DOC PREVIEW
MASON ECE 646 - Lecture 11 Hash functions & MACs

This preview shows page 1-2-3-26-27-28 out of 28 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 28 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 28 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 28 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 28 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 28 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 28 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 28 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

1Hash functions & MACsECE 646 Lecture 11MessageHashfunctionPublic keyalgorithmAliceSignatureAlice’s private keyBobHashfunctionAlice’s public keyDigital SignatureHash value 1Hash value 2Hash valuePublic keyalgorithmyesnoMessageSignature2Hash functionarbitrary lengthmessagehashfunctionhash valueh(m)hmfixed lengthVocabularyhash functionmessage digesthash valuehash totalfingerprintimprintcryptographic checksumcompressed encodingMDC, Message Digest Codemessage digest3Hash functionsBasic requirements1. Public description, NO key2. Compressionarbitrary length input  fixed length output3. Ease of computationHash functionsSecurity requirements1. Preimage resistanceIt is computationally infeasibleGiven To Findyx, such thath(x) = y2. 2nd preimage resistancex and y=h(x)x’  x, such thath(x’) = h(x) = y3. Collision resistance x’  x, such thath(x’) = h(x)4Hash functionsDependence between requirementscollision resistant2nd preimage resistantHash functions(unkeyed)OWHF CRHFOne-WayHash FunctionsCollision-ResistantHash Functionspreimage resistance2nd preimage resistancecollision resistance5Brute force attack againstOne-Way Hash Functionmi’i=1..2n2nmessages with the contentsrequired by the forgerhh(mi’) = yn - bits?Given yCreating multiple versions ofthe required messageIstateconfirmthereby-that Iborrowedreceived$10,000ten thousand dollarsfromMr.Dr.KrisKrzysztofGaj onNovember 19,11 / 19 /2008.Thismoneysum of moneyshouldis required tobereturnedgiven backtoMr.Dr.Gajby the27th28thday ofNovemberNov.2006.6Brute force attack againstCollision Resistant Hash FunctionYuvalmihn - bitsh(mi)r messagesacceptable for the signermj’hn - bitsh(mj’)r messagesrequired by the forgerh(mi) = h(mj’)i=1..r j=1..rIstateconfirmthereby-that Iborrowedreceived$10,000ten thousand dollarsfromMr.Dr.KrisKrzysztofGaj onNovember 19,11 / 19 /2008.Thismoneysum of moneyshouldis required tobereturnedgiven backtoMr.Dr.Gajby the27th28thday ofNovemberNov.2006.Message required by the forger7Istateconfirmthereby-that onborrowedreceivedfromMr.Dr.KrisKrzysztofonNovember 19,11 / 19 /2008Thistextitemshouldis required tobereturnedgiven backtoMr.Dr.GajMessage acceptable for the signerIabookmanuscriptimplementing hash functions.factoring using Number Field Sieve.by the27th28thday ofNovemberNov.2008.Birthday paradoxHow many students must be in a class so thatthere is a greater than 50% chance that2. any two of the students share the samebirthday (up to the day and month)?1. one of the students shares the teacher’sbirthday (up to the day and month)?8Birthday paradoxHow many students must be in a class so thatthere is a greater than 50% chance that1. one of the students shares the teacher’sbirthday (day and month)?~ 366/2 = 1882. any two of the students share the samebirthday (day and month)?~366 19Brute force attack againstCollision Resistant Hash FunctionProbability p that two different messages have thesame hash value:p = 1 − exp (−r22n)For r = 2n/2p = 63%9Brute force attack againstCollision Resistant Hash FunctionStorage requirementsJ.J. Quisquatercollision search algorithmNumber of operations: 2  /2 · 2n/2 2.5 · 2n/2Storage: NegligibleHash value sizeOlder algorithms:Current algorithms:One-Way Collision-Resistantn  648 bytesn  12816 bytesn  8010 bytesn  16020 bytesNewly proposed algorithms:n = 128, 192, 25616, 24, 32 bytesn = 256, 384, 51232, 48, 64 bytes10Hash function algorithmsCustomized(dedicated)Based onblock ciphersBased onmodular arithmeticMDC-2MDC-4IBM, Brachtl, Meyer, Schilling, 1988MASH-11988-1996MD2Rivest 1988MD4Rivest 1990MD5Rivest 1990SHA-0SHA-1RIPEMDRIPEMD-160European RACE IntegrityPrimitives Evaluation Project, 1992NSA, 1992NSA, 1995SHA-256, SHA-384, SHA-512NSA, 2000Attacks againstdedicated hash functionsknown by 2004MD2MD4MD5SHA-0SHA-1RIPEMDRIPEMD-160partially brokenbroken, H. Dobbertin, 1995(one hour on PC, 20 free bytes at the start of the message)partially broken,collisions for thecompression function,Dobbertin, 1996(10 hours on PC)weaknessdiscovered,1995 NSA,1998 Francereduced roundversion broken,Dobbertin 1995SHA-256, SHA-384, SHA-51211MD4MD5SHA-0SHA-1RIPEMDRIPEMD-160SHA-256, SHA-384, SHA-512broken;Wang, Feng, Lai, YuCrypto 2004(1 hr on a PC)attack with240operationsCrypto 2004What was discovered in 2004-2005?broken;Wang, Feng, Lai, Yu, Crypto 2004(manually, without using a computer)broken;Wang, Feng,Lai, Yu,Crypto 2004(manully, withoutusing a computer)attack with263operationsWang, Yin,Yu, Aug 2005263operationsSchneier, 2005In hardware:Machine similar to the one used to break DES:Cost = $50,000-$70,000 Time: 18 daysorCost = $0.9-$1.26M Time: 24 hoursIn software:Computer network similar to distributed.netused to break DES (~331,252 computers) :Cost = ~ $0 Time: 7 months12Recommendations of NIST (1)NIST Brief Comments on Recent Cryptanalytic Attacks on SHA-1Feb 2005The new attack is applicable primarilyto the use of hash functions in digital signatures.In many cases applications of digital signaturesintroduce additional context information,which may make attacks impracticle.Other applications of hash functions,such as Message Authentication Codes (MACs),are not threatened by the new attacks.NIST was already earlier planning to withdraw SHA-1in favor of SHA-224, SHA-256, SHA-384 & SHA-512do roku 2010New implementations should use new hash functions.NIST encourages government agancies to develop plansfor gradually moving towards new hash functions,taking into account the sensitivity of the systemswhen setting the timetables.Recommendations of NIST (2)13SHA-3 Contest Timeline2007• publication of requirements• 29.X. 2007: request for candidates2008• 31.X.2008: deadline for submitting candidates20092 Q – first workshop devoted to the presentation of candidates20102 Q: second workshop devoted to the analysis of candidates3 Q: selection of finalists20121 Q: last workshop2 Q: selection of the winner3 Q: draft version of the standard published4 Q: final version of the standard publishedHash functionsApplications (1)1. Digital SignaturesAdvantages1. Shorter signature2. Much faster computations3. Larger resistance to manipulation(one block instead of several blocks of signature)4. Resistance to the multiplicative attacks5. Avoids problems with different sizes of thesender and the receiver moduli14Hash functionsApplications (2)2. Fingerprint of a program or a document(e.g., to detect a modification by a virusor an


View Full Document

MASON ECE 646 - Lecture 11 Hash functions & MACs

Documents in this Course
Load more
Download Lecture 11 Hash functions & MACs
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture 11 Hash functions & MACs and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture 11 Hash functions & MACs 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?