Hash function and Data Integrity

1
Hash function and Data Integrity

• Data integrity data are intact during the period
  of storage or transmission
• Two possibilities of losing data integrity
• error occurs during transmission or storage
• modified by attacker during storage or
  transmission
• Solutions to them
• error detection/correction, such as CRC (Cyclic
  Redundancy Code) in every IP packet.
• Hash function, Message digest, or Message
  authentication code (MAC).

2
One way function

• a function yf(x)
• Knowing x, easy to compute y, i.e., f(x) is easy
  to compute.
• Knowing y, it is very difficult to compute x,
• i.e., inverse f 1 is very difficult to compute
  
• Example -- DLP (Discrete Logrithmic Problem)
• XZp, p is a prime and ?? Zp is a generator,
  f(x)?x mod p.
• Given x, easy to compute f(x), but given f(x),
  difficult to find x.
• p17, X1,2,,16. ?3, f(x)3x mod 17.
• First one-way function p264-59,
• f(x)x22417a1x2243a2x3a3x2a4xa5 mod p
• where ai are arbitrary 19-digit integers
• Where to use?
• User passwords are stored after passing a one-way
  function

3
Trap-door one way function

• Definition
• One way function
• But if you know the trap-door, i.e., a specific
  secret value, then the inverse of the function
  becomes easy.
• Example
• npq2624653723, p48611,q53993 are primes,
  X1,2,,n-1, f(x)x3 mod n.
• In RSA, eK(x)xb mod n is a one-way trap-door
  function, its inverse dK(y)ya mod n is difficult
  to compute unless you know the trap-door a.
• Where to use
• Public-key systems.

4
Hash functions

• Definition
• A mapping h 0,1 ? 0,1n, random length to
  fixed length.
• Examples
• SHA, SHA-1, MD4, MD5, discussed later.
• Where to use
• Message authentication
• Message m, hash value h(m) (message digest)
• Store m in insecure place, but h(m) in safe place
• Transmission
• Send m along with h(m) (in an insecure channel)
• Send m in insecure manner, h(m) in secure manner
  (e.g., encrypt the h(m)).
• Keyed hashed function, called MAC.
• Signature of long messages.

5
Requirements for hash functions

• One way
• A hash h X?Y,and an element y? Y
• Find x? X, such that h(x)y.
• Matching resistant
• A hash h X?Y,and an element x? X,
• Find x? X, such that x?x and h(x)h(x).
• Collision resistant
• A hash h X?Y
• Find x, x? X, such that x?x and h(x)h(x).

6
Birthday attack (birthday paradox)

• Question
• which is stronger (more difficult to find)
  matching resistant or collision resistant?
• By brute force, suppose Yn
• Matching resistant n/2
• Collision resistant 1.2? n.
• Birth attack
• How many people are enough such that the
  probability that two random people of them have
  the same birthday (month and day) is at least ½.

Answer 23
7
Birthday paradox
(Figure from http//www.people.virginia.edu/rjh9u
/birthday.html)
t people without same birthday,
p1364/365363/365?(365-t1)/365 t people with
at least two people having same birthday, 1-p
8
Typical hash functions

• MD4, MD5
• SHA (Secure Hash Algorithm), SHA-1.

9
SHA-1 hash function (160 bits)

• f functions f0,f1,,f79
• Global constants k0,k1,,k79
• Divide message x into n blocks of length 512.
• Initial values H0,H1, H2, H3, H4, each 32 bits.
• Repeat to compute new H0,H1, H2, H3, H4 for each
  block.
• Return H0H1 H2 H3 H4

10
Message Authentication Code (MAC)

• Since hash function is public, unkeyed hash value
  is not secure
• Combine secret key information into hash
  function, called MAC.
• Two ways
• Incorporate a secret key into unkeyed hash
  function
• Add the key at the beginning of message
  (problem?)
• Add the key to the end.
• Keyed hash function
• E.g., CBC-MAC (DES CBC mode)

11
Where to add key
At the beginning
Key
H(KeyMM')
When H(H(KeyM)M') H(KeyMM')
To the end
Generally, H(M'H(MKey))? H(M'MKey)
12
CBC-MAC (x,K)

• Denote x x1 xn
• IV000
• y0IV
• For i1 to n
• Do yieK(yi-1? xi)
• Return (yn)