Some Notes on OneWay Hash Functions - PowerPoint PPT Presentation

1 / 8
About This Presentation
Title:

Some Notes on OneWay Hash Functions

Description:

Collision Resistance and the Birthday Attack ... The birthday paradox: ... Using the Birthday Attack to your Advantage ... – PowerPoint PPT presentation

Number of Views:76
Avg rating:3.0/5.0
Slides: 9
Provided by: Steve57
Category:

less

Transcript and Presenter's Notes

Title: Some Notes on OneWay Hash Functions


1
Some Notes on One-Way Hash Functions
  • (This material is from Schneiers Applied
    Cryptography)
  • Theyre important
  • signing documents
  • SSL
  • Monitoring integrity of files
  • Not covered in Bishop in any depth
  • What are they?
  • a hash function is a function h H(M)
  • where M is arbitrary length, h is fixed length
  • One-way functions
  • given M, it is easy to compute h
  • given h, it is hard to find an M such that H(M)
    h
  • given M and h, it is hard to find an M such that
    H(M)h
  • (avalanche effect changing even a single bit
    of the input document should cause a change in at
    least half of the output bits)

2
Collision Resistance and the Birthday Attack
  • Collision resistance is slightly different it
    is hard to find two messages M and M that hash
    to the same value
  • The birthday paradox
  • how many people must be in the same room so that
    the probability that one of them shares your
    birthday is at least even?
  • how many people must be in the same room so that
    the probability that two of them share a birthday
    is at least even?
  • and what does this have to do with hash
    functions?
  • A brute-force attack to find a message hashing
    the same as a known message would take 600K
    years, assuming a 64-bit hash value and the
    ability to search a million messages a second.
    To find two messages that hash the same would
    take about an hour

3
Using the Birthday Attack to your Advantage
  • Alice prepares two versions of a contract one
    is favorable to Bob, one bankrupts him.
  • Alice makes various cosmetic changes to each
    contract
  • Eventually she finds a pair that hash to the same
    value she saves the bad one, and has Bob sign
    the good one, using a protocol that involves him
    signing the hash value only
  • Later, Alice substitutes the bad one for the good
    one, and goes after Bob. She has a copy of the
    bad contract signed by Bob

4
General Overview of the Technology
  • The big problem is taking a variable-length
    input, so the trick is to break the input into
    fixed-length blocks, M1, ..., Mn, then compute hi
    f(Mi, h i-1)
  • then H(M) f(Mn, h n-1)
  • (the hash value should also have some encoding of
    the messages total length, otherwise there is
    the danger that messages of different lengths
    could hash to the same value)

5
MD4 / MD5 (Rivest c. 1990)
  • MD stands for message digest MD5 is a small
    enhancement of MD4 (which was cracked very
    quickly)
  • Design goals
  • Security no good way to find two messages that
    hash to the same value
  • Direct Security security not based on any
    assumption like the difficulty of factoring
    primes
  • Speed suitable for high-speed implementations
    on 32-bit architectures (mainly bit manipulation)
  • Favor Little-Endian Architectures fast on LE
    (especially Intel) larger faster computers make
    necessary translations

6
Algorithm Sketch
  • Pre-processing on the message so it is a multiple
    of 512 bits (after appending a representation of
    the message size)
  • Initialize four chaining variables (A, B, C, D)
  • Main loop (once for each message block of 512
    bits)
  • each loop iteration has four rounds, each of
    which operates on a portion of the message block
  • each round reads three of the chaining variables
    plus a portion of the message block, does some
    nonlinear transformation, and writes the result
    into the fourth variable
  • The final output is the concatenation of A, B, C,
    D

7
MD5 Main Loop
Message Block
A
A
Round 1
Round 2
Round 3
Round 4
B
B
C
C
D
D
(Each message block is 512 bits, and output from
each iteration is input to next iteration. Hash
output is 128 bits)
8
SHA (Secure Hash Algorithm)
  • Analogous to DES, SHA is an algorithm designed by
    NIST, and is used to support the Digital
    Signature Standard (DSS)
  • the SHA is to be used whenever a secure hash
    algorithm is required for Federal applications
  • The SHA is based on principles similar to those
    used by Rivest when designing the MD4 ...
    algorithm, and is closely modeled after that
    algorithm
  • Hash size is larger though, 160 bits
  • Basically a souped-up version of MD5
  • Five 32-bit chaining variables instead of four
  • Main loop has four rounds of 20 operations each
    (MD5 has four rounds of 16 operations each)
  • Each step adds in the results of the previous
    step, promoting a faster avalanche effect (true
    of MD5 but not MD4)
  • Not too much separates the two, except for the
    hash size, and SHA is significantly faster (about
    twice as fast)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Some Notes on OneWay Hash Functions" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!