hash functions and macs
play

Hash Functions and MACs Properties of Cryptographic Hash Functions - PowerPoint PPT Presentation

Cryptography Hash Functions and MACs Introduction to Hash Functions Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message Cryptography Authentication Codes School of Engineering and Technology


  1. Cryptography Hash Functions and MACs Introduction to Hash Functions Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message Cryptography Authentication Codes School of Engineering and Technology CQUniversity Australia Prepared by Steven Gordon on 15 Apr 2020, hash.tex, r1851 1/23

  2. Cryptography Summary of Authentication Primitives Hash Functions and MACs ◮ Two types of general hash functions: Introduction to ◮ Unkeyed hash function, h = H( M ) Hash Functions ◮ Also simply called (cryptographic) hash function Properties of Cryptographic ◮ Output hash value, h , also called message digest , digital Hash Functions fingerprint , or imprint Introduction to Message ◮ Primary function: MDC Authentication Codes ◮ Keyed hash function, h = H( K , M ) ◮ Output h often called code , tag or MAC ◮ Primary function: MAC1 2/23

  3. Cryptography Contents Hash Functions and MACs Introduction to Hash Functions Properties of Introduction to Hash Functions Cryptographic Hash Functions Introduction to Message Authentication Codes Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 3/23

  4. Cryptography Hash Functions for Cryptography Hash Functions and MACs ◮ Hash function or algorithm H (): Introduction to ◮ Input: variable-length block of data M Hash Functions ◮ Output: fixed-length, small, hash value, h , where Properties of Cryptographic h = H ( M ) Hash Functions ◮ Another name for hash value is digest Introduction to ◮ Output hash values should be evenly distributed and Message Authentication appear random Codes ◮ A secure, cryptographic hash function is practically impossible to: ◮ Find the original input given the hash value ◮ Find two inputs that produce the same hash value 4/23

  5. Cryptography Applications of Hash Functions Hash Functions and MACs ◮ Message authentication Introduction to Hash Functions ◮ Digital signatures Properties of ◮ Storing passwords Cryptographic Hash Functions ◮ Signatures of data for malicious behaviour detection Introduction to Message (e.g. virus, intrusion) Authentication Codes ◮ Generating pseudorandom number 5/23

  6. Cryptography Design Approaches for Hash Functions Hash Functions and MACs Based on Block Ciphers Well-known and studied block Introduction to ciphers are used with a mode of operation to Hash Functions produce a hash function. Generally, less Properties of Cryptographic efficient than customised hash functions. Hash Functions Introduction to Based on Modular Arithmetic Similar motivation as to Message Authentication basing on block ciphers, but based on public Codes key principles. Output length can be any value. Precautions are needed to prevent attacks that exploit mathematical structure. Customised Hash Functions Functions designed for the specific purpose of hashing. Disadvantage is they haven’t been studied as much as block ciphers, so harder to design secure functions. 6/23

  7. Cryptography Selected Cryptographic Hash Functions Hash Functions and MACs Introduction to Hash Functions Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes Credit: ECRYPT CSA Algorithms, Key Size and Protocols Report, 2018 7/23

  8. Cryptography Contents Hash Functions and MACs Introduction to Hash Functions Properties of Introduction to Hash Functions Cryptographic Hash Functions Introduction to Message Authentication Codes Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 8/23

  9. Cryptography Pre-image of a Hash Value (definition) Hash Functions and MACs For hash value h = H ( x ), x is pre-image of h . As H is a many-to-one mapping, h has multiple pre-images. If H takes Introduction to Hash Functions a b -bit input, and produces a n -bit hash value where b > n , Properties of then each hash value has 2 b − n pre-images. Cryptographic Hash Functions Introduction to Message Authentication Codes 9/23

  10. Cryptography Hash Collision (definition) Hash Functions and MACs A collision occurs if x � = y and H ( x ) = H ( y ). Collisions are undesirable in cryptographic hash functions. Introduction to Hash Functions Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 10/23

  11. Cryptography Number of Collisions (exercise) Hash Functions and MACs If H 1 takes fixed length 200-bit messages as input, and produces a 80-bit hash value as output, are collisions Introduction to Hash Functions possible? Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 11/23

  12. Cryptography Requirements of Cryptographic Hash Functions Hash Functions and MACs Variable input size: H can be applied to input block of any Introduction to size Hash Functions Properties of Fixed output size: H produces fixed length output Cryptographic Hash Functions Efficiency: H ( x ) relatively easy to compute (practical Introduction to implementations) Message Authentication Codes Pseudo-randomness: Output of H meets standard tests for pseudo-randomness Properties: Satisfies one or more of the properties: Pre-image Resistant, Second Pre-image Resistant, Collision Resistant 12/23

  13. Cryptography Pre-image Resistant Property (definition) Hash Functions and MACs For any given h , it is computationally infeasible to find y such that H ( y ) = h . Also called the one-way property . Introduction to Hash Functions Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 13/23

  14. Cryptography Second Pre-image Resistant Property (definition) Hash Functions and MACs For any given x , it is computationally infeasible to find y � = x with H ( y ) = H ( x ). Also called weak collision resistant Introduction to Hash Functions property. Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 14/23

  15. Cryptography Collision Resistant Property (definition) Hash Functions and MACs It is computationally infeasible to find any pair ( x , y ) such that H ( x ) = H ( y ). Also called strong collision resistant Introduction to Hash Functions property. Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 15/23

  16. Cryptography Required Hash Function Properties for Different Hash Functions Applications and MACs Introduction to Hash Functions Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 16/23

  17. Cryptography Brute Force Attacks on Properties Hash Functions and MACs ◮ Pre-image and Second Pre-image Attack Introduction to ◮ Find a y that gives specific h ; try all possible values of y Hash Functions ◮ With b -bit hash code, effort required proportional to 2 b Properties of Cryptographic ◮ Collision Resistant Attack Hash Functions ◮ Find any two messages that have same hash values Introduction to Message ◮ Effort required is proportional to 2 b / 2 Authentication Codes ◮ Due to birthday paradox, easier than pre-image attacks 17/23

  18. Cryptography Brute Force Attack on Hash Function (exercise) Hash Functions and MACs Consider a hash function to be selected for use for digital signatures. Assume an attacker has compute capabilities to Introduction to Hash Functions calculate 10 12 hashes per second and is prepared to wait for Properties of approximately 10 days for a brute attack. Find the minimum Cryptographic Hash Functions hash value length that the hash function should support, Introduction to Message such that a brute force is not possible. Authentication Codes 18/23

  19. Cryptography Contents Hash Functions and MACs Introduction to Hash Functions Properties of Introduction to Hash Functions Cryptographic Hash Functions Introduction to Message Authentication Codes Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 19/23

  20. Cryptography Unkeyed and Keyed Hash Functions Hash Functions and MACs ◮ Hash functions have no secret key Introduction to ◮ Can be referred to as unkeyed hash function Hash Functions ◮ Also called Modification Detection Code Properties of Cryptographic ◮ A variation is to allow a secret key as input, in addition Hash Functions to the message Introduction to Message ◮ h = H ( K , M ) Authentication Codes ◮ Keyed hash function or Message Authentication Code (MAC) ◮ Hashes and MACs can be used for message authentication, but hashes also used for multiple other purposes ◮ MACs are more common for authentication messages 20/23

  21. Cryptography Design Approaches for MACs Hash Functions and MACs Based on Block Ciphers CBC-MAC, OMAC, PMAC, Introduction to Hash Functions Customised MACs MAA, MD5-MAC, UMAC, Poly1305 Properties of Based on Hash Functions HMAC Cryptographic Hash Functions Introduction to Message Authentication Codes 21/23

  22. Cryptography Computation Resistance of MAC (definition) Hash Functions and MACs Given one or more text-tag pairs, [ x i , MAC( K , x i )], computationally infeasible to compute any text-tag pair Introduction to Hash Functions [ y , MAC( K , y )], for a new input y � = x i Properties of Cryptographic Hash Functions Introduction to Message Authentication Codes 22/23

Recommend


More recommend