Scribd Logo
Upload

Welcome to Scribd!

  • Security of Hash Functions and Macs

    Uploaded by

    Kirti singh sikarwar
    10 views9 pages

    Original Title

    1584952765 (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views9 pages

    Security of Hash Functions and Macs

    Uploaded by

    Kirti singh sikarwar

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    Security of Hash Functions and MACs

    Muthukumar.A / ASP/ ECE / CNS / UNIT III /


    3/23/2020 1
    Security of Hash Functions and MACs
    Security of Hash Functions and MACs
    Two categories:
    brute-force attacks and cryptanalysis.
    Brute-Force Attacks
    The nature of brute-force attacks differs somewhat for hash
    functions and MACs.

    Hash Functions:

    One-way: For any given code h, it is computationally infeasible to


    find x such that H(x) = h.
    ● Weak collision resistance: For any given block x, it is
    computationally infeasible to find y ≠ x with H(y) = H(x).
    ● Strong collision resistance: It is computationally infeasible to
    find any pair (x, y) such that H(x) = H(y).

    Muthukumar.A / ASP/ ECE / CNS / UNIT III /


    3/23/2020 2
    Security of Hash Functions and MACs
    Security of Hash Functions and MACs

    For a hash code of length n, the level of effort required is

    Message Authentication Codes:


    A brute-force attack on a MAC is a more difficult
    undertaking because it requires known message-MAC pairs. To
    attack a hash code, we can proceed in the following way. Security
    of Hash Functions and Macs fixed message x with n-bit hash code
    h = H(x), a brute-force method of finding a collision is to pick a
    random bit string y and check if H(y) = H(x). The attacker can do
    this repeatedly off line.
    Muthukumar.A / ASP/ ECE / CNS / UNIT III /
    3/23/2020 3
    Security of Hash Functions and MACs
    Security of Hash Functions and MACs

    Security property of a MAC algorithm:

    Computation resistance: Given one or more text-MAC


    pairs [xi, C(K, xi)], it is computationally
    infeasible to compute any text-MAC pair [x, C(K, x)] for any new
    input x≠xi. In other words, the attacker would like to come up with
    the valid MAC code for a given message x.
    There are two lines of attack possible: Attack the key space and
    attack the MAC value. If an attacker can determine the MAC key,
    then it is possible to generate a valid MAC value for any input
    x. Suppose the key size is k bits and that the attacker has one
    known text-MAC pair. Then the attacker can compute the n-bit
    MAC on the known text for all possible keys. At least one key is
    guaranteed to produce the correct MAC, namely, the valid key
    that was initially used to produce the known text-MAC pair.
    Muthukumar.A / ASP/ ECE / CNS / UNIT III /
    3/23/2020 4
    Security of Hash Functions and MACs
    Security of Hash Functions and MACs

    Security property of a MAC algorithm (Cont):

    This phase of the attack takes a level of effort proportional


    to 2k However, as was described earlier, because the MAC is a
    many-to-one mapping, there may be other keys that produce the
    correct value.
    Thus, if more than one key is found to produce the correct value,
    additional text-MAC pairs must be tested. It can be shown that
    the level of effort drops off rapidly with each additional text-MAC
    pair and that the overall level of effort is roughly 2k.

    Muthukumar.A / ASP/ ECE / CNS / UNIT III /


    3/23/2020 5
    Security of Hash Functions and MACs
    Cryptanalysis

    As with encryption algorithms, cryptanalytic attacks on hash


    functions and MAC algorithms seek to exploit some property of the
    algorithm to perform some attack other than an exhaustive search.
    The way to measure the resistance of a hash or MAC algorithm to
    cryptanalysis is to compare its strength to the effort required for a
    brute-force attack. That is, an ideal hash or MAC algorithm will
    require a cryptanalytic effort greater than or equal to the brute-
    force effort.

    Muthukumar.A / ASP/ ECE / CNS / UNIT III /


    3/23/2020 6
    Security of Hash Functions and MACs
    Hash Functions

    The hash algorithm involves repeated use of a compression


    function, f, that takes two inputs and produces an n-bit output. At
    the start of hashing, the chaining variable has an initial value that is
    specified as part of the algorithm. The final value of the chaining
    variable is the hash value. Often, b > n; hence the term compression.
    Muthukumar.A / ASP/ ECE / CNS / UNIT III /
    3/23/2020 7
    Security of Hash Functions and MACs
    Hash Functions

    CVo = IV = initial n-bit value


    CVi = f(CVi1, Yi1) 1≤ i ≤L
    H(M) = CVL.
    where the input to the hash function is a message M consisting of
    the blocks Yo, Y1,..., YL1.

    Message Authentication Codes

    There is much more variety in the structure of MACs than in


    hash functions, so it is difficult to generalize about the cryptanalysis
    of MACs. Further, far less work has been done on developing such
    attacks.

    Muthukumar.A / ASP/ ECE / CNS / UNIT III /


    3/23/2020 8
    Security of Hash Functions and MACs
    Summarize

    Muthukumar.A / ASP/ ECE / CNS / UNIT III /


    3/23/2020 9
    Security of Hash Functions and MACs

    You might also like