Module 3 :Cryptographic Hash Functions

A hash function is a mathematical function that converts a numerical input value into another
compressed numerical value. The input to the hash function is of arbitrary length but output is
always of fixed length.
Values returned by a hash function are called message digest or simply hash values. The
following picture illustrated hash function −

Characteristics of Cryptography Hash Function

1. Deterministic: This means that the same message always results in the same hash.
2. Quick: It is quick to compute the hash value for any given message.
3. Avalanche Effect: This means that every minor change in the message results in a major
change in the hash value.
4. One-Way Function: You cannot reverse the cryptographic hash function to get to the data.
5. Collision Resistance: It is infeasible to find two different messages that produce the same
hash value.
6. Non Predictable: The hash value shouldn’t be predictable from the given string and vice
versa.
Hash Function Requirements
 H can be applied to a block of data of any size
 H produces a fixed length output
 H(x) is relatively easy to compute
 For any given code h, it is computationally infeasible to find x such that H(x) = h
 For any given block x, it is computationally infeasible to find y  x with H(y) = H(x)
 It is computationally infeasible to find any pair (x,y) such that H(x) = H(y)

Properties of Hash Functions

In order to be an effective cryptographic tool, the hash function is desired to possess following
properties −
 Pre-Image Resistance
o This property means that it should be computationally hard to reverse a hash
function.
o In other words, if a hash function h produced a hash value z, then it should be a
difficult process to find any input value x that hashes to z.
o This property protects against an attacker who only has a hash value and is trying to
find the input.
 Second Pre-Image Resistance
o This property means given an input and its hash, it should be hard to find a different
input with the same hash.
o In other words, if a hash function h for an input x produces hash value h(x), then it
should be difficult to find any other input value y such that h(y) = h(x).
o This property of hash function protects against an attacker who has an input value
and its hash, and wants to substitute different value as legitimate value in place of
original input value.
 Collision Resistance
o This property means it should be hard to find two different inputs of any length that
result in the same hash. This property is also referred to as collision free hash
function.
o In other words, for a hash function h, it is hard to find any two different inputs x and
y such that h(x) = h(y).
o Since, hash function is compressing function with fixed hash length, it is impossible
for a hash function not to have collisions. This property of collision free only
confirms that these collisions should be hard to find.
o This property makes it very difficult for an attacker to find two input values with the
same hash.
o Also, if a hash function is collision-resistant then it is second pre-image resistant.
Message Authentication Code (MAC)
MAC algorithm is a symmetric key cryptographic technique to provide message authentication.
For establishing MAC process, the sender and receiver share a symmetric key K.
Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent
along with a message to ensure message authentication.
The process of using MAC for authentication is depicted in the following illustration −

Entire process in detail −

 The sender uses some publicly known MAC algorithm, inputs the message and the secret
key K and produces a MAC value.
 Similar to hash, MAC function also compresses an arbitrary long input into a fixed length
output. The major difference between hash and MAC is that MAC uses secret key during
the compression.
 The sender forwards the message along with the MAC. Here, we assume that the message
is sent in the clear, as we are concerned of providing message origin authentication, not
confidentiality. If confidentiality is required then the message needs encryption.
 On receipt of the message and the MAC, the receiver feeds the received message and the
shared secret key K into the MAC algorithm and re-computes the MAC value.
 The receiver now checks equality of freshly computed MAC with the MAC received from
the sender. If they match, then the receiver accepts the message and assures himself that the
message has been sent by the intended sender.
 If the computed MAC does not match the MAC sent by the sender, the receiver cannot
determine whether it is the message that has been altered or it is the origin that has been
falsified. As a bottom-line, a receiver safely assumes that the message is not the genuine.

Limitations of MAC

There are two major limitations of MAC, both due to its symmetric nature of operation −
 Establishment of Shared Secret.
 o It can provide message authentication among pre-decided legitimate users who have
shared key.
o This requires establishment of shared secret prior to use of MAC.
 Inability to Provide Non-Repudiation
o Non-repudiation is the assurance that a message originator cannot deny any
previously sent messages and commitments or actions.
o MAC technique does not provide a non-repudiation service. If the sender and
receiver get involved in a dispute over message origination, MACs cannot provide
a proof that a message was indeed sent by the sender.
o Though no third party can compute the MAC, still sender could deny having sent
the message and claim that the receiver forged it, as it is impossible to determine
which of the two parties computed the MAC.

HMAC (Hash-based Message Authentication Code)

HMAC (Hash-based Message Authentication Code) is a type of a message authentication code

(MAC) that is acquired by executing a cryptographic hash function on the data (that is) to be
authenticated and a secret shared key.
it is used for both data integrity and authentication.
Applications
 Verification of e-mail address during activation or creation of an account.
 Authentication of form data that is sent to the client browser and then submitted back.
 HMACs can be used for Internet of things (IoT) due to less cost.
 Whenever there is a need to reset the password, a link that can be used once is sent without
adding a server state.
 It can take a message of any length and convert it into a fixed-length message digest. That
is even if you got a long message, the message digest will be small and thus permits
maximizing bandwidth.

Working of HMAC

 HMACs provides client and server with a shared private key that is known only to
them. The client makes a unique hash (HMAC) for every request. When the client
requests the server, it hashes the requested data with a private key and sends it as a part
of the request. Both the message and key are hashed in separate steps making it secure.
When the server receives the request, it makes its own HMAC. Both the HMACS are
compared and if both are equal, the client is considered legitimate.
 The formula for HMAC:
 HMAC = hashFunc(secret key + message)
 There are three types of authentication functions. They are message encryption,
message authentication code, and hash functions. The major difference between MAC
 and hash (HMAC here) is the dependence of a key. In HMAC we have to apply the
hash function along with a key on the plain text. The hash function will be applied to
the plain text message. But before applying, we have to compute S bits and then append
it to plain text and after that apply the hash function. For generating those S bits we
make use of a key that is shared between the sender and receiver.

Using key K (0 < K < b), K+ is generated by padding O’s on left side of key K until length
becomes b bits. The reason why it’s not padded on right is change(increase) in the length of
key. b bits because it is the block size of plain text. There are two predefined padding bits
called ipad and opad. All this is done before applying hash function to the plain text message.
ipad - 00110110
opad - 01011100
Now we have to calculate S bits

K+ is EXORed with ipad and the result is S1 bits which is equivalent to b bits since both K+
and ipad are b bits. We have to append S1 with plain text messages. Let P be the plain text
message.
S1, p0, p1 upto Pm each is b bits. m is the number of plain text blocks. P0 is plain text block
and b is plain text block size. After appending S1 to Plain text we have to apply HASH
algorithm (any variant). Simultaneously we have to apply initialization vector (IV) which is a
buffer of size n-bits. The result produced is therefore n-bit hashcode i.e H( S1 || M ).

Similarly, n-bits are padded to b-bits And K+ is EXORed with opad producing output S2 bits.
S2 is appended to the b-bits and once again hash function is applied with IV to the block. This
further results into n-bit hashcode which is H( S2 || H( S1 || M )).
Advantages

 HMACs are ideal for high-performance systems like routers due to the use of hash
functions which are calculated and verified quickly unlike the public key systems.
 Digital signatures are larger than HMACs, yet the HMACs provide comparably higher
security.
 HMACs are used in administrations where public key systems are prohibited.

Disadvantages

 HMACs uses shared key which may lead to non-repudiation. If either sender or receiver’s
key is compromised, then it will be easy for attackers to create unauthorized messages.

Cipher-Based Message Authentication Code (CMAC):

It is a MAC that is based on the use of a block cipher mode of operations for use with AES and
triple DES. It is also adopted by NIST.  The CMAC overcomes the limitations of the Data
Authentication Algorithm (DAA) which is based on DES.  The operation of the CMAC can be
defined as follows: when the message is an integer multiple n of the cipher block length b. For
AES, b = 128, and for triple DES, b = 64. The message is divided into n blocks (M1 , M2 ,…,
Mn ). The algorithm makes use of ak-bit encryption key K and a b-bit constant, K1 . For AES,
the key size k is 128, 192, or 256 bits; for triple DES, the key size is 112 or 168 bits.
MD5 Algorithm

MD5 is a cryptographic hash function algorithm that takes the message as input of any length
and changes it into a fixed-length message of 16 bytes. MD5 algorithm stands for the message-
digest algorithm. MD5 was developed as an improvement of MD4, with advanced security
purposes. The output of MD5 (Digest size) is always 128 bits. MD5 was developed in 1991
by Ronald Rivest.
Use Of MD5 Algorithm:
 It is used for file authentication.
 In a web application, it is used for security purposes. e.g. Secure password of users etc.
 Using this algorithm, We can store our password in 128 bits format.
Working of the MD5 Algorithm:

A 512-bit string is divided into 16 words of 32 bits each using the MD5 message-digest hashing
method. MD5 generates a 128-bit message digest as a result of the operation.
There are four steps involved in producing a message digest:

1. Appending padding bits to the original message.

2. Appending length bits.
3. Initializing MD or Message digest buffer.
4. Processing of messages in 16-word blocks to produce the final output or result.

1. Appending padding bits to the original message

Padding is the process of adding more bits to the original message. Additions of padding bits
must be made in such a way that the resulting total number of bits falls 64 bits short of the
multiple of 512. The initial bit of padding is a 1, while the remaining bits are all zeros

2. Appending of length bits

In this step, we add length bits to the above message generated i.e., the original message and
padding bits. We combine the length bits in such a way that the message’s overall bit length is a
perfect multiple of 512. Thus, 64 bits are added to the message.

3. Initializing MD algorithm or Message digest buffer

In this phase, four 32-bit buffers are used. Let’s say there are four buffers, E, F, G, and H. Each
of these buffers has a size of 32 bits, and they are set up as follows:

Word E = 01 23 45 67
Word F = 89 ab cd ef
Word G = fe dc ba 98
Word H = 76 54 32 10

4. Processing of each block

Each 512-bit block is split into 16 smaller blocks, each of 32 bits. There are four rounds of
processing.
To begin, we use four auxiliary functions, each of which accepts three 32-bit words as input and
outputs one 32-bit word as a result. These functions make use of logical operators such as AND,
XOR, OR, and NOT.

This continues until the final 512-bit block has been processed. The final 512-bit block’s output
is the message digest.

Advantages of the MD5 algorithm

 It’s easier to compare and store smaller hashes using MD5 Algorithms than it is to
store a large variable-length text.
 By using MD5, passwords are stored in 128-bit format.
 You may check for file corruption by comparing the hash values before and after
transmission. To prevent data corruption, file integrity tests are valid once the hashes
match.
 A message digest can easily be created from an original message using MD5.

Disadvantages of the MD5 algorithm

 When compared to other algorithms like the SHA algorithm, MD5 is comparatively
slow.
 It is possible to construct the same hash function for two distinct inputs using MD5.
 MD5 is less secure when compared to the SHA algorithm since MD5 is more
vulnerable to collision attacks.
Application Of MD5 Algorithm:

 We use message digest to verify the integrity of files/ authenticates files.

 MD5 was used for data security and encryption.
 It is used to Digest the message of any size and also used for Password verification.
 For Game Boards and Graphics.

Secure Hash Algorithm 1

The Secure Hash Algorithm (SHA) was invented by the National Security Agency (NSA) and
published in 1993 through the National Institute of Standard and Technology (NIST) as a U.S.
Federal Information Processing Standard (FIPS PUB 180).
SHA depends on and shares the similar building blocks as the MD4 algorithm. The design of SHA
introduced a new process which develop the 16-word message block input to the compression
function to an 80-word block between other things.
The processing of SHA works as follows −
Step 1 − Append padding bits − The original message is padded and its duration is congruent to
448 modulo 512. Padding is continually inserted although the message already has the desired
length. Padding includes a single 1 followed by the essential number of 0 bits.
Step 2 − Append length − A 64-bit block considered as an unsigned 64-bit integer (most essential
byte first), and defining the length of the original message (before padding in step 1), is added to
the message. The complete message's length is a multiple of 512.
Step 3 −Initialize the buffer − The buffer includes five (5) registers of 32 bits each indicated by
A, B, C, D, and E. This 160-bit buffer can be used to influence temporary and final outcomes of
the compression function. These five registers are initialized to the following 32-bit integers (in
hexadecimal notation).
A = 67 45 23 01
B = ef cd ab 89
C = 98 ba dc fe
D = 10 32 54 76
E = c3 d2 e1 f0
The registers A, B, C, and D are actually the same as the four registers used in MD5 algorithm.
But in SHA-1, these values are saved in big-endian format, which define that the most essential
byte of the word is located in the low-address byte position. Therefore the initialization values (in
hexadecimal notation) occurs as follows −
word A = 67 45 23 01
word B = ef cd ab 89
 word C = 98 ba dc fe
word D = 10 32 54 76
word E = c3 d2 e1 f0
Step 4 − Process message in 512-bit blocks − The compression function is divided into 20
sequential steps includes four rounds of processing where each round is made up of 20 steps.
The four rounds are structurally same as one another with the only difference that each round need
a different Boolean function, which it can define as f1, f2, f3, f4 and one of four multiple additive
constants Kt (0 ≤t ≤79) which is based on the step under consideration.
Step 5 − Output − After processing the final 512-bit message block t (considering that the
message is divided into t 512-bit blocks), and it can obtain a 160-bit message digest.

Difference between MD5 and SHA1

S.NO MD5 SHA1

While SHA1 stands for Secure

1. MD5 stands for Message Digest. Hash Algorithm.

MD5 can have 128 bits length of message Whereas SHA1 can have 160 bits
2. digest. length of message digest.

The speed of MD5 is fast in comparison of While the speed of SHA1 is slow
3. SHA1’s speed. in comparison of MD5’s speed.

To make out the initial message the aggressor On the opposite hand, in SHA1
would want 2^128 operations whereas it’ll be 2^160 that makes it quite
4. exploitation the MD5 algorithmic program. troublesome to seek out.

While SHA1 is more complex

5. MD5 is simple than SHA1. than MD5.

While it provides balanced or

6. MD5 provides indigent or poor security. tolerable security.

In MD5, if the assailant needs to seek out the 2 Whereas in SHA1, assailant
7. messages having identical message digest then would need to perform 2^80
S.NO MD5 SHA1

assailant would need to perform 2^64 operations which is greater than

operations. MD5.

While SHA1 was presented in the

8. MD5 was presented in the year 1992. year 1995.