Unit-4 HashFunction & DigitalSignature

Information Security (CE5006)
Unit-4
Hash Functions &
Digital Signature Scheme
Prof. Dipak Dabhi
dipak.dabhi@utu.ac.in
Unit-4 Weightage : 20% (12 Marks)

Outline
 Hash function
• Hash functions and basic uses of hash functions
• Requirements of hash function
• Message digest algorithm (MD5)
• Secure hash algorithm (SHA)
 Message authentication
• Authentication requirement
• Authentication functions
• Message authentication code
• Basic uses of message authentication code
• MAC
• HMAC
 Digital Signatures and authentication protocols
• Digital signatures requirements
• Digital signature standards
• Digital Signature Algorithm(DSA)
Unit-4 Hash Fundction & Digital Signature CGPIT 2
Information Security
 Integrity: Can the recipient be confident that the message has
not been accidentally modified?
 Authentication: Can the recipient be confident that the message

originates from the sender?
 Non-repudiation: If the recipient passes the message and the

proof to a third party, can the third party be confident that the
message originated from the sender?

Information Security

Message Authentication Requirements
1. Disclosure: Release of message contents.
2. Traffic analysis: Analyses the traffic and observe the pattern of
traffic between parties.
3. Masquerade: Insertion of messages into the network from a
fraudulent source.
4. Content modification: Changes to the contents of a message.
5. Sequence modification: Any modification to a sequence of
messages between parties.
6. Timing modification: Delay or replay of messages.
7. Source repudiation: Denial of transmission of message by source.
8. Destination repudiation: Denial of receipt of message by
destination.
Message Authentication Requirements
1. Disclosure Requires Message
2. Traffic analysis Confidentiality
(Encryption)
3. Masquerade
4. Content modification Requires Message
5. Sequence modification Authentication
6. Timing modification
7. Source repudiation Requires Digital
8. Destination repudiation Signature

Authentication Function
 Any message authentication or digital signature mechanism has
two levels of functionality.
 At the lower level, there must be some sort of function that
produces an authenticator: a value to be used to authenticate a
message.
 This lower-level function is then used as a primitive in a higher-
level authentication protocol that enables a receiver to verify the
authenticity of a message.

Authentication Function
 This section is concerned with the types of functions that may be
used to produce an authenticator :
1. Message encryption: The ciphertext of the entire message

serves as its authenticator
2. Hash function: A function that maps a message of any length

into a fixed-length hash value, which serves as the authenticator
3. Message authentication code (MAC): A function of the message

and a secret key that produces a fixed-length value that serves
as the authenticator
Hash Function
 A hash function H accepts a
variable-length block of data M
as input and produces a fixed-
size hash value h = H(M).
 A “good” hash function has the
property that the results of
applying a change to any bit or
bits in M results, with high
probability, in a change to the
hash code.

Input-Output behaviour of hash functions
Message Message
digest
Alice was beginning to get very tired of
sitting by her sister on the bank, and have H DFDC349A
nothing to do.
I am not a crook H FB93E283
I am not a cook H A3F4439B

Requirements for hash functions
1. Can be applied to any length of message M.
2. Produces fixed-length output h.
3. It is easy to compute h=H(M) for any message M.
4. Given hash value h is infeasible to find y such that (H(y) = h)
• One-way property (In other words, given a ﬁngerprint, we
cannot derive a matching message).
5. For given block x, it is computationally infeasible to find
y ≠ x with H(y) = H(x)
• Weak collision resistance
6. It is computationally infeasible to find messages m1 and m2 with
H(m1) = H(m2)
• Strong collision resistance
Simple Hash Function
 The input (message, file, etc.) is viewed as a sequence of n-bit
blocks.
 The input is processed one block at a time in an iterative fashion
to produce an n-bit hash function.
 One of the simplest hash functions is the bit-by-bit exclusive-OR
(XOR) of every block.
Where,
= ith bit of the hash code 1 ≤ i ≤ n
m = number of n-bit blocks in the input
= ith bit in jth block

MD5 Algorithm
 MD5 is a cryptographic hash function algorithm that takes the
message as input of any length and changes it into a fixed-length
message of 16 bytes.
 MD5 algorithm stands for the message-digest algorithm.
 MD5 was developed as an improvement of MD4, with advanced

security purposes. The output of MD5 (Digest size) is always 128
bits.
 MD5 was developed in 1991 by Ronald Rivest.

MD5 Algorithm
 Use Of MD5 Algorithm:
• It is used for file authentication.
• In a web application, it is used for security purposes.
e.g. Secure password of users etc.
• Using this algorithm, We can store our password in 128 bits format.

MD5 Algorithm Working
 Step-1 : Append Padding Bits:
 In the first step, we add padding bits in the original message in such a
way that the total length of the message is 64 bits less than the exact
multiple of 512.
 Suppose we are given a message of 1000 bits. Now we have to add
padding bits to the original message. Here we will add 472 padding bits
to the original message.
 After adding the padding bits the size of the original message/output of
the first step will be 1472 i.e. 64 bits less than an exact multiple of 512
(i.e. 512*3 = 1536).
 Length(original message + padding bits) = 512 * i – 64 where i = 1,2,3 . .

 Step-2 : Append Length Bits:
 In this step, we add the length bit in the output of the first step in such a
way that the total number of the bits is the perfect multiple of 512.
Simply, here we add the 64-bit as a length bit in the output of the first
step.
 i.e. output of first step = 512 * n – 64
 length bits = 64.
 After adding both we will get 512 * n

 i.e. the exact multiple of 512.

 Step-3 : Initialize MD buffer:
 Here, we use the 4 buffers i.e. A, B, C, and D.

 The size of each buffer is 32 bits.
 - A = 0x67425301
 - B = 0xEDFCBA45
 - C = 0x98CBADFE
 - D = 0x13DCE476

 Step-4 : Process Each 512-bit Block::
 Each 512-bit block gets broken down further into 16 sub-blocks of 32

bits each.
 There are four rounds of operations, with each round utilizing all the
sub-blocks, the buffers, and a constant array value.
 This constant array can be denoted as T[1] -> T[64].
 Each of the sub-blocks are denoted as M[0] -> M[15].


 According to the image above, you see the values being run for a single
buffer A. The correct order is as follows:
• It passes B, C, and D onto a non-linear process.

• The result is added with the value present at A.
• It adds the sub-block value to the result above.
• Then, it adds the constant value for that particular iteration.
• There is a circular shift applied to the string.
• As a final step, it adds the value of B to the string and is stored in buffer A.

 The steps mentioned above are run for every buffer and every sub-block.
 When the last block’s final buffer is complete, you will receive the MD5
digest.
 The non-linear process above is different for each round of the sub-
block.
• Round 1: (b AND c) OR ((NOT b) AND (d))
• Round 2: (b AND d) OR (c AND (NOT d))
• Round 3: b XOR c XOR d
• Round 4: c XOR (b OR (NOT d))There is a circular shift applied to the string.

Application Of MD5 Algorithm:
 We use message digest to verify the integrity of files/ authenticates files.
 MD5 was used for data security and encryption.
 It is used to Digest the message of any size and also used for Password
verification.
 For Game Boards and Graphics.

Advantages of MD5 Algorithm:
 MD5 is faster and simple to understand.
 MD5 algorithm generates a strong password in 16 bytes format. All developers
like web developers etc use the MD5 algorithm to secure the password of
users.
 To integrate the MD5 algorithm, relatively low memory is necessary.
 It is very easy and faster to generate a digest message of the original message.

Disadvantages of MD5 Algorithm:
 MD5 generates the same hash function for different inputs.
 MD5 provides poor security over SHA1.
 MD5 has been considered an insecure algorithm. So now we are using SHA256
instead of MD5
 MD5 is neither a symmetric nor asymmetric algorithm.

SHA - Secure Hash Algorithm
 It is a modified version of MD5 algorithm.
 In MD5 – length of o/p = 128 bits

 In SHA-1 – length of o/p = 160 bits
 In SHA-512 – length of o/p = 512 bits

SHA - Secure Hash Algorithm
SHA - 1 SHA - 224 SHA - 256 SHA - 384 SHA - 512
Message
Digest Size 160 224 256 384 512
Message Size < 264 < 264 < 264 < 2128 < 2128
Block Size 512 512 512 1024 1024
Word Size 32 32 32 64 64
Number of
Steps 80 64 64 80 80

SHA - 512
 The algorithm takes input as a message with a maximum length of
less than 2128 bits and produces output as a 512-bit message
digest.
 The input is processed in 1024-bit blocks.

Message Digest Generation using SHA - 512
Message (L bit) 10000…0 L
M1 (1024 bits) M2 (1024 bits) MN (1024 bits)
F F F
+ + +
IV=H0 H1 (512 H2 (512 HN (512

bits) bits) bits)

Step - 1 Append Padding Bits
 The message is padded so that its length is congruent to 896
modulo 1024 [length ≡ 896(mod 1024)].
 Padding is always added, even if the message is already of the
desired length.
 Thus, the number of padding bits is in the range of 1 to 1024.
 The padding consists of a single 1 bit followed by the necessary
number of 0 bits.

Step - 2 Append Length
 A block of 128 bits is appended to the message.
 This block is treated as an unsigned 128-bit integer (most
significant byte first) and contains the length of the original
message (before the padding).

Step-1 and Step-2 Example
Example:
 Given is the message “abc” consisting of three 8-bit ASCII
characters with a total length of l =24 bits.
A B C
01100001 01100010 01100011
 We append a “1” followed by k = 871 zero bits, where k is

determined by
k≡ 896−(l+1)=896−25=871 mod 1024.
 Finally, we append the 128-bit value which contains the binary
representation of the length l =2410 =110002.
 The padded message is then given by
A B C Append Length
01100001 01100010 01100011 10000..0 00..011000

Step - 3 Initialize hash buffer
 The outcome of the first two steps produces a message that is an
integer multiple of 1024 bits in length.
 The expanded message is represented as the sequence of 1024-bit
blocks M1 , M2, … , MN, so that the total length of expanded
message is N X 1024 bits.
 A 512-bit buffer is used to hold intermediate and final results of
the hash function. The buffer can be represented as eight 64-bit
registers (a, b, c, d, e, f, g, h).

Step - 4 Process message in 1024-bit (128-word) blocks
 The heart of the algorithm is a module that consists of 80 rounds

and this module is labelled as F function.

SHA - 512 Processing of a Single 1024-Bit Block
Mi Hi-1
Message
schedule
a b c d e f g e 64
W0 K0
Round 0
a b c d e f g e 64
W79 K79
Round 79
+ + + + + + + +
Hi
SHA - 512 Processing of a Single 1024-Bit Block
 Each round takes as input the 512-bit buffer value, abcdefgh, and
updates the contents of the buffer.
 At input to the first round, the buffer has the value of the
intermediate hash value, Hi-1.
 Each round t makes use of a 64-bit value Wt, derived from the
current 1024-bit block being processed.
 The output of the eightieth round is added to the input to the first
round (Hi-1) to produce Hi.

Step – 5 Output
 After all Nth block of 1024-bit have been processed, the output
from the Nth stage is the 512-bit message digest.

SHA - 512 Round Function
SHA - 512 Round Function – Cont…
a b c d e f g h
Ch +
Ʃ Maj
+ Ʃ +
+ +
+ Wt
+ Kt
a b c d e f g h

(∑ )
512
𝑇 1=h+ Ch ( 𝑒 , 𝑓 , 𝑔 ) + 𝑒 + 𝑊 𝑡+ 𝐾𝑡
1
(∑ )
512
𝑇 2= 𝑎 + Maj ( 𝑎 , 𝑏 ,𝑐 )
0
SHA - 512 Round Function Elements
 Maj(a,b,c) = (a AND b) XOR (b AND c) XOR (a AND c) Majority of
arguments are true.
 Conditional function = (e AND f) XOR (NOT e and g)
 ∑(a) = ROTR(a,28) XOR ROTR(a,34) XOR ROTR(a,39)
 ∑(e) = ROTR(e,14) XOR ROTR(e,18) XOR ROTR(e,41)
 + = addition modulo 264
 Kt = a 64-bit additive constant.
 Wt = a 64-bit word derived from plaintext.
 ROTR = Circular right shift rotataion

SHA - 512 Round Function Elements

Applications of Cryptographic Hash Functions
1. Message authentication
2. Digital Signature
3. One-way password file

MAC (Message Authentication Code)

Message Authentication
 Message authentication is a mechanism or service used to verify
the integrity of a message.
 Message authentication assures that data received are exactly as
sent (i.e., contain no modification, insertion, deletion, or replay).
 When a hash function is used to provide message authentication,
the hash function value is often referred to as a message digest.

Message authentication method - 1
Source A Destination B
H
M ll E D M
Compare
H K K
H(M)
E (K, [ M || H(M)])
 Only A and B share the secret key, the message must have come
from A and has not been altered.
 The hash code provides the structure required to achieve
authentication.
 Because encryption is applied to the entire message plus hash
code, confidentiality is also provided.
H
M ll M Compare
K K
H E D
E(K, H(M))
 Only the hash code is encrypted, using symmetric encryption.

 This reduces the processing burden for those applications that do
not require confidentiality.

ll H
M ll M S
Compare
S ll H
H(M || S)
 It is possible to use a hash function but no encryption for message
authentication.
 A and B share a common secret value S.
 A computes the hash value over the concatenation of M and S
and appends the resulting hash value to M. Because B possesses S,
it can recompute the hash value to verify the message.
 An opponent cannot modify an intercepted message.
ll H
E D M S
M ll
Compare
ll H K K
S
H(M || S)
E (K, [ M || H(M || S)])
 Confidentiality can be added to the approach of method (3) by

encrypting the entire message plus the hash code.

MAC (Message Authentication Code)
 More commonly, message authentication is achieved using a MAC
also known as keyed hash function.
 MACs are used between two parties that share a secret key to
authenticate information exchanged between those parties.
 A MAC function takes as input a secret key and a data block and
produces a hash value, referred to as the MAC.
 The combination of hashing and encryption results in an overall
function that is a MAC (Method -2 in previous slide).
MAC = C ( K , M )

HMAC (Hash Based - Message Authentication Code)
HMAC
MAC

HMAC (Hash Based - Message Authentication Code)
HMAC
MAC

MAC Based on Hash Functions - HMAC
• Cryptographic hash functions such as MD5

and SHA generally execute faster in software
than symmetric block ciphers such as DES.
• Library code for cryptographic hash functions
is widely available.

Design objectives for HMAC
• To use, without modifications, available hash

functions.
• To allow for easy replaceability of the
embedded hash function in case faster or
more secure hash functions are found or
required.
• To preserve the original performance of the
hash function without incurring a significant
degradation.
HMAC Structure
1. Append zeros to the left end of K to

create a b-bit string K+
2. XOR K+ with ipad to produce the b-bit
block Si.
3. Append M to Si.
4. Apply H to the stream generated in
step 3.
5. XOR K+ with opad to produce the b-bit
block S0.
6. Append the hash result from step 4 to
S0.
7. Apply H to the stream generated in
step 6 and output the result.
HMAC Structure
• H = embedded hash function (e.g., MD5, SHA-1, RIPEMD-160)

• IV = initial value input to hash function
• M = message input to HMAC
• Yi = i th block of M
• L = number of blocks in M
• n = length of hash code produced by embedded hash function
• b = number of bits of block
• K + = K (>=n) padded with zeros on the left so that the result is b bits
in length
• ipad = 00110110 (36 in hexadecimal) repeated b/8 times
• opad = 01011100 (5C in hexadecimal) repeated b/8 times

HMAC
• Advantages
– HMAC is faster to compute and verify digital signatures because they use
hash functions rather than public key.
– HMACs can be used in some cases where the use of public key cryptography
is prohibited.
– HMACs are much smaller than digital signatures.
• Disadvantages
– Key exchange is a main issues, so can’t prevent against replay of message attack.
– HMAC cannot be used if the number of receivers is greater than one.
– If multiple parties shares the same symmetric key, how does the receiver know
that the message was prepared and sent by the sender.

Digital Signature
 A digital signature is a mathematical technique used to validate
the authenticity and integrity of a message, software or digital
document.
 The operation of the digital signature is similar to that of the MAC.
 In the case of the digital signature, the hash value of a message is
encrypted with a user’s private key.
 Anyone who knows the user’s public key can verify the integrity of
the message that is associated with the digital signature.

Digital Signature
 A digital signature is a mathematical technique used to validate
the authenticity and integrity of a message, software or digital
document.
 The operation of the digital signature is similar to that of the MAC.
 In the case of the digital signature, the hash value of a message is
encrypted with a user’s private key.
 Anyone who knows the user’s public key can verify the integrity of
the message that is associated with the digital signature.

Digital Signature
 How are we going to efﬁciently compute signatures of large
messages?
X1 X2 … XN
Kpr Sig Kpr Sig Kpr Sig
S1 S2 … SN
Three Problems
 Computational overhead
 Message overhead
 Security limitations
• Attacker could re-order or re-use signed blocks.

Digital Signature
Solution:
 Instead of signing the whole message, sign only a digest (=hash)
Also secure, but much faster.
 Needed: Hash Functions
X1 X2 … XN
Kpr Sig

Digital Signature method - 1
H
M ll M Compare
PRa PUa
H E D
E(PRa, H(M))
 The hash code is encrypted, using public-key encryption with the

sender’s private key.
 This provides authentication.
 It also provides a digital signature, because only the sender could
have produced the encrypted hash code.

Digital Signature method - 2
H
M ll E D M
PRa PUa Compare
H E K K D
E(PRa, H(M))
E (K, [ M || E(PRa, H(M)])
 If confidentiality as well as a digital signature is desired, then the

message plus the private-key-encrypted hash code can be
encrypted using a symmetric secret key.

Cryptographic Goals
Cryptographic goals
Confidentiality Data integrity Authentication No

n-r
Symmetric-keyh Arb Entity authentication Digitalesignatures
pu
a it r d ia
ciphers: s h ary Authentication tio
fu l n
• Block ciphers M n c en primitives
Au ess tio gt
• Stream th ag
co ciphers n h
de en e s Message authentication
D s ( tic
Public-key
igi M ati • MACs
ta AC on
ciphers ls s) • Digital
ign
at signatures
ur
es
Digital Signature
• A digital signature is an authentication

mechanism that enables the creator of a
message to attach a code that acts as a
signature.
• Typically the signature is formed by taking the
hash of the message and encrypting the
message with the creator’s private key.
• The signature guarantees the source and
integrity
Unit-4 Hash of Signature
Fundction & Digital the message.CGPIT 66
Properties
• The digital signature must have the following

properties:
▪ It must verify the author and the date and time of
the signature
▪ It must authenticate the contents at the time of
the signature
▪ It must be verifiable by third parties, to resolve
dispute

Digital Signature Requirements
1. The signature must be a bit pattern that depends on the message

being signed.
2. The signature must use some information unique to the sender to
prevent both forgery and denial.
3. It must be relatively easy to produce the digital signature.
4. It must be relatively easy to recognize and verify the digital signature.
5. It must be computationally infeasible to forge a digital signature, either
by constructing a new message for an existing digital signature or by
constructing a fraudulent digital signature for a given message.
6. It must be practical to retain a copy of the digital signature in storage.

Digital Signature Standard / DSA
• The DSS uses an algorithm that is designed to

provide only the digital signature function.
• Unlike RSA, it cannot be used for encryption or
key exchange.

RSA Approach
• In the RSA approach, the message to be

signed is input to a hash function that
produces a secure hash code of fixed length.
• This hash code is then encrypted using the
sender’s private key to form the signature.
• Both the message and the signature are then
transmitted.
• The recipient takes the message and produces
a Fundction
Unit-4 Hash hash &code.
Digital Signature CGPIT 73
RSA Approach
• The recipient also decrypts the signature using

the sender’s public key.
• If the calculated hash code matches the
decrypted signature, the signature is accepted
as valid.
• Because only the sender knows the private
key, only the sender could have produced a
valid signature.
DSA Approach
• The hash code is provided as input to a

signature function along with a random
number k generated for this particular
signature.
• The signature function also depends on the
sender’s private key (PRa) and a set of
parameters known to a group of
communicating principals.
• We can consider this setCGPIT
to constitute a global75
Unit-4 Hash Fundction & Digital Signature
DSA Approach
• At the receiving end, the hash code of the

incoming message is generated.
• This plus the signature is input to a
verification function.
• The verification function also depends on the
global public key as well as the sender’s public
key (PUa), which is paired with the sender’s
private key.
• The output of the verification function is a
Unit-4 Hash Fundction & Digital Signature
CGPIT 76
Digital Signature Algorithm




Unit-4 HashFunction & DigitalSignature

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Unit-4 HashFunction & DigitalSignature

Uploaded by

Copyright:

Available Formats

Information Security (CE5006)

Prof. Dipak Dabhi

Unit-4 Weightage : 20% (12 Marks)

 Authentication: Can the recipient be confident that the message

 Non-repudiation: If the recipient passes the message and the

Unit-4 Hash Fundction & Digital Signature CGPIT 3

Unit-4 Hash Fundction & Digital Signature CGPIT 4

Unit-4 Hash Fundction & Digital Signature CGPIT 6

Unit-4 Hash Fundction & Digital Signature CGPIT 7

1. Message encryption: The ciphertext of the entire message

2. Hash function: A function that maps a message of any length

3. Message authentication code (MAC): A function of the message

Unit-4 Hash Fundction & Digital Signature CGPIT 9

I am not a crook H FB93E283

I am not a cook H A3F4439B

Unit-4 Hash Fundction & Digital Signature CGPIT 10

Unit-4 Hash Fundction & Digital Signature CGPIT 12

 MD5 algorithm stands for the message-digest algorithm.

 MD5 was developed as an improvement of MD4, with advanced

 MD5 was developed in 1991 by Ronald Rivest.

Unit-4 Hash Fundction & Digital Signature CGPIT 13

Unit-4 Hash Fundction & Digital Signature CGPIT 14

Unit-4 Hash Fundction & Digital Signature CGPIT 15

 length bits = 64.

 After adding both we will get 512 * n

Unit-4 Hash Fundction & Digital Signature CGPIT 16

 Here, we use the 4 buffers i.e. A, B, C, and D.

Unit-4 Hash Fundction & Digital Signature CGPIT 17

 Each 512-bit block gets broken down further into 16 sub-blocks of 32

 This constant array can be denoted as T[1] -> T[64].

 Each of the sub-blocks are denoted as M[0] -> M[15].

Unit-4 Hash Fundction & Digital Signature CGPIT 18

Unit-4 Hash Fundction & Digital Signature CGPIT 19

• It passes B, C, and D onto a non-linear process.

Unit-4 Hash Fundction & Digital Signature CGPIT 20

Unit-4 Hash Fundction & Digital Signature CGPIT 21

Unit-4 Hash Fundction & Digital Signature CGPIT 22

Unit-4 Hash Fundction & Digital Signature CGPIT 23

Unit-4 Hash Fundction & Digital Signature CGPIT 24

 In MD5 – length of o/p = 128 bits

Unit-4 Hash Fundction & Digital Signature CGPIT 25

Unit-4 Hash Fundction & Digital Signature CGPIT 26

Unit-4 Hash Fundction & Digital Signature CGPIT 27

Message (L bit) 10000…0 L

M1 (1024 bits) M2 (1024 bits) MN (1024 bits)

IV=H0 H1 (512 H2 (512 HN (512

Unit-4 Hash Fundction & Digital Signature CGPIT 29

Unit-4 Hash Fundction & Digital Signature CGPIT 30

Unit-4 Hash Fundction & Digital Signature CGPIT 31

 We append a “1” followed by k = 871 zero bits, where k is

Unit-4 Hash Fundction & Digital Signature CGPIT 32

Unit-4 Hash Fundction & Digital Signature CGPIT 33

 The heart of the algorithm is a module that consists of 80 rounds

Unit-4 Hash Fundction & Digital Signature CGPIT 34

Unit-4 Hash Fundction & Digital Signature CGPIT 37

Unit-4 Hash Fundction & Digital Signature CGPIT 38

Unit-4 Hash Fundction & Digital Signature CGPIT 40

Unit-4 Hash Fundction & Digital Signature CGPIT 42

Unit-4 Hash Fundction & Digital Signature CGPIT 43

Unit-4 Hash Fundction & Digital Signature CGPIT 44

Unit-4 Hash Fundction & Digital Signature CGPIT 45

Unit-4 Hash Fundction & Digital Signature CGPIT 46

 Only the hash code is encrypted, using symmetric encryption.