Cryptographic Hash Function

11.1
 11-1 MESSAGE INTEGRITY

The cryptography systems that we have studied so far provide secrecy, or confidentiality, but

not integrity. However, there are occasions where we may not even need secrecy but instead

must have integrity.

11.2
 Document and Fingerprint

One way to preserve the integrity of a document is through the use of a fingerprint. If Alice needs to

be sure that the contents of her document will not be changed, she can put her fingerprint at the

bottom of the document.

11.3
 Message and Message Digest

The electronic equivalent of the document and fingerprint pair is the message and digest pair.

To preserve the integrity of a message, the message is passed through an algorithm called a cryptographic hash

function.

Figure 11.1 Message and digest

11.4
Hash Function
 The hash value represents
concisely the longer
message
 may called the message digest

 A message digest is as a
“digital fingerprint” of the
original document

condenses arbitrary message to fixed size

h = H(M)

5
 • In hash function H accepts a variable length block of input data called as

‘M’ and produces the fixed size hash value can be represented as h = H(M).

• A hash function provides a property that has function applied on variable

amount of data (M) and then it produces the fixed amount of output data. 

• If any bit or bits changes in the data, then whole hash function output data

will also change. Cryptographic has function is one-way function, which is

practically infeasible to invert. 

11.6
11.7
Hashing V.S. Encryption
k
Hello, world. NhbXBsZSBzZW50ZW5jZSB0byBzaG93IEVuY3
E
A sample sentence to show encryption. J5cHRpb24KsZSBzZ

k
Hello, world.
D NhbXBsZSBzZW50ZW5jZSB0byBzaG93IEVuY3
A sample sentence to show encryption.
J5cHRpb24KsZSBzZ

 Encryption is two way, and requires a key to encrypt/decrypt

This is a clear text that can easily read 52f21cf7c7034a20

h
without using the key. The sentence is 17a21e17e061a863

longer than the text above.

 Hashing is one-way. There is no 'de-hashing’

Motivation for Hash Algorithms
 Intuition
 Limitation on non-cryptographic checksum
 Very possible to construct a message that matches the
checksum
 Goal
 Design a code where the original message cannot be inferred
based on its checksum
 such that an accidental or intentional change to the message
will change the hash value
Checking Integrity
11.11
 Cryptographic Hash Function Criteria

A cryptographic hash function must satisfy three criteria: preimage resistance, second preimage

resistance, and collision resistance.

Figure 11.3 Criteria of a cryptographic hash function

11.12
Properties : Fixed length

661dce0da2bcb2d8
Hello, world
h
2884e0162acf8194

Fixed length L

This is a clear text that can easily read

52f21cf7c7034a20
without using the key. The sentence is h
17a21e17e061a863
longer than the text above.

 Arbitrary-length message to fixed-length digest

Preimage resistant
 This measures how difficult to devise a message which hashes to the
known digest
 Roughly speaking, the hash function must be one-way.

Given only a message digest, can’t find any message (or preimage) that generates that digest.
Second preimage resistant
 This measures how difficult to devise a message which hashes to the known digest and its message

 Given one message, can’t find another message that has the same message digest. An attack that
finds a second message with the same message digest is a second pre-image attack.
 It would be easy to forge new digital signatures from old signatures if the hash function used
weren’t second preimage resistant
Collision Resistant

 Can’t find any two different messages with the same message digest
 Collision resistance implies second preimage resistance
 Collisions, if we could find them, would give signatories a way to repudiate their signatures
Applications Of Cryptographic Hash Functions

Message Authentication
• Message authentication is a mechanism or service used to verify the
integrity of a message.
• Message authentication assures that data received are exactly as sent
(i.e., there is no modification, insertion, deletion, or replay).
• In many cases, there is a requirement that the authentication
mechanism assures that purported identity of the sender is valid.
• When a hash function is used to provide message authentication, the
hash function value is often referred to as a message digest.
Digital Signatures
Another important application, which is similar to the message authentication application, is the
digital signature.
Other Applications

• Hash functions are commonly

used to create a one-way
password file.
• a hash of a password is stored by
an operating system rather than
the password itself.
• Thus, the actual password is not
retrievable by a hacker who gains
access to the password file.
when a user enters a password, the hash of that password is
compared to the stored hash value for verification.
Hash Functions Family
 MD (Message Digest)
 Designed by Ron Rivest
 Family: MD2, MD4, MD5
 SHA (Secure Hash Algorithm)
 Designed by NIST
 Family: SHA-0, SHA-1, and SHA-2
 SHA-2: SHA-224, SHA-256, SHA-384, SHA-512
 SHA-3: New standard in competition
MD5, and SHA-1

27
MD2, MD4 and MD5
 Family of one-way hash functions by Ronald Rivest
 All produces 128 bits hash value
 MD2: 1989
 Optimized for 8 bit computer
 Collision found in 1995
 MD4: 1990
 Full round collision attack found in 1995
 MD5: 1992
 Specified as Internet standard in RFC 1321
 since 1997 it was theoretically not so hard to create a collision
 Practical Collision MD5 has been broken since 2004
 CA attack published in 2007
Message Digest 5 algorithm (MD 5 algorithm)
 MD 5 is a message digest algorithm developed by Ron
Rivest.
 The MD5 algorithm works by taking an input message of
arbitrary length and producing a fixed-size 128-bit hash
value.
 The algorithm consists of four rounds of operations, with
each round performing 16 operations on a 512-bit block
of the input message.
 The output of each round is used as the input to the next
round, and the final output is the 128-bit hash value.
Working
 Step 1: Padding–
 Padding is an important step in the MD5 algorithm that
ensures that the input message can be processed in 512-
bit blocks.

 The total length of this should be 64 bits less than a

multiple of 512.
 Padding is always added even if the length of original
message is already a multiple of 512.
 Example:
 Original message = 1000 bits
 Padding bits are 472
 Total length: 1472

 If we add 64 to 1472, we get 1536 which is a multiple of

512 (512*3=1526)
 Step 2: Append Length – The length of original message excluding
padding bits is now calculated and appended to the end of the padding
as 64-bit block.
 Step 3: Divide the input into 512-bit blocks
 Step 4: Initialize chaining variables
 Four variables are initialized. They are A,B,C, and D. Each
of these is a 32 bit number
 Step 5
 Step 5.1:
 Copy the chaining variables into four corresponding
variables a, b, c, and d,
 Now we have a=A, b=B, c=C and d=D

 Algorithm considers the combination of a,b,c,d as 128-bit

shift register.
 Step 5.2
 Divide the current 512-bit block into 16 sub-blocks, each
sub-block contains 32 bit.
 Step 5.3
 We have 4 rounds. In each round, we process all the 16
sub-blocks belonging to a block.
 Inputs to each round are
 A) All the 16 sub-blocks
 B) a, b, c and d
 C) Some constants designated as t
 In each round, we have 16 input sub-blocks, named as
M[0], M[1],……. M[15]
 Also, t is an array of constant. It contains 64 elements
with each element consisting of 32 bits as t[1], t[2],
….t[64]
 Since there are 4 rounds, we use 16 out of the 64 values
of t in each round
 Step 4: Process Message in 512-bit blocks – It consists of
four rounds of processing. Each round takes input 512-bit
block, processed it and produces 128-bit output. The
output of fourth round is added to the first round (CV q to
produce CVq+1).

 Step 5: Output – After processing all L 512-bit blocks, the

128-bit message digest is produced as an output.
MD5 Overview
MD5 Overview

1. Append padding bits

(to 448 mod 512)

MD5 Overview

2. Append length

(64bits)
MD5 Overview
3. Initialize MD buffer (4x32 bits Word)

Word A = 01 23 45 67

Word B = 89 AB CD EF

Word C = FE DC BA 98

Word D = 76 54 32 10
Hash Algorithm Design – MD5

16 steps
16 steps
Single step
The ith 32-bit word in matrix T, constructed from the sine function

M [q*16+k] = the kth 32-bit word from the qth 512-bit block of the msg

Single step
Secure Hash Algorithm
 SHA originally designed by NIST & NSA in 1993
 revised in 1995 as SHA-1
 US standard for use with DSA signature scheme
 standard is FIPS 180-1 1995, also Internet RFC3174
 based on design of MD4 with key differences
 produces 160-bit hash values
 recent 2005 results on security of SHA-1 have raised concerns
on its use in future applications
Secure Hash Algorithm – 1
 Unlike encryption, given a variable length message x, a
secure hash algorithm computes a function H(x) which
has a fixed bit.
 When a message of any length is less than 2 64 bits is
input, the SHA-1 produces a 160-bit output called
message digest.
 SHA-1 called secure because it is computationally
infeasible to find a message which corresponds to a given
message digest, or to find two different messages which
produce the same message digest.
Working of SHA – 1
 SHA1 works with any input message that is less than 2^64
bits in length. The output of SHA is a message digest,
which is 160 bits in length.
 Step – 1: Padding - The first step of SHA-1 is added
padding to the end of original message to prepare
message in multiple of 512 bits.
 Step – 2: Append Length – The length of message
excluding the length of the padding is now calculated and
appended to the end of the padding as 64-bit block.
(message length is 64 bits short of multiple of 512).
 5
ABCDE = E + Process P + S (a) + W(t) + K(t)
 Step – 3: Divide the input into 512-bit blocks: The input message is now divided into blocks, each of length 512 bits.

 Step – 4: Initialize chaining variables: Now, five chaining variables A to E are initialized. Each of 32 bits variable produces 160 bits

length of message digest.

 Step – 5: Process Block & Output – Combination of A-E chaining variable is called ABCDE, will be considered as a single register.

Now divided the current 512-bit block into 16 sub blocks, each consisting of 32 bits. (32x16=512) SHA-1 has perform four rounds.

Each round takes the current 512-bit block, the register ABCDE and constant K(t) (where t=0 to 79) as input. SHA consists of four

rounds, each round containing 20 iterations. So total iteration is 80. The logical operation of a single SHA-1 iteration looks as

shown in figure. Mathematically, an iteration consists of the following operation:

 5
ABCDE = E + Process P + S (a) + W(t) + K(t)
Difference between SHA-1 and MD 5
 11-3 MESSAGE AUTHENTICATION

A message digest does not authenticate the sender of the message. To provide message

authentication, Alice needs to provide proof that it is Alice sending the message and not an

impostor. The digest created by a cryptographic hash function is normally called a

modification detection code (MDC). What we need for message authentication is a message

authentication code (MAC).

11.58
 11.3.1 Modification Detection Code (MDC)

A modification detection code (MDC) is a message digest that can prove the integrity of the

message: that message has not been changed. If Alice needs to send a message to Bob and be sure

that the message will not change during transmission, Alice can create a message digest, MDC, and

send both the message and the MDC to Bob. Bob can create a new MDC from the message and

compare the received MDC and the new MDC. If they are the same, the message has not been

changed.

11.59
 11.3.1 Continued

Figure 11.9 Modification detection code (MDC)

11.60
 11.3.2 Message Authentication Code (MAC)

Figure 11.10 Message authentication code

11.61
 11.3.2 Continued

Note

The security of a MAC depends on the security of the underlying hash algorithm.

11.62
 11.3.2 Continued

Nested MAC

Figure 11.11 Nested MAC

11.63
 11.3.2 Continued

HMAC

Figure 11.12
Details of HMAC

11.64
 11.3.2 Continued

Figure 11.13 CMAC

11.65