Hash Functions

Total Page:16

File Type:pdf, Size:1020Kb

Hash Functions Overview Hash Functions Lesson contents Definition and properties of cryptographic hash functions Gerardo Pelosi Design principles of hash functions Department of Electronics, Information and Bioengineering (DEIB) Design principles of compression functions Politecnico di Milano Common Hash functions gerardo.pelosi - at - polimi.it Message Authentication Codes G. Pelosi, A. Barenghi (DEIB) Hash Functions 1 / 37 G. Pelosi, A. Barenghi (DEIB) Hash Functions 2 / 37 Hash Functions Hash Functions Outline Sample integrity-check scenario Hash functions h(·) are the publicly known algorithms to provide data Given message m, compute d = h(m) and store it in a safe place integrity To check for integrity, recompute h(m) and check against d Idea: compute a fingerprint of a ptx through a non-injective map the hash computation must be efficient, deterministic and practically If it matches, then m is still the same as before, otherwise unforgeable either m or d was tampered with or an error occurred (resp. was injected) over the communication The output size is constant (e.g., 160 bits) channel Common names for the output are: message digest, hash or Note: the computation of h(m) does not include any key! cryptographic checksum G. Pelosi, A. Barenghi (DEIB) Hash Functions 3 / 37 G. Pelosi, A. Barenghi (DEIB) Hash Functions 4 / 37 Hash Functions Security of Hash Functions Unkeyed Hash Functions Formal Definition Consider h : M ! D, an unkeyed hash function: the following A keyed hash function is a 4-uple (M; D; K; H), where: problems should be (computationally) impossible to solve: 1 M is a set of input messages (could be unbounded) 1 Preimage Problem: given d2D, find m2M s.t. h(m)=d 2 D is a finite set of digests, with jMj ≥ jDj One-way property of h: you cannot reconstruct a valid m from d 3 K is a finite set of keys (the keyspace) 2 Second Preimage Problem: given m12M, d=h(m1), 4 H is a finite set of hash functions find m22M s.t. m16=m2, h(m2)=h(m1)=d Weak Collision Resistance property of h: you cannot find a message For each key k2K, there is a hash function hk :M!D in H hashing to the same digest of an already known message A pair (m; d) is called a valid pair under key k, if hk (m) = d 3 Collision Problem: find m1; m22M s.t. m16=m2, h(m1)=h(m2) An unkeyed hash function is a hash family with a known fixed key k (Strong) Collision Resistance property of h: you cannot find two arbitrary messages with the same digest G. Pelosi, A. Barenghi (DEIB) Hash Functions 5 / 37 G. Pelosi, A. Barenghi (DEIB) Hash Functions 6 / 37 Security of Hash Functions Weak Collision Resistance is important because: A perfect hash: the Random Oracle If we could exhibit another message (or a small set of messages) with What does a \perfect hash function" (i.e., one-way, weak collision the same digest of a given input, the usefulness of the hash function resistant, and strong collision resistant) look like? could be at risk! Ideally, a perfect hash should be a deterministic function o(·) which returns a random string for every possible input string (Random Collision Resistance is important because: Oracle) if we could find collisions at our will, we would have the ability to Any call to the oracle with the same input m will yield o(m) build messages we can subsequently repudiate { as we would be o(m1) = o(m2) if and only if m1=m2 always able to show multiple plausible messages, of our choice, for a Probability of picking randomly a message with a specific digest d is 0 certain digest The message space is infinite ) the digest space is infinite too! We need an infinite amount of memory to store all the mappings! Not practical, but useful to evaluate the security of real hash functions G. Pelosi, A. Barenghi (DEIB) Hash Functions 7 / 37 G. Pelosi, A. Barenghi (DEIB) Hash Functions 8 / 37 Security of Hash Functions Security of Hash Functions Practical 1st Preimage Problem - (black box analysis) A real hash function h(·) does not have an infinite digest space Practical 2nd Preimage Problem - (black box analysis) Trying to find a preimage for d 2 D calling the hash function with a Let m2M, d=h(m) be the msg-digest pair for which we want a 2nd 1 random input, I will obtain the preimage with probability jDj preimage (i.e., find m02M s.t. m06=m, h(m0)=h(m)=d) q Probability of calling h(·) q times without success: 1 − 1 Pick q msg.s at random: m; m1; m2;:::mq−1 s.t. m6=mi , jDj i2f1;:::; q−1g Probability of getting at least one valid preimage, mi , for d with q For each chosen message mi , compute h(mi ) calls is: If one of the h(m ) is d, return m ; otherwise fail 1 q i i Pr(mi s:t: d = h(mi )) = 1 − 1 − Again, the probability of getting at least one valid preimage of d is: jDj q−1 jDj q jDj!1 − q (1 − 1 )q=(1 + −1 ) jDj ≈ e jDj (notable limit), and 1 q − 1 jDj jDj Pr(8 i mi 6= m; h(mi ) = h(m)) = 1 − 1 − ≈ q !0 jDj jDj − q jDj e jDj ≈ 1 − q (notable limit), thus if q is much smaller than jDj (i.e., q jDj) we have: jDj q Pr(m s:t: d = h(m )) ≈ i i jDj G. Pelosi, A. Barenghi (DEIB) Hash Functions 9 / 37 G. Pelosi, A. Barenghi (DEIB) Hash Functions 10 / 37 Security of Hash Functions Security of Hash Functions Practical Collision Problem - (black box analysis) Finding the number of trials, q needed to get a collision a a − x The approach to find a collision in a hash function is From basic calculus (Taylor series), recall that 1 − x ≤ e Pick q messages at random mi , i 2 f1;:::; qg Consequentially, we can rewrite the previous result as follows: If any two digests, h(mi ) and h(mj ) with i 6= j (i; j 2 f1;:::; qg), are q q−1 equal then return (mi ; mj ); otherwise, fail Y i Y − i − 1 Pq−1 i − q(q−1) Pr(no coll.) = 1 − ≤ e jDj = e jDj i=0 = e 2jDj jDj q = 1, Pr(no collision) = 1 i=0 i=0 1 q = 2, Pr(no collision) = 1 · 1 − jDj We look for: Pr(no coll.) ≥ 50% , Pr(at least one coll.) ≤ 50% q(q−1) 1 2 − 2jDj 1 q(q−1) q = 3, Pr(no collision) = 1 · 1 − jDj · 1 − jDj we find that: e ≥ 2 ) 2jDj ≤ ln 2 ::: 1 Solving for q we conclude that Pr(no collision) ≥ 2 if 1 2 q−1 1 q 1 p q picks, Pr(no collision) = 1 · 1 − jDj · 1 − jDj ··· 1 − jDj 0 < q ≤ 2 + 4 + 2jDj ln 2 , (roughly) 0 < q ≤ 1:1774 jDj G. Pelosi, A. Barenghi (DEIB) Hash Functions 11 / 37 G. Pelosi, A. Barenghi (DEIB) Hash Functions 12 / 37 Security of Hash Functions Security of Hash Functions Birthday Paradox Summing up The Birthday paradox is the somewhat surprising answer to: How many people must I gather in a room in order to have a probability of 50% To obtain a sound cryptographic hash function we need to find an that any two of them share the same birthday? efficiently computable map h : M ! D such that: It is computationally unfeasible to find a first/second preimage This is the probability to find at least one collision on the hash function in \less than" jDj calls to the hash function BirthdayOf(·) It is computationally unfeasible to find a collisionpin less than p p 1 log jDj 1:17 jDj calls to the hash function (≈ jDj = 2log2 jDj = 2 2 2 if we do not consider leap years and assumep that the birthdays are uniformly distributed, the answer is: ::: ≈ 1:1774 · 365 = 23 calls) Rule of thumb: take jDj ≥ 2160 (i.e., a hash with digest ≥160-bit) to Compare the above question with the following one: avoid a bruteforce approach to finding collisions (80-bit security) how many people must I gather in a room in order to have a probability >50% Note: Collision Res. ) 2nd Preimage Res. ) Preimage Res. that one of them has the same birthday as me? Note: Real hash functions have necessarily a very large number of This is the probability to find a 2nd preimage of the BirthdayOf(·) collisions. Their unforgeability comes from the fact that it is just function unfeasible to find collisions on purpose q−1 1 365 I need a lot more people: ... ≈ 365 ≥ 2 , q ≥ 1 + 2 ; q ≥ 183 G. Pelosi, A. Barenghi (DEIB) Hash Functions 13 / 37 G. Pelosi, A. Barenghi (DEIB) Hash Functions 14 / 37 Use Scenarios for Hash functions Use Scenarios for Hash functions Common Scenarios - 2 Efficient digital signatures: instead of signing the file f , sign h(f ) Common Scenarios - 1 Safe password storage: instead of storing a password p, store Integrity of files: hash functions may be used to check the integrity d = h(p). Even if an attacker retrieves d, he cannot find p of a network-transmitted file through having a very fast hash function may be an issue: it allows to quickly Downloading both the file f and d=h(f ) from the providing server test a set of guesses for p extracted from a dictionary Computing h(·) on the downloaded file and checking that it matches Commitment Schemes.
Recommended publications
  • Hash Functions
    Hash Functions A hash function is a function that maps data of arbitrary size to an integer of some fixed size. Example: Java's class Object declares function ob.hashCode() for ob an object. It's a hash function written in OO style, as are the next two examples. Java version 7 says that its value is its address in memory turned into an int. Example: For in an object of type Integer, in.hashCode() yields the int value that is wrapped in in. Example: Suppose we define a class Point with two fields x and y. For an object pt of type Point, we could define pt.hashCode() to yield the value of pt.x + pt.y. Hash functions are definitive indicators of inequality but only probabilistic indicators of equality —their values typically have smaller sizes than their inputs, so two different inputs may hash to the same number. If two different inputs should be considered “equal” (e.g. two different objects with the same field values), a hash function must re- spect that. Therefore, in Java, always override method hashCode()when overriding equals() (and vice-versa). Why do we need hash functions? Well, they are critical in (at least) three areas: (1) hashing, (2) computing checksums of files, and (3) areas requiring a high degree of information security, such as saving passwords. Below, we investigate the use of hash functions in these areas and discuss important properties hash functions should have. Hash functions in hash tables In the tutorial on hashing using chaining1, we introduced a hash table b to implement a set of some kind.
    [Show full text]
  • Horner's Method: a Fast Method of Evaluating a Polynomial String Hash
    Olympiads in Informatics, 2013, Vol. 7, 90–100 90 2013 Vilnius University Where to Use and Ho not to Use Polynomial String Hashing Jaku' !(CHOCKI, $ak&' RADOSZEWSKI Faculty of Mathematics, Informatics and Mechanics, University of Warsaw Banacha 2, 02-097 Warsaw, oland e-mail: {pachoc$i,jrad}@mimuw.edu.pl Abstract. We discuss the usefulness of polynomial string hashing in programming competition tasks. We sho why se/eral common choices of parameters of a hash function can easily lead to a large number of collisions. We particularly concentrate on the case of hashing modulo the size of the integer type &sed for computation of fingerprints, that is, modulo a power of t o. We also gi/e examples of tasks in hich strin# hashing yields a solution much simpler than the solutions obtained using other known algorithms and data structures for string processing. Key words: programming contests, hashing on strings, task e/aluation. 1. Introduction Hash functions are &sed to map large data sets of elements of an arbitrary length 3the $eys4 to smaller data sets of elements of a 12ed length 3the fingerprints). The basic appli6 cation of hashing is efficient testin# of equality of %eys by comparin# their 1ngerprints. ( collision happens when two different %eys ha/e the same 1ngerprint. The ay in which collisions are handled is crucial in most applications of hashing. Hashing is particularly useful in construction of efficient practical algorithms. Here e focus on the case of the %eys 'ein# strings o/er an integer alphabetΣ= 0,1,...,A 1 . 5he elements ofΣ are called symbols.
    [Show full text]
  • Why Simple Hash Functions Work: Exploiting the Entropy in a Data Stream∗
    Why Simple Hash Functions Work: Exploiting the Entropy in a Data Stream¤ Michael Mitzenmachery Salil Vadhanz School of Engineering & Applied Sciences Harvard University Cambridge, MA 02138 fmichaelm,[email protected] http://eecs.harvard.edu/»fmichaelm,salilg October 12, 2007 Abstract Hashing is fundamental to many algorithms and data structures widely used in practice. For theoretical analysis of hashing, there have been two main approaches. First, one can assume that the hash function is truly random, mapping each data item independently and uniformly to the range. This idealized model is unrealistic because a truly random hash function requires an exponential number of bits to describe. Alternatively, one can provide rigorous bounds on performance when explicit families of hash functions are used, such as 2-universal or O(1)-wise independent families. For such families, performance guarantees are often noticeably weaker than for ideal hashing. In practice, however, it is commonly observed that simple hash functions, including 2- universal hash functions, perform as predicted by the idealized analysis for truly random hash functions. In this paper, we try to explain this phenomenon. We demonstrate that the strong performance of universal hash functions in practice can arise naturally from a combination of the randomness of the hash function and the data. Speci¯cally, following the large body of literature on random sources and randomness extraction, we model the data as coming from a \block source," whereby each new data item has some \entropy" given the previous ones. As long as the (Renyi) entropy per data item is su±ciently large, it turns out that the performance when choosing a hash function from a 2-universal family is essentially the same as for a truly random hash function.
    [Show full text]
  • CSC 344 – Algorithms and Complexity Why Search?
    CSC 344 – Algorithms and Complexity Lecture #5 – Searching Why Search? • Everyday life -We are always looking for something – in the yellow pages, universities, hairdressers • Computers can search for us • World wide web provides different searching mechanisms such as yahoo.com, bing.com, google.com • Spreadsheet – list of names – searching mechanism to find a name • Databases – use to search for a record • Searching thousands of records takes time the large number of comparisons slows the system Sequential Search • Best case? • Worst case? • Average case? Sequential Search int linearsearch(int x[], int n, int key) { int i; for (i = 0; i < n; i++) if (x[i] == key) return(i); return(-1); } Improved Sequential Search int linearsearch(int x[], int n, int key) { int i; //This assumes an ordered array for (i = 0; i < n && x[i] <= key; i++) if (x[i] == key) return(i); return(-1); } Binary Search (A Decrease and Conquer Algorithm) • Very efficient algorithm for searching in sorted array: – K vs A[0] . A[m] . A[n-1] • If K = A[m], stop (successful search); otherwise, continue searching by the same method in: – A[0..m-1] if K < A[m] – A[m+1..n-1] if K > A[m] Binary Search (A Decrease and Conquer Algorithm) l ← 0; r ← n-1 while l ≤ r do m ← (l+r)/2 if K = A[m] return m else if K < A[m] r ← m-1 else l ← m+1 return -1 Analysis of Binary Search • Time efficiency • Worst-case recurrence: – Cw (n) = 1 + Cw( n/2 ), Cw (1) = 1 solution: Cw(n) = log 2(n+1) 6 – This is VERY fast: e.g., Cw(10 ) = 20 • Optimal for searching a sorted array • Limitations: must be a sorted array (not linked list) binarySearch int binarySearch(int x[], int n, int key) { int low, high, mid; low = 0; high = n -1; while (low <= high) { mid = (low + high) / 2; if (x[mid] == key) return(mid); if (x[mid] > key) high = mid - 1; else low = mid + 1; } return(-1); } Searching Problem Problem: Given a (multi)set S of keys and a search key K, find an occurrence of K in S, if any.
    [Show full text]
  • 4 Hash Tables and Associative Arrays
    4 FREE Hash Tables and Associative Arrays If you want to get a book from the central library of the University of Karlsruhe, you have to order the book in advance. The library personnel fetch the book from the stacks and deliver it to a room with 100 shelves. You find your book on a shelf numbered with the last two digits of your library card. Why the last digits and not the leading digits? Probably because this distributes the books more evenly among the shelves. The library cards are numbered consecutively as students sign up, and the University of Karlsruhe was founded in 1825. Therefore, the students enrolled at the same time are likely to have the same leading digits in their card number, and only a few shelves would be in use if the leadingCOPY digits were used. The subject of this chapter is the robust and efficient implementation of the above “delivery shelf data structure”. In computer science, this data structure is known as a hash1 table. Hash tables are one implementation of associative arrays, or dictio- naries. The other implementation is the tree data structures which we shall study in Chap. 7. An associative array is an array with a potentially infinite or at least very large index set, out of which only a small number of indices are actually in use. For example, the potential indices may be all strings, and the indices in use may be all identifiers used in a particular C++ program.Or the potential indices may be all ways of placing chess pieces on a chess board, and the indices in use may be the place- ments required in the analysis of a particular game.
    [Show full text]
  • SHA-3 and the Hash Function Keccak
    Christof Paar Jan Pelzl SHA-3 and The Hash Function Keccak An extension chapter for “Understanding Cryptography — A Textbook for Students and Practitioners” www.crypto-textbook.com Springer 2 Table of Contents 1 The Hash Function Keccak and the Upcoming SHA-3 Standard . 1 1.1 Brief History of the SHA Family of Hash Functions. .2 1.2 High-level Description of Keccak . .3 1.3 Input Padding and Generating of Output . .6 1.4 The Function Keccak- f (or the Keccak- f Permutation) . .7 1.4.1 Theta (q)Step.......................................9 1.4.2 Steps Rho (r) and Pi (p).............................. 10 1.4.3 Chi (c)Step ........................................ 10 1.4.4 Iota (i)Step......................................... 11 1.5 Implementation in Software and Hardware . 11 1.6 Discussion and Further Reading . 12 1.7 Lessons Learned . 14 Problems . 15 References ......................................................... 17 v Chapter 1 The Hash Function Keccak and the Upcoming SHA-3 Standard This document1 is a stand-alone description of the Keccak hash function which is the basis of the upcoming SHA-3 standard. The description is consistent with the approach used in our book Understanding Cryptography — A Textbook for Students and Practioners [11]. If you own the book, this document can be considered “Chap- ter 11b”. However, the book is most certainly not necessary for using the SHA-3 description in this document. You may want to check the companion web site of Understanding Cryptography for more information on Keccak: www.crypto-textbook.com. In this chapter you will learn: A brief history of the SHA-3 selection process A high-level description of SHA-3 The internal structure of SHA-3 A discussion of the software and hardware implementation of SHA-3 A problem set and recommended further readings 1 We would like to thank the Keccak designers as well as Pawel Swierczynski and Christian Zenger for their extremely helpful input to this document.
    [Show full text]
  • Choosing Best Hashing Strategies and Hash Functions
    2009 IEEE International Advance ComDutint! Conference (IACC 2009) Patiala, India, 4 Choosing Best Hashing Strategies and Hash Functions Mahima Singh, Deepak Garg Computer science and Engineering Department, Thapar University ,Patiala. Abstract The paper gives the guideline to choose a best To quickly locate a data record Hash functions suitable hashing method hash function for a are used with its given search key used in hash particularproblem. tables. After studying the various problem we find A hash table is a data structure that associates some criteria has been found to predict the keys with values. The basic operation is to best hash method and hash function for that supports efficiently (student name) and find the problem. We present six suitable various corresponding value (e.g. that students classes of hash functions in which most of the enrolment no.). It is done by transforming the problems canfind their solution. key using the hash function into a hash, a Paper discusses about hashing and its various number that is used as an index in an array to components which are involved in hashing and locate the desired location (called bucket) states the need ofusing hashing forfaster data where the values should be. retrieval. Hashing methods were used in many Hash table is a data structure which divides all different applications of computer science elements into equal-sized buckets to allow discipline. These applications are spreadfrom quick access to the elements. The hash spell checker, database management function determines which bucket an element applications, symbol tables generated by belongs in. loaders, assembler, and compilers.
    [Show full text]
  • DBMS Hashing
    DDBBMMSS -- HHAASSHHIINNGG http://www.tutorialspoint.com/dbms/dbms_hashing.htm Copyright © tutorialspoint.com For a huge database structure, it can be almost next to impossible to search all the index values through all its level and then reach the destination data block to retrieve the desired data. Hashing is an effective technique to calculate the direct location of a data record on the disk without using index structure. Hashing uses hash functions with search keys as parameters to generate the address of a data record. Hash Organization Bucket − A hash file stores data in bucket format. Bucket is considered a unit of storage. A bucket typically stores one complete disk block, which in turn can store one or more records. Hash Function − A hash function, h, is a mapping function that maps all the set of search- keys K to the address where actual records are placed. It is a function from search keys to bucket addresses. Static Hashing In static hashing, when a search-key value is provided, the hash function always computes the same address. For example, if mod-4 hash function is used, then it shall generate only 5 values. The output address shall always be same for that function. The number of buckets provided remains unchanged at all times. Operation Insertion − When a record is required to be entered using static hash, the hash function h computes the bucket address for search key K, where the record will be stored. Bucket address = hK Search − When a record needs to be retrieved, the same hash function can be used to retrieve the address of the bucket where the data is stored.
    [Show full text]
  • Hash Tables & Searching Algorithms
    Search Algorithms and Tables Chapter 11 Tables • A table, or dictionary, is an abstract data type whose data items are stored and retrieved according to a key value. • The items are called records. • Each record can have a number of data fields. • The data is ordered based on one of the fields, named the key field. • The record we are searching for has a key value that is called the target. • The table may be implemented using a variety of data structures: array, tree, heap, etc. Sequential Search public static int search(int[] a, int target) { int i = 0; boolean found = false; while ((i < a.length) && ! found) { if (a[i] == target) found = true; else i++; } if (found) return i; else return –1; } Sequential Search on Tables public static int search(someClass[] a, int target) { int i = 0; boolean found = false; while ((i < a.length) && !found){ if (a[i].getKey() == target) found = true; else i++; } if (found) return i; else return –1; } Sequential Search on N elements • Best Case Number of comparisons: 1 = O(1) • Average Case Number of comparisons: (1 + 2 + ... + N)/N = (N+1)/2 = O(N) • Worst Case Number of comparisons: N = O(N) Binary Search • Can be applied to any random-access data structure where the data elements are sorted. • Additional parameters: first – index of the first element to examine size – number of elements to search starting from the first element above Binary Search • Precondition: If size > 0, then the data structure must have size elements starting with the element denoted as the first element. In addition, these elements are sorted.
    [Show full text]
  • Introduction to Hash Table and Hash Function
    Introduction to Hash Table and Hash Function This is a short introduction to Hashing mechanism Introduction Is it possible to design a search of O(1)– that is, one that has a constant search time, no matter where the element is located in the list? Let’s look at an example. We have a list of employees of a fairly small company. Each of 100 employees has an ID number in the range 0 – 99. If we store the elements (employee records) in the array, then each employee’s ID number will be an index to the array element where this employee’s record will be stored. In this case once we know the ID number of the employee, we can directly access his record through the array index. There is a one-to-one correspondence between the element’s key and the array index. However, in practice, this perfect relationship is not easy to establish or maintain. For example: the same company might use employee’s five-digit ID number as the primary key. In this case, key values run from 00000 to 99999. If we want to use the same technique as above, we need to set up an array of size 100,000, of which only 100 elements will be used: Obviously it is very impractical to waste that much storage. But what if we keep the array size down to the size that we will actually be using (100 elements) and use just the last two digits of key to identify each employee? For example, the employee with the key number 54876 will be stored in the element of the array with index 76.
    [Show full text]
  • PHP- Sha1 Function
    |PHP PHP- sha1 Function The sha1 string function is used to calculate the SHA-1 (Secure Hash Algorithm 1) hash of a string value. It is mainly used for converting a string into 40-bit hexadecimal number, which is so secured. "SHA-1 produces a 160-bit output called a message digest. Syntax: string sha1 ( string source [, bool raw_output]); Syntax Explanation: string source- defines the input string. raw_output – The raw output is like a Boolean function that is: If TRUE , it sets raw 20-character binary format. If FALSE (default) then it sets raw 40-character hex number format. Advantage of Using sha-1 function: When you use the sha1 function at first time while running the string it will generate a different hash value for the string. If you run it again and again the hash vale for the string will be different every time. 1. Produces a longer hash value than MD5 2. Collision Resistant 3. Widespread Use 4. Provides a one-way hash Facebook.com/wikitechy twitter.com/WikitechyCom © Copyright 2016. All Rights Reserved. |PHP Disadvantage of Using sha-1 function: 1. Sha-1 algorithm is the slower computational algorithm than the MD5 algorithm. 2. Has known security vulnerabilities Sample code: <!DOCTYPE> <html> <body> <?php echo sha1('wikitechy'); echo "<br>"; echo sha1('wikitechy',TRUE); ?> </body> </html> Facebook.com/wikitechy twitter.com/WikitechyCom © Copyright 2016. All Rights Reserved. |PHP Code Explanation: In this echo statement we call the “sha1” string function that will be used for calculating the hash function value for the term “wikitechy” . In this echo statement we call the “sha1” string function that will be used for calculating the hash function value of the term “wikitechy “and here we use the Boolean function set as true so the raw Facebook.com/wikitechy twitter.com/WikitechyCom © Copyright 2016.
    [Show full text]
  • Chapter 5 Hash Functions
    Chapter 5 Hash Functions A hash function usually means a function that compresses, meaning the output is shorter than the input. Often, such a function takes an input of arbitrary or almost arbitrary length to one whose length is a fixed number, like 160 bits. Hash functions are used in many parts of cryptography, and there are many different types of hash functions, with differing security properties. We will consider them in this chapter. 5.1 The hash function SHA1 The hash function known as SHA1 is a simple but strange function from strings of arbitrary length to strings of 160 bits. The function was finalized in 1995, when a FIPS (Federal Information Processing Standard) came out from the US National Institute of Standards that specified SHA1. The function SHA1: {0, 1}∗ →{0, 1}160 is conveniently described in terms of a lower-level function, sha1: {0, 1}512 ×{0, 1}160 →{0, 1}160 called its compression function. Let’s begin by defining the sha1 compression function, and then we’ll define SHA1 from it. First we need some notation and definitions. If A and B are 32-bit strings then we let A+B denote the 32-bit string that you get by treating A and B as nonnegative numbers, adding them modulo 232, and treating the result as a 32-bit strings. This is just the usual notion of “computer addition.” If A = A0A1 ...A31 is a 32-bit string (each Ai abit)andi ∈ [0 .. 32] is a number, then we let A i be the circular left shift of A = A0A1 ...A31 by i positions, meaning Ai mod 32Ai+1 mod 32 ...Ai+31 mod 32.
    [Show full text]