Professional Documents
Culture Documents
11.1
11-1 MESSAGE INTEGRITY
The cryptography systems that we have studied so far provide secrecy, or confidentiality, but
not integrity. However, there are occasions where we may not even need secrecy but instead
11.2
Document and Fingerprint
One way to preserve the integrity of a document is through the use of a fingerprint. If Alice needs to
be sure that the contents of her document will not be changed, she can put her fingerprint at the
11.3
Message and Message Digest
The electronic equivalent of the document and fingerprint pair is the message and digest pair.
To preserve the integrity of a message, the message is passed through an algorithm called a cryptographic hash
function.
11.4
Hash Function
The hash value represents
concisely the longer
message
may called the message digest
A message digest is as a
“digital fingerprint” of the
original document
h = H(M)
5
• In hash function H accepts a variable length block of input data called as
‘M’ and produces the fixed size hash value can be represented as h = H(M).
amount of data (M) and then it produces the fixed amount of output data.
• If any bit or bits changes in the data, then whole hash function output data
practically infeasible to invert.
11.6
11.7
Hashing V.S. Encryption
k
Hello, world. NhbXBsZSBzZW50ZW5jZSB0byBzaG93IEVuY3
E
A sample sentence to show encryption. J5cHRpb24KsZSBzZ
k
Hello, world.
D NhbXBsZSBzZW50ZW5jZSB0byBzaG93IEVuY3
A sample sentence to show encryption.
J5cHRpb24KsZSBzZ
A cryptographic hash function must satisfy three criteria: preimage resistance, second preimage
11.12
Properties : Fixed length
661dce0da2bcb2d8
Hello, world
h
2884e0162acf8194
Fixed length L
Given only a message digest, can’t find any message (or preimage) that generates that digest.
Second preimage resistant
This measures how difficult to devise a message which hashes to the known digest and its message
Given one message, can’t find another message that has the same message digest. An attack that
finds a second message with the same message digest is a second pre-image attack.
It would be easy to forge new digital signatures from old signatures if the hash function used
weren’t second preimage resistant
Collision Resistant
Can’t find any two different messages with the same message digest
Collision resistance implies second preimage resistance
Collisions, if we could find them, would give signatories a way to repudiate their signatures
Applications Of Cryptographic Hash Functions
Message Authentication
• Message authentication is a mechanism or service used to verify the
integrity of a message.
• Message authentication assures that data received are exactly as sent
(i.e., there is no modification, insertion, deletion, or replay).
• In many cases, there is a requirement that the authentication
mechanism assures that purported identity of the sender is valid.
• When a hash function is used to provide message authentication, the
hash function value is often referred to as a message digest.
Digital Signatures
Another important application, which is similar to the message authentication application, is the
digital signature.
Other Applications
27
MD2, MD4 and MD5
Family of one-way hash functions by Ronald Rivest
All produces 128 bits hash value
MD2: 1989
Optimized for 8 bit computer
Collision found in 1995
MD4: 1990
Full round collision attack found in 1995
MD5: 1992
Specified as Internet standard in RFC 1321
since 1997 it was theoretically not so hard to create a collision
Practical Collision MD5 has been broken since 2004
CA attack published in 2007
Message Digest 5 algorithm (MD 5 algorithm)
MD 5 is a message digest algorithm developed by Ron
Rivest.
The MD5 algorithm works by taking an input message of
arbitrary length and producing a fixed-size 128-bit hash
value.
The algorithm consists of four rounds of operations, with
each round performing 16 operations on a 512-bit block
of the input message.
The output of each round is used as the input to the next
round, and the final output is the 128-bit hash value.
Working
Step 1: Padding–
Padding is an important step in the MD5 algorithm that
ensures that the input message can be processed in 512-
bit blocks.
2. Append length
(64bits)
MD5 Overview
3. Initialize MD buffer (4x32 bits Word)
Word A = 01 23 45 67
Word B = 89 AB CD EF
Word C = FE DC BA 98
Word D = 76 54 32 10
Hash Algorithm Design – MD5
16 steps
16 steps
Single step
The ith 32-bit word in matrix T, constructed from the sine function
M [q*16+k] = the kth 32-bit word from the qth 512-bit block of the msg
Single step
Secure Hash Algorithm
SHA originally designed by NIST & NSA in 1993
revised in 1995 as SHA-1
US standard for use with DSA signature scheme
standard is FIPS 180-1 1995, also Internet RFC3174
based on design of MD4 with key differences
produces 160-bit hash values
recent 2005 results on security of SHA-1 have raised concerns
on its use in future applications
Secure Hash Algorithm – 1
Unlike encryption, given a variable length message x, a
secure hash algorithm computes a function H(x) which
has a fixed bit.
When a message of any length is less than 2 64 bits is
input, the SHA-1 produces a 160-bit output called
message digest.
SHA-1 called secure because it is computationally
infeasible to find a message which corresponds to a given
message digest, or to find two different messages which
produce the same message digest.
Working of SHA – 1
SHA1 works with any input message that is less than 2^64
bits in length. The output of SHA is a message digest,
which is 160 bits in length.
Step – 1: Padding - The first step of SHA-1 is added
padding to the end of original message to prepare
message in multiple of 512 bits.
Step – 2: Append Length – The length of message
excluding the length of the padding is now calculated and
appended to the end of the padding as 64-bit block.
(message length is 64 bits short of multiple of 512).
5
ABCDE = E + Process P + S (a) + W(t) + K(t)
Step – 3: Divide the input into 512-bit blocks: The input message is now divided into blocks, each of length 512 bits.
Step – 4: Initialize chaining variables: Now, five chaining variables A to E are initialized. Each of 32 bits variable produces 160 bits
Step – 5: Process Block & Output – Combination of A-E chaining variable is called ABCDE, will be considered as a single register.
Now divided the current 512-bit block into 16 sub blocks, each consisting of 32 bits. (32x16=512) SHA-1 has perform four rounds.
Each round takes the current 512-bit block, the register ABCDE and constant K(t) (where t=0 to 79) as input. SHA consists of four
rounds, each round containing 20 iterations. So total iteration is 80. The logical operation of a single SHA-1 iteration looks as
5
ABCDE = E + Process P + S (a) + W(t) + K(t)
Difference between SHA-1 and MD 5
11-3 MESSAGE AUTHENTICATION
A message digest does not authenticate the sender of the message. To provide message
authentication, Alice needs to provide proof that it is Alice sending the message and not an
modification detection code (MDC). What we need for message authentication is a message
11.58
11.3.1 Modification Detection Code (MDC)
A modification detection code (MDC) is a message digest that can prove the integrity of the
message: that message has not been changed. If Alice needs to send a message to Bob and be sure
that the message will not change during transmission, Alice can create a message digest, MDC, and
send both the message and the MDC to Bob. Bob can create a new MDC from the message and
compare the received MDC and the new MDC. If they are the same, the message has not been
changed.
11.59
11.3.1 Continued
11.60
11.3.2 Message Authentication Code (MAC)
11.61
11.3.2 Continued
Note
The security of a MAC depends on the security of the underlying hash algorithm.
11.62
11.3.2 Continued
Nested MAC
11.63
11.3.2 Continued
HMAC
Figure 11.12
Details of HMAC
11.64
11.3.2 Continued
11.65