ECE 646 Lecture 11
Hash functions: Part 2 MACs & Authenticated Ciphers Required Reading
W. Stallings, "Cryptography and Network-Security,”
Chapter 11 Cryptographic Hash Functions
Chapter 12 Message Authentication Codes
Recommended Reading
SHA-3 Project https://csrc.nist.gov/projects/hash-functions/sha-3-project Hash functions Applications (1) 1. Digital Signatures
Advantages 1. Shorter signature 2. Much faster computations 3. Larger resistance to manipulation (one block instead of several blocks of signature) 4. Resistance to the multiplicative attacks
5. Avoids problems with different sizes of the sender and the receiver moduli Hash functions Applications (2)
2. Fingerprint of a program or a document (e.g., to detect a modification by a virus or an intruder)
program
hash safe place ? fingerprint = original_fingerprint Hash functions Applications (3) 3. Storing passwords
Instead of: password ID, password
hash System stores:
ID, hash(password) hash(password) UNIX password scheme “00000000” password DES salt
ID, salt, password DES salt hash(password, salt) . . . . salt modifies the password DES salt expansion function E of DES hash(password, salt) Hash functions Applications (4) 4. Fast encryption
PRNG
ki
mi ci
k0 = hash(KAB || IV ) k0 = hash(KAB || IV) k1 = hash(KAB || k0) or k1 = hash(KAB || c0) ......
kn = hash(KAB || kn-1) kn = hash(KAB || cn-1) General scheme for constructing a secure hash function Message m
Padding, appending bit length, M
M1 M2 . . . Mt
h(m) H0 H1 H2 Ht IV f f . . . g
compression output function transformation Merkle-Damgard Construction Parameters of the Merkle-Damgard Scheme
Compression Mi function r In SHA-1 n=160 n n r=512 Hi-1 f Hi In SHA-256 n=256 Entire hash r=512
H0 = IV In SHA-512 H = f(H , M ) n=512 i i-1 i r=1024 h(m) = g(Ht) Hash padding – SHA-1 & SHA-256 64-bits
message 100000000000 length
length of the entire message in bits
All zero padding: Correct padding: X X X 0 0 0 0 0 X X X 0 0 1 0 0 X X X 0 0 0 0 0 X X X 1 0 0 0 0 Hash padding – SHA-3 Candidates
BLAKE256D 1000 . . . 0001 len64 Grøstl D 1000 . . . 0000 #blocks JH42D 1000 . . . 0001 len128 Keccak D 1000 . . . 0001 Skein D 0000 . . . 0000 SHA−2 (256) D 1000 . . . 0000 len64 Minimum D Data M Padding P Padding C Counter SHA-512 N 1024 bits 128 bits L bits
Message 1000000 . . . 0 L
1024 bits 1024 bits 1024 bits M1 M2 MN
F F F
+ + +
IV = H0 H1 H2 HN hash code 512 bits 512 bits 512 bits
+ = word-by-word addition mod 264
Figure 11.9 Message Digest Generation Using SHA-512