Upload
others
View
24
Download
0
Embed Size (px)
Citation preview
Chapter 6
New HASH Function
6.1 Message Authentication
Message authentication is a mechanism or service used for verifying
the integrity of a message. Message authentication assures that the
data received are exactly as sent by i.e., contain no modification,
insertion, deletion, or replay and that the purported identity of
the sender is valid. Symmetric encryption provides authentication
among those who share the secret key. Encryption of a message
by a sender’s private key also provides a form of authentication.
The two most common cryptographic techniques for message au-
thentication are a message authentication code (MAC) and secure
hash function. A MAC is an algorithm that requires the use of a
secret key. A MAC takes a variable length message and a secret
key as input and produces an authentication code . A recipient in
possession of the secret key can generate an authentication code
to verify the integrity of the message. A hash function maps a
110
variable length message into a fixed length hash value, or message
digest. For message authentication, a secure hash function must
be combined in some fashion with a secret key.
6.1.1 Authentication Requirements
In the context of communication across a network, the following
attacks can be identified:
• Disclosure: Release of message contents to any person or pro-
cess not processing the appropriate cryptographic key.
• Traffic analysis: Discovery of the pattern of traffic between
parties. In a connection-oriented application, the frequency
and duration of connections could be determined. In either a
connected-oriented or connectionless environment, the num-
ber and length of the messages between the parties could be
determined.
• Masquerade: Insertion of messages into the network from a
fraudulent source. This includes the creation of messages by
an opponent that are purported to come from an authorized
entity. Also included are fraudulent acknowledgments of mes-
sage receipt or non receipt by someone other than the message
recipient.
• Content modification: changes to the contents of a message,
111
including insertion, deletion, transposition, and modification.
• Sequence modification: Any modification to a sequence of
messages between parties, including insertion, deletion, and
recording.
• Timing modification: Delay or replay of messages. In a connection-
oriented application, an entire session or sequence of messages
could be a replay of some previous valid session, or individual
messages in the sequence could be delayed or replayed. In
a connectionless application, an individual message could be
delayed or replayed.
• Source repudiation: Denial of transmission of message by
source.
• Destination repudiation: Denial of receipt of message by des-
tination.
6.1.2 Authentication Functions
Following are the commonly used functions for authentication.
• Message Encryption: The cipher text of the entire message
serves as its authentication. A message ′M ′ transmitted from
source ′A′ to destination ′B′ is encrypted using a secret key ′K ′
shared by ′A′ and ′B′. If no other party knows the key, then
confidentiality is provided: No other party can recover the
112
plaintext of the message. In addition, we may say that ′B′ is
assured that the message was generated by ′A′. The message
must have come from ′A′ because ′A′ is the only other party
that possesses secret key ′K ′ and therefore the only other
party with the information necessary to construct ciphertext
that can be decrypted with ′K ′. Furthermore, if message ′M ′
is recovered, B knows that none of the bits of ′M ′ have been
altered, because an opponent that does not know ′K ′ would
not know how to alter the bits in the ciphertext to produce
desired changes in the plaintext
• Message Authentication Code (MAC): A function of the mes-
sage and a secret key that produces a fixed-length value that
serves as authentication. An alternative technique involves
the use of a secret key to generate a small fixed-size block
of data, known as a cryptographic checksum or MAC that is
appended to the message. This technique assumes that two
communication parties say ′A′ and ′B′, share a common se-
cret key ′K ′. When ′A′ has a message to be sent to ′B′, it
calculates the MAC as a function of the message and the key.
The message and the MAC are transmitted to the intended
recipient ′B′. The recipient performs the same calculation on
the received message, using the same secret key to generate a
new MAC. The received MAC is compared to the calculated
113
MAC and if they match, then accept the received message.
• Hash Function: A function that maps a message of any length
into a fixed-length hash value, which serves as an authentica-
tion.
A hash function accepts a variable-size message ′M ′ as input
and produces a fixed-size output, referred to as a hash code H(M).
The hash code is also referred to as a message digest or hash value.
The hash code is a function of all the bits of the message and pro-
vides an error-detection capability. A change to any bit or bits
in the message results in a change to the hash code. Fig.6.1 a
simple block diagram hash function generator. The message ′M ′
Figure 6.1: Encrypt message plus hash code
plus concatenated hash code H(M) is encrypted using symmetric
encryption. Because only ′A′ and ′B′ share the secret key, the mes-
sage must have come from ′A′ and has not been altered. The hash
code provides the structure or redundancy required to achieve au-
thentication. Because encryption is applied to the entire message
plus hash code, confidentiality is also provided. Fig.6.2 shows the
114
block diagram of hash function generator using a shared secret key.
Only the hash code is encrypted using the symmetric encryption.
Figure 6.2: Encrypt hash code with shared secret key
This reduces the processing burden for those applications that do
not require confidentiality. Fig.6.3 shows hash function generator
using sender’s private key in public key cryptography
Figure 6.3: Encrypt hash code with sender’s Private key
Only the hash code is encrypted, using the public key encryp-
tion algorithm with the sender’s private key, this provides authen-
tication. It also provides digital signature, because only the sender
could have produced the encrypted hash code as shown in Fig.6.4
If confidentiality as well as the digital signature is desired then
the message plus the private- key-encrypted hash code can be en-
crypted using a symmetric secret key. This is a common technique
115
Figure 6.4: Encrypt result of encrypted hash code with shared secret key
used as shown in Fig.6.5
Figure 6.5: Compute hash code of message plus secret key
It is possible to use a hash function but no encryption for mes-
sage authentication as shown in Fig.6.6. The technique assumes
that the two communicating parties share a common secret value
K. A computes the hash over the communication message of M
and K and appends the resulting hash value to M . Because the
secret key value itself, if not sent, an opponent cannot modify an
intercepted message and cannot generate a false message.
116
Figure 6.6: Encrypt the result of hash code of message plus secret key
6.2 Hash Functions
A hash function value h is generated by a function ′H ′ of the form
h = H(M), where ′M ′ is a variable-length message and H(M) is
the fixed length hash value. The hash value is appended to the
message at the source at a time when the message is assumed or
known to be correct. The receiver authenticates that message by
recomputing the hash value.
6.2.1 Requirements for a hash function
To be useful for message authentication, a hash function H must
have the following properties.
• H can be applied to a block of data of any size.
• H produces a fixed-length output.
• H(x) is relatively easy to compute for any given x, making
both hardware and software implementing practical.
• For any given value h, it is computationally unfeasible to find
117
x such that H(x) = h. This is referred as the one-way prop-
erty.
• For any given block x, it is computationally unfeasible to find
y 6= x, such that H(y) = H(x). This is referred to as weak
collision resistance.
• It is computationally unfeasible to find any pair(x, y) such
that H(x) = H(y). This is referred to as strong collision
resistance.
6.2.2 Security of Hash Function
The strength of a hash function against brute-force attacks de-
pends solely on the length of the hash code produced by the algo-
rithm.
• One-way: For any given code h, it is computationally unfea-
sible to find x such that H(x) = h. Hence the level of effort
required is 2n.
• Weak collision resistance: For any given block x, it is compu-
tationally unfeasible to find y 6= x with H(y) = H(x). The
level of effort required is 2n.
• Strong collision resistance: It is computationally unfeasible
to find any pair (x, y) such that H(x) = H(y). The level of
effort required is 2n/2.
118
6.2.3 Message Digest Hash (MDH)
Hash functions of the message digest family are iterated hash func-
tions. They share a common structure of the compression function.
It consists of two major parts, namely, message expansion and
consecutive evaluation of number of similar steps. The Message
Digest-4 (MD-4) algorithm compresses an input with a maximum
length of 264 to a 128-bit hash value. The size of one message block
in MD-4 is 512 bit. The input message is padded to fit this message
block size. The padding scheme always appends a single bit 1 to
the end of the message. Then, 0’s are appended until the message
length is congruent to 448 modulo 512. Finally, the 64-bit repre-
sentation of the message length, before the padding was applied
is appended. Each 512-bit message block of the padded message
is compressed by the compression function which consists of three
rounds having 16 steps each. In each round a different Boolean
functions is used. In MD-4 there are three Boolean functions.
Because of the initial cryptanalysis that was done on MD-4 by
Ralph Merkel and Eli Biham, MD-4 was improved to MD-5 by
Rivest. The structure of MD-5 is quite similar to MD-4 but there
are four linear Boolean functions and four rounds. However, there
have been significant improvements in collision attacks on these
hash functions.
119
6.2.4 Secure Hash Algorithm (SHA)
Secure Hash Algorithm was developed by the National Institute of
Standards and Technology (NIST)and published as a federal infor-
mation processing standard (FIPS 180) in 1993; a revised version
was issued as FIPS 180-1 in 1995 and is generally referred to as
SHA-1. The actual standards’ document is entitled Secured Hash
Standard. SHA is based on the hash function MD4 and its design
closely models MD4. SHA-1 is also specified in RFC 3174, which
essentially duplicates the material in FIPS 180-1, but adds a C
code implementation.
SHA-1 produces a hash value of 160 bits. In 2002, NIST pro-
duced a revised version of the standard. FIPS 180-2, that defined
three new versions of SHA, with hash value lengths of 256, 384,
and 512 bits, known as SHA-256, SHA-384, and SHA-512. Table
6.1 shows the comparison of SHA parameters. These new ver-
Table 6.1: Comparison of SHA parameters
SHA-1 SHA-256 SHA-384 SHA-512
Message digest size 160 256 384 512
Message size < 264 < 264 < 2128 < 2128
Block size 512 512 1024 1024
Word size 32 32 64 64
Number of steps 80 64 80 80
Security 80 128 192 256
120
sions have the same underlying structure and use the same types
of modular arithmetic and logical binary operations as SHA-1.
In 2005, NIST announced the intention to phase out approval of
SHA-1 and move to a reliance on the other SHA versions by 2010.
Shortly thereafter, a research team described an attack in which
two separate messages could be found that they deliver the same
SHA-1 hash using 269 operations, far fewer than the 280 operations
previously thought needed to find a collision with an SHA-1 hash.
This result should hasten the transition to the other versions of
SHA.
6.3 Whirlpool Hash Function
The Whirlpool Hash Algorithm is 512-bit hash function designed
by Vincent Rijmen and Paulo S.L.M. Barreto. It uses a symmetric-
key block cipher based on AES, known as the Whirlpool Cipher.
The Whirlpool Hash Function is endorsed by New European Schemes
for Signatures, Integrity and Encryption (NESSIE). It has also
been adopted by the International Organization for Standardiza-
tion (ISO) and the International Electro-technical Commission
(IEC) as part of the joint ISO/IEC 10118-3 international stan-
dard. The Whirlpool is based on the use of a block cipher for the
compression function. The following are potential draw backs of
the block cipher.
121
• Block ciphers do not possess the properties of randomizing
functions. For example they are invertible. This lack of ran-
domness may lead to weaknesses that can be exploited
• Block ciphers typical exhibit other regularities or weaknesses
• Typically block cipher based hash functions are significantly
slower than hash functions based on a compressed functions,
specifically designed for the hash functions.
• A principal measure of the strength of a hash function is the
length of the hash code in bits. For DES it is 64-bits or 128-
bits, resulting in a hash code of questionable strength.
However, since the adoption of AES, there has been renewed in-
terest in developing a secure hash function based on strong block
cipher and exhibiting good performance. Whirlpool is block cipher
based hash function intended to provide security and performance
that is comparable than that found in non block cipher based hash
functions such as SHA. Whirlpool has the following features:
• The hash code length is 512-bits, equaling the longest hash
code available with SHA.
• The overall structure of the hash function is one that has been
shown to be resistant to the usual attacks on block cipher
based hash codes.
122
• The underlying block cipher based on AES and is designed to
provide for implementation in both software and hardware i.e
both compact and exhibits good performance
The design of whirlpool sets the following security goals:
• The expected workload of generating a collision is of the order
of the 2n/2 executions of whirlpool.
• Given an n-bit value, the expected workload of finding a mes-
sage that hashes to that value is of the order of 2n executions
of whirlpool.
• The given is a message and its n-bit hash result, the expected
workload of finding a second message that hashes to the same
value is of the order of 2n executions of Whirlpool.
• It is unfeasible to detect systematic correlations between any
linear combinations of input bits and any linear combinations
of bits of the hash results or to predict what bits of the hash re-
sult will change the value when certain input bits are flipped.
This means resistance against linear and differential attacks.
The Whirlpool hash structure is based on the Miyaguchi-Preneel
scheme and consists of 10 rounds. Fig.6.7 shows the model of sin-
gle iteration of Whirlpool function. P is Plain text or ith block of
input message, C is cipher text, K is encryption key, Hi is the ith
intermediate hash value, FF is feed forward value
123
Figure 6.7: Model of Single Iteration of the Whirlpool Hash Function
6.3.1 Hash Function Structure
Given a message consisting of a sequence of blocks m1,m2, · · ·mt,
the Whirlpool hash function is expressed as follows:
H0 = Initial Value
Hi = W (Hi−1,mi) +Hi−1 +mi
Ht = Final Hash Code value.
In terms of the model, the encryption key input for each itera-
tion is the intermediate hash value from the previous iteration;
the plaintext is the current message block; and the feed-forward
value is the bitwise XOR of the current message block and the
intermediate hash value from the previous iteration.
Whirlpool Algorithm
The algorithm takes as input a message with a maximum length
of less than 2256 bits and produces as output a 512-bit message
digest. The input is processed in 512-bit blocks. Fig.6.8 depicts
124
the overall processing of a message to produce a digest.
Figure 6.8: Message Digest Generation using Whirlpool
Message Preparation
The processing consists of the following steps:
• Append padding bits: The message is padded so that its
length in bits is an odd multiple of 256. Padding is always
added, even if the message is already of the desired length.
For example, if the message is 256 × 3 = 768 bits long, it is
padded by 512 bits to a length of 256× 5 = 1280 bits. Thus,
the number of padding bits is in the range of 1 to 512.
• Append length: A block of 256 bits is appended to the mes-
sage. This block is treated as an unsigned 256-bit integer
(most significant byte first) and contains the length in bits of
the original message (before the padding). The outcome of
the first two steps yields a message that is an integer multi-
ple of 512 bits in length. In Fig.6.8, the expanded message
125
is represented as the sequence of 512-bit blocks m1,m2, · · ·mt
so that the total length of the expanded message is t × 512
bits. These blocks are viewed externally as arrays of bytes
by sequentially grouping the bits in 8-bit chunks. However,
internally, the hash state Hi is viewed as an 8 × 8 matrix
of bytes. The transformation between the two is explained
subsequently.
• Initialize hash matrix: An 8 × 8 matrix of bytes is used to
hold intermediate and final results of the hash function. The
matrix is initialized as consisting of all 0-bits.
• Process the message in 512-bit (64-byte) blocks. The heart of
the algorithm is the block cipher W .
The Block Cipher W
Whirlpool uses a block cipher that is specifically designed for use
in the hash function. The block cipher W, which has a similar
structure and uses the same elementary functions as AES, uses a
block size and a key size of 512-bits. Although W is similar to
AES, it is not simply an extension. AES operates on a state of
4×4 bytes, whereas W operates on a state of 8×8 bytes. W uses a
row-oriented matrix whereas AES uses a column-oriented matrix.
A comparison between AES and W is presented in Table 6.2
126
Table 6.2: Comparison of AES and W Block ciphers
W AES
Block size(bits) 512 128
Key size(bits) 512 128,192 or 256
Matrix orientation Input is mapped row-wise Input is mapped column-
wise
Number of rounds 10 10, 12 and 14
Key expansion W round function Dedicated expansion algo-
rithm
GF (28) polynomial x8+x4+x3+x2+1 (0x11D) x8 +x4 +x3 +x+ 1 (0x11B)
Origin of S-box Recursive structure Multiplicative inverse in
GF (28) + affine transfor-
mation
Origin of round
constants
Successive entries of the S-
box
Elements 2i of GF (28)
Diffusion layer Right multiplication by 8×8
circulant MDS matrix (1, 1,
4, 1, 8, 5, 2, 9) - mix rows
Left multiplication by 4× 4
circulant MDS matrix (2, 3,
1, 1) - mix columns
Permutation Shift columns Shift rows
127
6.3.2 The Overall Structure
Fig.6.9 shows the overall structure of W. The encryption algorithm
takes a 512-bit block of plaintext and a 512-bit key as input and
produces a 512-bit block of cipher-text as output. The encryption
algorithm involves the use of four different functions, or transfor-
mations which are used in each round are:
• Substitute Bytes (SB)
• Shift Columns (SC)
• Mix Rows (MR)
• Add Key Round (AK)
W consists of a single application of AK followed by 10 rounds
that involve all four functions. Each round r can be expressed as a
round function RF which is a composition of the above functions:
RF (Kr) = AK[Kr] ◦MR ◦ SC ◦ SB
Substitute Bytes
The substitute byte function (SB) is a simple table lookup that
provides a nonlinear mapping. W defines a 16× 16 matrix of byte
values, called an S-box that contains a permutation of all possible
256, 8-bit values. Each individual byte of c-state is mapped into a
new byte in the following way:
128
Figure 6.9: : The Whirlpool Cipher W
129
The leftmost 4 bits of the byte are used as a row value and the
rightmost 4 bits are used as a column value. These row and col-
umn values serve as indices into the S-box to select a unique 8-bit
output value. For example, the hexadecimal value 95h references
row 9, column 5 of the S-box, which contains the value bah. Ac-
cordingly, the value 95h is mapped into the value bah. The S-box
can be generated by using a recursive structure. It consists of two
nonlinear layers, each containing two 4 × 4 S-boxes separated by
a 4 × 4 randomly generated box. Each of the boxes maps a 4-bit
input into a 4-bit output.
Shift Columns
The Shift Columns cause a circular downward shift of each column
of c state except the first column. For the second column, a 1-byte
circular downward shift is performed; for the third column, a 2-
byte circular downward shift is performed; and so on. The SC
function serves as the permutation layer.
Mix Rows
Any Block Cipher warrants having a diffusion layer, Mix Rows
serves this purpose in Whirlpool. This is achieved by having each
input bit affect the value of many output bits; generally, this results
in each output bit being affected by many input bits. The diffusion
layer (mix rows) achieves diffusion within each row individually.
130
Each byte of a row is mapped into a new value that is a function
of all eight bytes in that row. The transformation can be defined by
the matrix multiplication: B = C A Where, A is the input matrix,
B is the output matrix, and C is the transformation matrix. The
C matrix used in mix row operation is given below.
01 01 04 01 08 05 02 09
09 01 01 04 01 08 05 02
02 09 01 01 04 01 08 05
05 02 09 01 01 04 01 08
08 05 02 09 01 01 04 01
01 08 05 02 09 01 01 04
04 01 08 05 02 09 01 01
01 04 01 08 05 02 09 01
All the elements in the C-matrix are hexadecimal numbers.
Each element in the product matrix is the sum of the products
of elements of one row and one column. In this case, the individ-
ual additions and multiplications are performed in GF (28) with
the irreducible polynomial f(x) = x8 +x4 +x3 +x2 + 1, i.e., 11Dh.
Add Round Key
In the Add round key layer, the 512 bits of c-state are bitwise
XORed with the 512 bits of the round key. It is done byte by byte
on the C state matrix. Whirlpool doesn’t have a dedicated key
131
expansion algorithm. It uses a copy of the encryption algorithm
for key expansion. The round keys for the key expansion are 10
round constants. The key-generation algorithm treats the cipher-
key as plaintext and encrypts it, thus generating a round key for
the encryption algorithm at the end of every round of the key-
expansion algorithm.
Key Expansion for W
As shown in Figure 2.3, key expansion is achieved by using the
block cipher itself, with a round constant serving as the round key
for the expansion. The round constant for round 1 ≤ r ≤ 10 is a
matrix RC[r] in which only the first row is nonzero, and is defined
as follows:
RC[r]0,j = S[8(r − 1) + j] , (0 ≤ j ≤ 7), (1 ≤ r ≤ 10)
RC[r]i,j = 0 , (1 ≤ i ≤ 7), (0 ≤ j ≤ 7), (1 ≤ r ≤ 10)
Using the round constants, the key schedule expands the 512-bit
cipher key K onto a sequence of round keys K0, K1, . . . , K10
K0 = K
Kr = RF [RC[r]] (Kr−1)
where RF is the round function defined earlier. Note that for the
Add Round Key phase of each round, only the first row of k-state
is altered.
132
Whirlpool Performance and Security
The design of Whirlpool sets the following security goals: Assume
we take as hash result the value of any n-bit substring of the full
Whirlpool output,
• The expected workload of generating a collision is of the order
of 2n/2 executions of Whirlpool.
• Given an n-bit value, the expected workload of finding a mes-
sage that hashes to that value is of the order of 2n executions
of Whirlpool.
• Given a message and its n-bit hash result, the expected work-
load of finding a second message that hashes to the same value
is of the order of 2n executions of Whirlpool.
• It is unfeasible to detect systematic correlations between any
linear combination of input bits and any linear combination
of bits of the hash result, or to predict what bits of the hash
result will change value when certain input bits are flipped
(this means resistance against linear and differential attacks).
6.4 New Whirlpool Hash Structure
In this New Whirlpool Hash Structure most of the structure is
same as existing Whirlpool structure, except the S-box generation.
133
In this structure we introduced the dynamic S-box generated by
using two keys namely, Permute Key and Auxiliary Key. Depend-
ing on the permute key initial permutation of the S-box entries
are modified, Using auxiliary key, affine transformation constants
A matrix, constant C and irreducible polynomial m are calculated.
Now dynamic S-box is constructed by using the affine transforma-
tion y = Ax⊕C mod m. The steps to generate the dynamic S-box
are as follows:
• Select a permute key of variable length from 1 byte to 256
byte.
• Initialize an array S[256] with 00h to ffh.
• Initialize another array T[256], by using the secret key. If
the key length is less than 256 bytes, repeatedly copy the key
bytes till the last element of the array.
• Initial permutation is done by using T as follows:
j = 0;
for i = 0 to 255;
do j = (j + S[i])mod256;
swap (S[i] , S[j]);
end;
• Construct an 8 x 8, non-singular A matrix entries with GF(2),
depending on Auxiliary key.
134
• Using Affine transformation y = Ax⊕C mod m, construct
an S-box.
– First convert S array into new S array by finding the
multiplicative inverse of each element by using a key de-
pendent irreducible polynomial m.
– Constant C is calculated by using key.
• Remaining procedure is as in existing Whirlpool Hash gener-
ation.
6.5 Advantages Over Whirlpool Hash Function
• The expected workload of generating a collision is of the order
of the 2128+1638 = 21766.
• Given an 512-bit hash value, the expected workload of finding
a message that hashes to the same value is of the order of
2512+1638 = 22150 executions of new Hash function.
• The given is a message and its 512-bit hash result, the ex-
pected workload of finding a second message that hashes to
the same value is of the order of 2512+1638 = 22150 executions
of new Hash function.
• It is unfeasible to detect systematic correlations between any
linear combination of input bits and any linear combination
135
Table 6.3: Comparison of W and New W Block ciphers
W-block cipher New W-block cipher
Block size(bits) 512 512
Key size(bits) 512 512
Matrix orienta-
tion
Input is mapped row-wise Input is mapped row-wise
Number of
rounds
10 10
Key expansion W round function W round function
GF (28) polyno-
mial
(11dh) Key dependent irre-
ducible Polynomial
Origin of S-box Recursive structure Multiplicative inverse in
GF (28) + Key depen-
dent affine transforma-
tion
Origin of round
constants
Successive entries of the S-
box
Successive entries of the S-
box
Diffusion layer Right multiplication by 8×8
circulant MDS matrix (1, 1,
4, 1, 8, 5, 2, 9) - mix rows
Right multiplication by 8×8
circulant MDS matrix (1, 1,
4, 1, 8, 5, 2, 9) - mix rows
Permutation Shift columns Shift columns
136
of bits of the hash result, or to predict what bits of the hash
result will change value when certain input bits are flipped
(this means resistance against linear and differential attacks).
6.6 Results
The modified Hash function is constructed with the key dependent
S-box and tested with different text files of different sizes. It is
found that a single bit change in the text or a single bit in any one
key (secret key/permute key/auxiliary key) changes hash value to
great extent. Some of the results are tabulated in Table6.4 and
Table6.5
Table 6.4: Hash value for a text file1512 bit Hash value for a text of 2196 bytes
Original text Last bit changed Initial bit changed Change in one key bit
83422F2B0C5C0702 B69864A4486E23F3A 3D2F0E09B6F4767B 03E8AD681FFCBEDF
4C3BD78111F5B209 38273825F4854334 B6C3A1CAA7D49145 1BF6BBF286677A33
C9B963BDFA2D4AA3 5BDA54B65ECF739F 462806AA7EB6CFC3 44BDBBD59578173C
5A9BC39F07A359D2 C317DF9F5AD392B8 04DBBDB82B6054D1 6F5EDFCB1656393C
BB5F13BC014C1B50 56339628D1396A86 864A4E4CA315DBE3 BA2DD0125E5FAC78
589F24CDEEC8EB9F AD9D8EA62AFBC49C 033CE227AF6012B7 07FC1FE7D5C1C168
70F037D0C1E4209C D0160B97D701FF54 DC165F60B04F12AE 9FEC9FDB0C96AD94
CB47C10B14492827 78046ADD71F13F4C 93DDEF1A2676CD38 D1A56E7E99D0DD8E
6.7 Conclusion
The implementations of new Hash Algorithm with key dependent
S-box are developed and tested on various kinds of data. Typically,
137
Table 6.5: Hash value for a text file2512 bit Hash value for a text of 7 bytes
Original text Last bit changed Initial bit changed Change in one key bit
6D0032E7FBB38BC4 3D6442E9A756C3C2 AC3BD1A4D8353D67 3A3DE4CF5E7862DE
FF4F5AE3ADA6555C 44149183FAE89221 39973292A9A14C34 2385E9E8CB4BB000
5BC0B76FD7FE1E3A 91F9D86D0D9E08E9 D45B7123301396DF D051F0995DFD2E9E
1623D375A7705EF8 67E33192B939ED93 AF9BFA8E9073976E C9F0CD40CF92B484
17CCEA7389484186 600C1C3996A69B89 C7DFD2BDB4E17F95 014D8FA5CB7B239F
0DF19D17B6216F30 09C3F8E1994DAEA0 E07431B8A8827406 BBD736B2A131E3D7
3D02E1F85B8CAA4E FCFBBD41EB7F631E BDC3C18605900C26 3D4768D6E191DD79
EBEF046D96B7749A 6F0A9AE400120B53 58539560EAB06420 C4D6019ACF1A264E
data in the forms of text, image or audio is encrypted and then
a corresponding message digest is generated using new hash func-
tion. In each case a single bit of data was changed and new hash
was generated and found that the message digest was completely
different for each case.
138