7/29/2019 Hash Algorithms
1/32
CRYPTOGRAPHY AND INFORMATION SECURITY
Lecturer: Dr. Nguyen Nam HongTel.: 048781437.
Mob.: 0912312816.
Email: [email protected]
Website:
www.freewebs.com/namhongthanhlocChapter 13. Hash Algorithms
7/29/2019 Hash Algorithms
2/32
Chapter 13. Hash Algorithms (1/3)
13.01. Use of Hash Functions in Cryptography
13.02. Hash Algorithms
13.03. MD5
13.04. MD5 Overview
13.05. MD5 Compression Functions
13.06. Strength of MD513.07. MD4
13.08. Secure Hash Algorithm (SHA-1)
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 2 / 32
7/29/2019 Hash Algorithms
3/32
Chapter 13. Hash Algorithms (2/3)
13.09. SHA Overview
13.10. SHA-1 Compression Function
13.11. SHA-1 verses MD5
13.12. Revised Secure Hash Standard
13.13. RIPEMD-160
13.14. RIPEMD-160 Overview13.15. RIPEMD-160 Round
13.16. RIPEMD-160 Compression Function
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 3 / 32
7/29/2019 Hash Algorithms
4/32
Chapter 13. Hash Algorithms (3/3)
13.17. RIPEMD-160 Design Criteria13.18. RIPEMD-160 verses MD5 and SHA-1
13.19. Keyed Hash Functions as MACs
13.20. HMAC
13.21. HMAC Overview
13.22. HMAC Security
13.23. Summary
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 4 / 32
7/29/2019 Hash Algorithms
5/32
13.01. Use of hash functions in
cryptography (1/2)
One of the most interesting applications ofcurrent cryptography is the real possibility of
adding in one message a digital signature: the
complete authentication.
All this begins in year 1976 when Diffie and
Hellman present a public key asymmetric cipher
model.
With the old symmetric key cipher systems this
was not feasible or either very complex.
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 5 / 32
7/29/2019 Hash Algorithms
6/32
13.01. Use of hash functions in
cryptography (2/2)Nevertheless, given that public key systems are
very slow, instead to digitally sign the complete
message, in a cryptographic system it will be
included as a digital signature a cipher operationwith the private key of the sender over a
summary or hash if that message, represented
just by a hundred of bits.
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 6 / 32
7/29/2019 Hash Algorithms
7/32
13.02. Hash Algorithms
see similarities in the evolution of hash functions& block ciphers
increasing power of brute-force attacks
leading to evolution in algorithms
from DES to AES in block ciphers
from MD4 & MD5 to SHA-1 & RIPEMD-160 inhash algorithms
likewise tend to use common iterative structureas do block ciphers
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 7 / 32
7/29/2019 Hash Algorithms
8/32
13.03. MD5
designed by Ronald Rivest (the R in RSA)
latest in a series of MD2, MD4
produces a 128-bit hash value
until recently was the most widely used hashalgorithm
in recent times have both brute-force &
cryptanalytic concerns specified as Internet standard RFC1321
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 8 / 32
7/29/2019 Hash Algorithms
9/32
13.04. MD5 Overview (1/2)
1. pad message so its length is 448 mod 5122. append a 64-bit length value to message
3. initialise 4-word (128-bit) MD buffer (A,B,C,D)
4. process message in 16-word (512-bit) blocks:
using 4 rounds of 16 bit operations on
message block & buffer
add output to buffer input to form new buffervalue
5. output hash value is the final buffer value
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 9 / 32
7/29/2019 Hash Algorithms
10/32
13.04. MD5 Overview (2/2)
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 10 / 32
7/29/2019 Hash Algorithms
11/32
13.05. MD5 Compression Function (1/2)
each round has 16 steps of the form:a = b+((a+g(b,c,d)+X[k]+T[i])
7/29/2019 Hash Algorithms
12/32
13.05. MD5 Compression Function (2/2)
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 12 / 32
7/29/2019 Hash Algorithms
13/32
13.06. Strength of MD5
MD5 hash is dependent on all message bits
Rivest claims security is good as can be
known attacks are:
Berson 92 attacked any 1 round using
differential cryptanalysis (but cant extend)Boer & Bosselaers 93 found a pseudo collision
(again unable to extend)
Dobbertin 96 created collisions on MD
compression function (but initial constantsprevent exploit)
conclusion is that MD5 looks vulnerable soon
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 13 / 32
7/29/2019 Hash Algorithms
14/32
13.07. MD4
precursor to MD5
also produces a 128-bit hash of message
has 3 rounds of 16 steps vs 4 in MD5
design goals:
collision resistant (hard to find collisions)
direct security (no dependence on "hard"problems)
fast, simple, compact
favours little-endian systems (eg PCs)
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 14 / 32
7/29/2019 Hash Algorithms
15/32
13.08. Secure Hash Algorithm (SHA-1)
SHA was designed by NIST & NSA in 1993, revised1995 as SHA-1
US standard for use with DSA signature scheme
standard is FIPS 180-1 1995, also InternetRFC3174
nb. the algorithm is SHA, the standard is SHS
produces 160-bit hash valuesnow the generally preferred hash algorithm
based on design of MD4 with key differences
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 15 / 32
7/29/2019 Hash Algorithms
16/32
13.09. SHA Overview (1/2)
1. pad message so its length is 448 mod 5122. append a 64-bit length value to message3. initialise 5-word (160-bit) buffer (A,B,C,D,E)
to
(67452301,efcdab89,98badcfe,10325476,c3d2e1f0)4. process message in 16-word (512-bit)
chunks:
5. output hash value is the final buffer value
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 16 / 32
7/29/2019 Hash Algorithms
17/32
13.09. SHA Overview (2/2)
process message in 16-word (512-bit) chunks: expand 16 words into 80 words by mixing
& shifting use 4 rounds of 20 bit operations on
message block & buffer add output to input to form new buffer
value
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 17 / 32
7/29/2019 Hash Algorithms
18/32
13.10. SHA-1 Compression Function (1/2)
each round has 20 steps which replaces the 5buffer words thus:
(A,B,C,D,E)
7/29/2019 Hash Algorithms
19/32
13.10. SHA-1 Compression Function (2/2)
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 19 / 32
7/29/2019 Hash Algorithms
20/32
13.11. SHA-1 verses MD5
brute force attack is harder (160 vs 128 bits forMD5)
not vulnerable to any known attacks (compared
to MD4/5)a little slower than MD5 (80 vs 64 steps)
both designed as simple and compact
optimised for big endian CPU's (vs MD5 which isoptimised for little endian CPUs)
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 20 / 32
7/29/2019 Hash Algorithms
21/32
13.12. Revised Secure Hash Standard
NIST have issued a revision FIPS 180-2adds 3 additional hash algorithms
SHA-256, SHA-384, SHA-512
designed for compatibility with increased securityprovided by the AES cipher
structure & detail is similar to SHA-1
hence analysis should be similar
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 21 / 32
7/29/2019 Hash Algorithms
22/32
13.13. RIPEMD-160
RIPEMD-160 was developed in Europe as part of
RIPE project in 96
by researchers involved in attacks on MD4/5
initial proposal strengthen following analysis to
become RIPEMD-160
somewhat similar to MD5/SHA
uses 2 parallel lines of 5 rounds of 16 steps
creates a 160-bit hash value
slower, but probably more secure, than SHA
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 22 / 32
7/29/2019 Hash Algorithms
23/32
13.14. RIPEMD-160 Overview
1. pad message so its length is 448 mod 5122. append a 64-bit length value to message3. initialise 5-word (160-bit) buffer (A,B,C,D,E) to
(67452301,efcdab89,98badcfe,10325476,c3d2e
1f0)4. process message in 16-word (512-bit) chunks: use 10 rounds of 16 bit operations on
message block & buffer in 2 parallel lines of
5 add output to input to form new buffer value
5. output hash value is the final buffer value
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 23 / 32
7/29/2019 Hash Algorithms
24/32
13.15. RIPEMD-160 Round
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 24 / 32
7/29/2019 Hash Algorithms
25/32
13.16. RIPEMD-160 Compression
Function
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 25 / 32
7/29/2019 Hash Algorithms
26/32
13.17. RIPEMD-160 Design Criteria
use 2 parallel lines of 5 rounds for increasedcomplexity
for simplicity the 2 lines are very similar
step operation very close to MD5
permutation varies parts of message used
circular shifts designed for best results
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 26 / 32
7/29/2019 Hash Algorithms
27/32
13.18. RIPEMD-160 verses MD5 & SHA-1
brute force attack harder (160 like SHA-1 vs 128bits for MD5)
not vulnerable to known attacks, like SHA-1though stronger (compared to MD4/5)
slower than MD5 (more steps)
all designed as simple and compact
SHA-1 optimised for big endian CPU's vs RIPEMD-
160 & MD5 optimised for little endian CPUs
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 27 / 32
7/29/2019 Hash Algorithms
28/32
13.19. Keyed Hash Functions as MACs
have desire to create a MAC using a hash functionrather than a block cipher
because hash functions are generally faster
not limited by export controls unlike block
ciphershash includes a key along with the message
original proposal:
KeyedHash = Hash(Key|Message)
some weaknesses were found with thiseventually led to development of HMAC
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 28 / 32
7/29/2019 Hash Algorithms
29/32
13.20. HMAC
specified as Internet standard RFC2104
uses hash function on the message:
HMACK = Hash[(K+ XOR opad) ||
Hash[(K+ XOR ipad)||M)]]
where K+ is the key padded out to size
and opad, ipad are specified padding constants
overhead is just 3 more hash calculations thanthe message needs alone
any of MD5, SHA-1, RIPEMD-160 can be used
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 29 / 32
7/29/2019 Hash Algorithms
30/32
13.21. HMAC Overview
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 30 / 32
7/29/2019 Hash Algorithms
31/32
13.22. HMAC Security
know that the security of HMAC relates to that ofthe underlying hash algorithm
attacking HMAC requires either:
brute force attack on key usedbirthday attack (but since keyed would need to
observe a very large number of messages)
choose hash function used based on speed versessecurity constraints
Dr. Nguyen Nam Hong, Le Quy Don Technical University Slide 31 / 32
7/29/2019 Hash Algorithms
32/32
13.23. Summary
have considered: some current hash algorithms:
MD5
SHA-1 RIPEMD-160
HMAC authentication using a hash function
Dr Nguyen Nam Hong Le Quy Don Technical University Slide 32 / 32