DOC PREVIEW
MASON ECE 646 - Lecture 11 Hash functions & MACs

This preview shows page 1-2-3-4-5-6 out of 19 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

1 Hash functions & MACs ECE 646 Lecture 11 Message Hash function Public key algorithm Alice Signature Alice’s private key Bob Hash function Alice’s public key Digital Signature Hash value 1 Hash value 2 Hash value Public key algorithm yes no Message Signature Hash function arbitrary length message hash function hash value h(m) h m fixed length2 Vocabulary hash function message digest hash value hash total fingerprint imprint cryptographic checksum compressed encoding MDC, Message Digest Code message digest Hash functions Basic requirements 1. Public description, NO key 2. Compression arbitrary length input → fixed length output 3. Ease of computation Hash functions Security requirements 1. Preimage resistance It is computationally infeasible Given To Find y x, such that h(x) = y 2. 2nd preimage resistance x and y=h(x) x’ ≠ x, such that h(x’) = h(x) = y 3. Collision resistance x’ ≠ x, such that h(x’) = h(x)3 Hash functions Dependence between requirements collision resistant 2nd preimage resistant Hash functions (unkeyed) OWHF CRHF One-Way Hash Functions Collision-Resistant Hash Functions preimage resistance 2nd preimage resistance collision resistance Brute force attack against One-Way Hash Function mi’ i=1..2n 2n messages with the contents required by the forger h h(mi’) = y n - bits ? Given y4 Creating multiple versions of the required message I state confirm thereby - that I borrowed received $10,000 ten thousand dollars from Mr. Dr. Kris Krzysztof Gaj on November 17, 11 / 17 / 2009. This money sum of money should is required to be returned given back to Mr. Dr. Gaj by the 8th 9th day of December Dec. 2009. Brute force attack against Collision Resistant Hash Function Yuval mi h n - bits h(mi) r messages acceptable for the signer mj’ h n - bits h(mj’) r messages required by the forger h(mi) = h(mj’) i=1..r j=1..r Creating multiple versions of the required message I state confirm thereby - that I borrowed received $10,000 ten thousand dollars from Mr. Dr. Kris Krzysztof Gaj on November 17, 11 / 17 / 2009. This money sum of money should is required to be returned given back to Mr. Dr. Gaj by the 8th 9th day of December Dec. 2009.5 I state confirm thereby - that on borrowed received from Mr. Dr. Kris Krzysztof on December 1, 12 / 1 / 2009 This text item should is required to be returned given back to Mr. Dr. Gaj Message acceptable for the signer I a paper manuscript benchmarking in software . Benchmarking in hardware. by the 8th 9th day of December Dec. 2009. Birthday paradox How many students must be in a class so that there is a greater than 50% chance that 2. any two of the students share the same birthday (up to the day and month)? 1. one of the students shares the teacher’s birthday (up to the day and month)? Birthday paradox How many students must be in a class so that there is a greater than 50% chance that 1. one of the students shares the teacher’s birthday (day and month)? ~ 366/2 = 188 2. any two of the students share the same birthday (day and month)? ~√ 366 ≈ 196 Brute force attack against Collision Resistant Hash Function Probability p that two different messages have the same hash value: p = 1 − exp (− r2 2n ) For r = 2n/2 p = 63% Brute force attack against Collision Resistant Hash Function Storage requirements J.J. Quisquater collision search algorithm Number of operations: 2 √ π/2 · 2n/2 ≈ 2.5 · 2n/2 Storage: Negligible Hash value size Older algorithms: Current algorithms: One-Way Collision-Resistant n ≥ 64 8 bytes n ≥ 128 16 bytes n ≥ 80 10 bytes n ≥ 160 20 bytes Newly proposed algorithms: n = 128, 192, 256 16, 24, 32 bytes n = 256, 384, 512 32, 48, 64 bytes7 Hash function algorithms Customized (dedicated) Based on block ciphers Based on modular arithmetic MDC-2 MDC-4 IBM, Brachtl, Meyer, Schilling, 1988 MASH-1 1988-1996 MD2 Rivest 1988 MD4 Rivest 1990 MD5 Rivest 1990 SHA-0 SHA-1 RIPEMD RIPEMD-160 European RACE Integrity Primitives Evaluation Project, 1992 NSA, 1992 NSA, 1995 SHA-256, SHA-384, SHA-512 NSA, 2000 Attacks against dedicated hash functions known by 2004 MD2 MD4 MD5 SHA-0 SHA-1 RIPEMD RIPEMD-160 partially broken broken, H. Dobbertin, 1995 (one hour on PC, 20 free bytes at the start of the message) partially broken, collisions for the compression function, Dobbertin, 1996 (10 hours on PC) weakness discovered, 1995 NSA, 1998 France reduced round version broken, Dobbertin 1995 SHA-256, SHA-384, SHA-512 MD4 MD5 SHA-0 SHA-1 RIPEMD RIPEMD-160 SHA-256, SHA-384, SHA-512 broken; Wang, Feng, Lai, Yu Crypto 2004 (1 hr on a PC) attack with 240 operations Crypto 2004 What was discovered in 2004-2005? broken; Wang, Feng, Lai, Yu, Crypto 2004 (manually, without using a computer) broken; Wang, Feng, Lai, Yu, Crypto 2004 (manully, without using a computer) attack with 263 operations Wang, Yin, Yu , Aug 20058 263 operations Schneier, 2005 In hardware: Machine similar to the one used to break DES: Cost = $50,000-$70,000 Time: 18 days or Cost = $0.9-$1.26M Time: 24 hours In software: Computer network similar to distributed.net used to break DES (~331,252 computers) : Cost = ~ $0 Time: 7 months Recommendations of NIST (1) NIST Brief Comments on Recent Cryptanalytic Attacks on SHA-1 Feb 2005 The new attack is applicable primarily to the use of hash functions in digital signatures. In many cases applications of digital signatures introduce additional context information, which may make attacks impracticle. Other applications of hash functions, such as Message Authentication Codes (MACs), are not threatened by the new attacks. NIST was already earlier planning to withdraw SHA-1 in favor of SHA-224, SHA-256, SHA-384 & SHA-512 do roku 2010 New implementations should use new hash functions. NIST encourages government agancies to develop plans for gradually moving towards new hash functions, taking into account the sensitivity of the systems when setting the timetables. Recommendations of NIST (2)9 SHA-3 Contest Timeline 2007 • publication of requirements • 29.X. 2007: request for candidates 2008 • 31.X.2008: deadline for submitting candidates • 9.XII.2008: announcement of 51 candidates accepted for Round 1 2009 • 25-28.II.2009: 1st SHA-3 Candidate Conference, Leuven, Belgium • 24.VII.2009: 14 Round 2 candidates announced 2010 • 23-24.VIII.2010: 2nd


View Full Document

MASON ECE 646 - Lecture 11 Hash functions & MACs

Documents in this Course
Load more
Download Lecture 11 Hash functions & MACs
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture 11 Hash functions & MACs and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture 11 Hash functions & MACs 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?