Some Notes on OneWay Hash Functions - PowerPoint PPT Presentation

1 / 8
About This Presentation
Title:

Some Notes on OneWay Hash Functions

Description:

Collision Resistance and the Birthday Attack ... The birthday paradox: ... Using the Birthday Attack to your Advantage ... – PowerPoint PPT presentation

Number of Views:76
Avg rating:3.0/5.0
Slides: 9
Provided by: Steve57
Category:

less

Transcript and Presenter's Notes

Title: Some Notes on OneWay Hash Functions


1
Some Notes on One-Way Hash Functions
  • (This material is from Schneiers Applied
    Cryptography)
  • Theyre important
  • signing documents
  • SSL
  • Monitoring integrity of files
  • Not covered in Bishop in any depth
  • What are they?
  • a hash function is a function h H(M)
  • where M is arbitrary length, h is fixed length
  • One-way functions
  • given M, it is easy to compute h
  • given h, it is hard to find an M such that H(M)
    h
  • given M and h, it is hard to find an M such that
    H(M)h
  • (avalanche effect changing even a single bit
    of the input document should cause a change in at
    least half of the output bits)

2
Collision Resistance and the Birthday Attack
  • Collision resistance is slightly different it
    is hard to find two messages M and M that hash
    to the same value
  • The birthday paradox
  • how many people must be in the same room so that
    the probability that one of them shares your
    birthday is at least even?
  • how many people must be in the same room so that
    the probability that two of them share a birthday
    is at least even?
  • and what does this have to do with hash
    functions?
  • A brute-force attack to find a message hashing
    the same as a known message would take 600K
    years, assuming a 64-bit hash value and the
    ability to search a million messages a second.
    To find two messages that hash the same would
    take about an hour

3
Using the Birthday Attack to your Advantage
  • Alice prepares two versions of a contract one
    is favorable to Bob, one bankrupts him.
  • Alice makes various cosmetic changes to each
    contract
  • Eventually she finds a pair that hash to the same
    value she saves the bad one, and has Bob sign
    the good one, using a protocol that involves him
    signing the hash value only
  • Later, Alice substitutes the bad one for the good
    one, and goes after Bob. She has a copy of the
    bad contract signed by Bob

4
General Overview of the Technology
  • The big problem is taking a variable-length
    input, so the trick is to break the input into
    fixed-length blocks, M1, ..., Mn, then compute hi
    f(Mi, h i-1)
  • then H(M) f(Mn, h n-1)
  • (the hash value should also have some encoding of
    the messages total length, otherwise there is
    the danger that messages of different lengths
    could hash to the same value)

5
MD4 / MD5 (Rivest c. 1990)
  • MD stands for message digest MD5 is a small
    enhancement of MD4 (which was cracked very
    quickly)
  • Design goals
  • Security no good way to find two messages that
    hash to the same value
  • Direct Security security not based on any
    assumption like the difficulty of factoring
    primes
  • Speed suitable for high-speed implementations
    on 32-bit architectures (mainly bit manipulation)
  • Favor Little-Endian Architectures fast on LE
    (especially Intel) larger faster computers make
    necessary translations

6
Algorithm Sketch
  • Pre-processing on the message so it is a multiple
    of 512 bits (after appending a representation of
    the message size)
  • Initialize four chaining variables (A, B, C, D)
  • Main loop (once for each message block of 512
    bits)
  • each loop iteration has four rounds, each of
    which operates on a portion of the message block
  • each round reads three of the chaining variables
    plus a portion of the message block, does some
    nonlinear transformation, and writes the result
    into the fourth variable
  • The final output is the concatenation of A, B, C,
    D

7
MD5 Main Loop
Message Block
A
A
Round 1
Round 2
Round 3
Round 4
B
B
C
C
D
D
(Each message block is 512 bits, and output from
each iteration is input to next iteration. Hash
output is 128 bits)
8
SHA (Secure Hash Algorithm)
  • Analogous to DES, SHA is an algorithm designed by
    NIST, and is used to support the Digital
    Signature Standard (DSS)
  • the SHA is to be used whenever a secure hash
    algorithm is required for Federal applications
  • The SHA is based on principles similar to those
    used by Rivest when designing the MD4 ...
    algorithm, and is closely modeled after that
    algorithm
  • Hash size is larger though, 160 bits
  • Basically a souped-up version of MD5
  • Five 32-bit chaining variables instead of four
  • Main loop has four rounds of 20 operations each
    (MD5 has four rounds of 16 operations each)
  • Each step adds in the results of the previous
    step, promoting a faster avalanche effect (true
    of MD5 but not MD4)
  • Not too much separates the two, except for the
    hash size, and SHA is significantly faster (about
    twice as fast)
Write a Comment
User Comments (0)
About PowerShow.com