that has been doing the dining.” —Talking to Strange Men, Ruth Rendell
  • 5. Hash Functions • A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value • h = H(M) • Principal object is data integrity • Cryptographic hash function • An algorithm for which it is computationally infeasible to find either: (a) a data object that maps to a pre-specified hash result (the one-way property) (b) two data objects that map to the same hash result (the collision-free property)
  • 9. Message Authentication Code (MAC) • Also known as a keyed hash function • Typically used between two parties that share a secret key to authenticate information exchanged between those parties Takes as input a secret key and a data block and produces a hash value (MAC) which is associated with the protected message •If the integrity of the message needs to be checked, the MAC function can be applied to the message and the result compared with the associated MAC value •An attacker who alters the message will be unable to alter the associated MAC value without knowledge of the secret key
  • 10. Digital Signature • Operation is similar to that of the MAC • The hash value of a message is encrypted with a user’s private key • Anyone who knows the user’s public key can verify the integrity of the message • An attacker who wishes to alter the message would need to know the user’s private key • Implications of digital signatures go beyond just message authentication
  • 12. Other Hash Function Uses Commonly used to create a one-way password file When a user enters a password, the hash of that password is compared to the stored hash value for verification This approach to password protection is used by most operating systems Can be used for intrusion and virus detection Store H(F) for each file on a system and secure the hash values One can later determine if a file has been modified by recomputing H(F) An intruder would need to change F without changing H(F) Can be used to construct a pseudorandom function (PRF) or a pseudorandom number generator (PRNG) A common application for a hash-based PRF is for the generation of symmetric keys
  • 13. Two Simple Hash Functions • Consider two simple insecure hash functions that operate using the following general principles: • The input is viewed as a sequence of n-bit blocks • The input is processed one block at a time in an iterative fashion to produce an n-bit hash function • Bit-by-bit exclusive-OR (XOR) of every block • Ci = bi1 xor bi2 xor . . . xor bim • Produces a simple parity for each bit position and is known as a longitudinal redundancy check • Reasonably effective for random data as a data integrity check • Perform a one-bit circular shift on the hash value after each block is processed • Has the effect of randomizing the input more completely and overcoming any regularities that appear in the input
  • 15. Requirements and Security • x is the preimage of h for a hash value h = H(x) • Is a data block whose hash function, using the function H, is h • Because H is a many-to- one mapping, for any given hash value h, there will in general be multiple preimages • Occurs if we have x ≠ y and H(x) = H(y) • Because we are using hash functions for data integrity, collisions are clearly undesirable
  • 16. Table 11.1 Requirements for a Cryptographic Hash Function H (Table can be found on page 323 in textbook.)
  • 18. * Resistance required if attacker is able to mount a chosen message attack Table 11.2 Hash Function Resistance Properties Required for Various Data Integrity Applications
  • 19. Attacks on Hash Functions • Does not depend on the specific algorithm, only depends on bit length • In the case of a hash function, attack depends only on the bit length of the hash value • Method is to pick values at random and try each one until a collision occurs • An attack based on weaknesses in a particular cryptographic algorithm • Seek to exploit some property of the algorithm to perform some attack other than an exhaustive search
  • 20. Birthday Attacks • For a collision resistant attack, an adversary wishes to find two messages or data blocks that yield the same hash function • The effort required is explained by a mathematical result referred to as the birthday paradox • How the birthday attack works: • The source (A) is prepared to sign a legitimate message x by appending the appropriate m-bit hash code and encrypting that hash code with A’s private key • Opponent generates 2m/2 variations x’ of x, all with essentially the same meaning, and stores the messages and their hash values • Opponent generates a fraudulent message y for which A’s signature is desired • Two sets of messages are compared to find a pair with the same hash • The opponent offers the valid variation to A for signature which can then be attached to the fraudulent variation for transmission to the intended recipient • Because the two variations have the same hash code, they will produce the same signature and the opponent is assured of success even though the encryption key is not known
  • 21. (Letter is located on page 326 in textbook) A Letter in 237 Variation
  • 23. Hash Functions Based on Cipher Block Chaining • Can use block ciphers as hash functions • Using H0 initial value • Compute: Hi = E(Mi Hi-1) • Use final block Hn as the hash value • Similar to CBC but without a key • Resulting hash is too small (64-bit) • Both due to direct birthday attack • And “meet-in-the-middle” attack • Other variants also susceptible to attack
  • 24. Secure Hash Algorithm (SHA) • SHA was originally designed by the National Institute of Standards and Technology (NIST) and published as a federal information processing standard (FIPS 180) in 1993 • Was revised in 1995 as SHA-1 • Based on the hash function MD4 and its design closely models MD4 • Produces 160-bit hash values • In 2002 NIST produced a revised version of the standard that defined three new versions of SHA with hash value lengths of 256, 384, and 512 • Collectively known as SHA-2
  • 25. Note: All sizes are measured in bits. Table 11.3 Comparison of SHA Parameters
  • 28. Table 11.4 SHA-512 Constants (Table can be found on page 333 in textbook)
  • 31. (Figure can be found on page 337 in textbook) SHA-512 Logic
  • 32. SHA-3 SHA-1 has not yet been "broken” • No one has demonstrated a technique for producing collisions in a practical amount of time • Considered to be insecure and has been phased out for SHA-2 SHA-2 shares the same structure and mathematical operations as its predecessors so this is a cause for concern • Because it will take years to find a suitable replacement for SHA-2 should it become vulnerable, NIST decided to begin the process of developing a new hash standard NIST announced in 2007 a competition for the SHA-3 next generation NIST hash function • Winning design was announced by NIST in October 2012 • SHA-3 is a cryptographic hash function that is intended to complement SHA-2 as the approved standard for a wide range of applications
  • 33. The Sponge Construction • Underlying structure of SHA-3 is a scheme referred to by its designers as a sponge construction • Takes an input message and partitions it into fixed-size blocks • Each block is processed in turn with the output of each iteration fed into the next iteration, finally producing an output block • The sponge function is defined by three parameters: • f = the internal function used to process each input block • r = the size in bits of the input blocks, called the bitrate • pad = the padding algorithm
  • 42. Summary • Applications of cryptographic hash functions • Message authentication • Digital signatures • Other applications • Requirements and security • Security requirements for cryptographic hash functions • Brute-force attacks • Cryptanalysis • Hash functions based on cipher block chaining • Secure hash algorithm (SHA) • SHA-512 logic • SHA-512 round function • SHA-3 • The sponge construction • The SHA-3 Iteration Function f