Cryptographic Hash Functions Lecture slides by Zhanbolat Seitkulov
March IITU, Information Security 1
Outline • We will consider: – Hash functions • Uses, requirements, security – Hash functions based on block ciphers – SHA-1, SHA-2, SHA-3
March IITU, Information Security 2
Hash Functions • Converts arbitrary message to fixed size – h = H(M) • Usually assume hash function is public • Hash used to detect changes to message • Key properties of a cryptographic hash functions: – Computationally infeasible to find data mapping to specific hash (one-way property) – Computationally infeasible to find two different data with same hash (collision-free property)
March IITU, Information Security 3
Cryptographic Hash Function
March IITU, Information Security 4
Hash Function and Message Authentication
March IITU, Information Security 5
Hash Functions and Digital Signatures
March IITU, Information Security 6
Other Hash Function Uses • To create a one-way password file – Store hash of password not actual password • For intrusion detection and virus detection – Keep & check hash of files on system • Pseudorandom function (PRF) or pseudorandom number generator (PRNG)
March IITU, Information Security 7
Hash Function Requirements
March IITU, Information Security 8
Attacks on Hash Functions • Have brute-force attacks and cryptanalysis • A preimage and second preimage attack – Find y such that H(y) equals a given hash value • Collision resistance – Find two messages x and y with the same hash H(x) = H(y)
March IITU, Information Security 9
Hash Function Cryptanalysis • Cryptanalytic attacks use some property of algorithm, so faster than exhaustive search • Hash functions use iterative structure – Process message in blocks • Attacks focus on collisions in function f
March IITU, Information Security 10
Secure Hash Algorithm (SHA) • SHA originally designed by NIST & NSA in 1993 • was revised in 1995 as SHA-1 • US standard for use with DSA signature scheme – The algorithm is SHA, the standard is SHS • Based on design of MD4 • Produces 160-bit hash values • Recent 2005 results on security of SHA-1 has raised concern on its use in future applications
March IITU, Information Security 11
Revised Secure Hash Standard • NIST issued revision in 2002 (FIPS 180-2) • Adds three additional versions of SHA – SHA-256, SHA-384, SHA-512 • Designed with the compatibility with increased security provided by the AES cipher • Structure and detail is similar to SHA-1 • Hence analysis should be similar • But security levels are rather higher March IITU, Information Security 12 SHA Versions
March IITU, Information Security 13
SHA-512 Compression Function • Heart of the algorithm • Processing message in 1024-bit blocks • Consists of 80 rounds per block – Updating a 512-bit buffer – Using a 64-bit value derived from the current message block – And a round constant based on cube root of first 80 prime numbers
March IITU, Information Security 14
SHA Overview
March IITU, Information Security 15
Processing one 1024- bit block
March IITU, Information Security 16
Hi Initial Values
March IITU, Information Security 17
SHA-3 • In hashes, nothing secret, easy to attack • SHA-1 not yet “broken”, but similar to MD5 and SHA-0, so considered insecure • SHA-2 (especially SHA-512) seems secure – Shares same structure and mathematical operations as SHA-1, so have concern • NIST announced in 2007 a competition for the SHA-3 – next generation NIST hash function – Goal to have in place by 2012 but not fixed
March IITU, Information Security 18
SHA-3 Requirements • Replace SHA-2 with SHA-3 in any use – So use same hash sizes • Preserve the online nature of SHA-2 – So must process small blocks (512/1024 bits) • Evaluation criteria – Security close to theoretical max for hash sizes – Cost in time and memory – Characteristics such as flexibility and simplicity
March IITU, Information Security 19
Questions?
March IITU, Information Security 20
Reading • Cryptography and Network Security by Stallings – Chapter 11 • Sections 11.1, 11.3, 11.5 and 11.6