King Fahd University of Petroleum & Minerals

College of Computer Sciences & Engineering

Secure Hashing

Cryptography and Blockchain Applications

Prepared by:
Sultan Almuhammadi
This lecture is based on:
Stallings, Cryptography and Network Security: Chapter 11
 Outline

 One-way functions
 Secure Hash functions
 Security Issues:
 Man-in-the-middle attach
 Birthday attack
 Structure of Secure Hashing
 SHA
 Applications:

2
 Definitions

 One-way function f :AB

 Given x  A, it is easy to compute f (x)
 Given f (x), it is hard to compute x
 Trapdoor one-way function
 A one-way function f :A  B with a secret s, such that
 Given x  A, it is easy to compute f (x)
 Given f (x), it is hard to compute x
 Given f (x) and s, it is easy to compute x

3
 Examples

 One-way function
 Multipicative group Zp* with generator g
 f (x) = gx mod p
 Trapdoor one-way function
 Multiplicative group Zn* where n = p.q for large primes p, q
 f (x) = ϕ(n)
 The secret is: (p and q)

4
 Hash Function

 Definition: one-way hash function h(x)

 A one-way hash function operates on an input message x of
arbitrary length, and outputs a fixed-length hash value h(x).
 Given x, it is easy to compute h(x)
 Given h(x), it is infeasible to compute x

5
 Hash Function Properties

 h can be applied to an input of any size

 h produces a fixed-length output
 One-way property: Easy to compute h(x), but infeasible to
compute x given h(x) (Preimage resistance)
 Collision resistance property:
 Weakly collision-free: Given x, it is infeasible to find y  x, such that h(x) =
h(y) (Second preimage resistance)
 Strongly collision-free: It is infeasible to find any pair (x, y) such that y  x
and h(x) = h(y) (Collision resistance)

6
 Secure Hashing

 Definition: h is cryptographically secure if it is a one-

way collision-free hash function.
 Note: Strong/weak collision resistance depends on the sensitivity
of the application
 Given a message M, h(M) is called the hash value of M,
hash code, or the message digest.
 Examples:
 SHA
 Whirlpool
 MD5
 MD4 (old version in the MD family, not secure)

7
 Security Issues of Hash Functions
 Birthday Attack:
 Based on Birthday Problem: Choose n people from a party such that a
pair of them may have the same birthday on average (with 50%
probability)
 Solution: n  1.18 D , where D is the number of days (values).
 For 366 days, we need n=23 people (1.18*366  22.57)
 Effort Required for Brute-Force Attack:
 On average, for an n-bit secure hash, the effort is proportional to:

One way 2n-1

Weak collision resistance 2n-1

Strong collision resistance 2n/2

8
 General Structure of Secure Hashing

9
 Secure Hash Algorithm (SHA)

 Developed by National Institute of Standards and Technology

(NIST) in 1993.
 In 1995, NIST published SHA-1
 Based on MD4
 Output: 160-bit hash value
 In 2002, NIST defined 3 versions (SHA-256, SHA-384, SHA-
512) with hash value lengths: 256, 384, and 512.
 In 2005, NIST approved the phase out of SHA-1 and moving
to other versions of SHA by 2010.

10
 MD4

 MD stands for Message Digest and designed by Ron Rivest

 Output: 128-bit hash values
 Design goals (claimed by Rivest)
 Strongly collision-free (no attack is better than brute-foce)
 The security is based on no assumption (like hardness of factorization)
 MD4 was cryptanalyzed shortly after publishing and some
parts were successfully attacked.

11
 MD5

 MD5 is an improved version of MD4

 Output: 128-bit hash values
 Ron Rivest made several improvements of MD5 over MD4
 Security issues of MD5:
 It was cryptanalyzed but there is no practical impact on the security of
the hash function.
 Hash code length (128-bit) is not desired today.

12
 Whirlpool

 Based on the use of a block cipher for the compression

function (initially DES, later AES)
 General drawbacks of using block cipher:
 Block ciphers are invertible lack of randomness
 Low performance due to slow block ciphers
 Weakness due to regularities of block ciphers
 Since the adoption of AES, Whirlpool overcomes the above
drawbacks.

13
 Whirlpool

 Advantages of using AES

 Hash code length is 512 bits (same as SHA)
 Resistant to usual attacks on block-cipher hashing
 Good performance and compact implementation on software and
hardware

14
 Applications of Secure Hashing

 Authentication
 Blockchain
 Merkle Trees
 Modification Detection Code (MDC)
 Message Authentication Code (MAC)
 Digital Signature Standard (DSS)

15
 Example: Authentication

 Alice logs into a host computer

 She identifies herself by a username and a password
 The host computer stores a all username-password in a a database and
check for a match.
 Authentication using secure hash functions
 Alice sends her password to the host
 The host hashes the password and compares the hash value to the value
it previously stored
 If Eve steals the hash values, she still cannot log in, since the hash
function is one-way and collision-free.

16
 Blockchain

 The term “chain of blocks” was introduced in 2008 with the

invention of Bitcoin.
 Bitcoin:
 A peer-to-peer electronic cash
 Published in 2008 under the pseudonym Satoshi Nakamoto.
 Blockchain:
 Tamper-evident log.
 Linked list built with hash pointers instead of normal pointers.

17
 Blockchain

 Tamper-evident :
 If an Eve modifies data anywhere in the block chain, it will result in
the hash pointer in the following block being incorrect.
 Storing the head of the list is sufficient to detect the tampering.

18
 Merkle Trees
 Data blocks are grouped in pairs and the hash of each of these
blocks is stored in a parent node, and so on, until we reach the
root node.

19
 Merkle Trees
 Proof of Membership
 To prove that a data block is included in the tree only requires showing
the blocks in the path from that data block to the root.

20
 Modification Detection Code (MDC)

21
 Modification Detection Code (MDC)

22
 Modification Detection Code (MDC)

Man-in-the-middle attack
23
 Message Authentication

24
 Message Authentication (with a secret)

25
 Digital Signature

26