HASH ALGORITHMSHASH ALGORITHMS - Chapter 12 - Chapter 12

• MD5

• SHA

• RIPEMD-160

• HMAC

MD5MD5

• Message Digest

• Compression

• Elementary Operations

MESSAGE DIGEST GENERATIONMD5

L ´ 512 bits = N ´ 32 bits

M essage

M essage length(K mod 2 64 )

¥ ¥ ¥ ¥ ¥ ¥

512 bits 512 bits 512 bits 512 bits

Y 0 Y 1 Y q Y L Ð1

128

512

H M D 5I VC V 1 C V q C V L Ð1

128

512

128

512

128

512

128-bitdigest

F igur e 12.1 M essage D igest G ener ation U sing M D5

100...0

P adding(1 to 512 bits)

K bits

H M D 5 H M D 5 H M D 5

MD5 COMPRESSION FUNCTION128

Y q

512

C V q

A B C D

+

128

C V q+1

+ + +

32

A B C D

A B C D

A B C D

N ote: addition (+) is m od 2 32

F igur e 12.2 M D5 P r ocessing of a Single 512-bit B lock

F , T [1...16], X [i]16 steps

G , T [17...32], X [r 2i]16 steps

H , T [33...48], X [r 3i]16 steps

I , T [49...64], X [r 4i]16 steps

ELEMENTARY MD5 OPERATION

A B C D

A B C D

+

+

X [k]

T [i]

F igur e 12.3 E lementar y M D5 O per ation (single step)

+

+ g

C L S s

KEY ELEMENTS OF MD5KEY ELEMENTS OF MD5• Table 9.1 – truth table B C D || F G H I -------------------------------------- 0 0 0 || 0 0 0 1 0 0 1 || 1 0 1 0 0 1 0 || 0 1 1 0 0 1 1 || 1 0 0 1 1 0 0 || 0 0 1 1 1 0 1 || 0 1 0 1 1 1 0 || 1 1 0 0 1 1 1 || 1 1 1 0

SECURE HASH ALGORITHMSECURE HASH ALGORITHM SHA-1 SHA-1

• Message Digest

• Compression

• Elementary Operations

SHA-1 COMPRESSION FUNCTION

+ + +

160

Y q

512

C V q

160

C V q+1

+

A B C D E

N ote: addition (+) is mod 2 32

32

A B C D E

A B C D E

A B C D E

+

F igur e 12.5 SH A -1 P r ocessing of a Single 512-bit B lock(SH A -1 C ompr ession F unction)

f1, K , W [0...19]20 steps

f2, K , W [20...39]20 steps

f3, K , W [40...59]20 steps

f4, K , W [60...79]20 steps

ELEMENTARY SHA OPERATION

A B C D E

A B C D E

+

+

+

f t

S 5

S30

W t

K t

F igur e 12.6 E lementar y SH A O per ation (single step)

+

TRUTH TABLE for fTRUTH TABLE for ftt – SHA-1 – SHA-1B C D || f0..19 f20..39 f40..59 f60..79----------------------------------------------------------------------------

0 0 0 | 0 0 0 00 0 1 | 1 1 0 10 1 0 | 0 1 0 10 1 1 | 1 0 1 01 0 0 | 0 1 0 11 0 1 | 0 0 1 01 1 0 | 1 0 1 01 1 1 | 1 1 1 1

CREATION OF 80-WORD I/P

X O RX O RX O R

S1 S1 S1

512 bits

¥ ¥ ¥ ¥ ¥ ¥ ¥ ¥ ¥

F igur e 12.7 C r eation of 80-w or d I nput Sequence for SH A -1 P r ocessing of Single B lock

W t-16W 0 W 2 W 8 W 13 W 63 W 65 W 71 W 76W t-14 W t-8 W t-3

W 0 W 1 W 15 W 16 W t

Y q

W 79

Comparison: MD5 vs SHA1Comparison: MD5 vs SHA1

MD5 message digest – 128 bitsSHA-1 message digest – 160 bits

Find two messages with same digest: MD5 – 264 operations SHA-1 - 280 operations

NEW SHA ALGORITHMSNEW SHA ALGORITHMS

• SHA-256• SHA-384• SHA-512 message digest lengths: 256, 384, 512

to provide compatibility with AES (see Tables 12.3 and 12.4)

RIPEMD - 160RIPEMD - 160

• Message Digest

• Compression

• Elementary Operations

RIPEMD – 160COMPRESSION FUNCTION

N ote: addition (+) is mod 2 32

F igur e 12.8 R I P E M D-160 P r ocessing of a Single 512-bit B lock(R I P E M D-160 C ompr ession F unction)

f1, K 1, X i16 steps

f2, K 2, X r (i)16 steps

f3, K 3, X r 2(i)16 steps

f4, K 4, X r 3(i)16 steps

f5, K 5, X r 4(i)16 steps

f5, K 1, X i16 steps

f4, K 2, X r p(i)16 steps

f3, K 3, X r 2p(i)16 steps

f2, K 4, X r 3p(i)16 steps

f1, K 5, X r 4p(i)16 steps

'

'

'

'

'

++

++

+

C V q

Y q Y q

A B C D E A ' B ' C ' D ' E '

A ' B ' C ' D ' E '

A ' B ' C ' D ' E '

A ' B ' C ' D ' E '

A B C D E

A B C D E

A B C D E

C V q+1

RIPEMD – 160ELEMENTARY OPERATION

A B C D

A B C D

E

E

+

+

X i

K j

F igur e 12.9 E lementar y R I P E M D-160 O per ation (single step)

+

+ f j

rol 10rol s(j)

RIPEMD – 160 - dataRIPEMD – 160 - data

Tables 12.5 – 12.9

HASH FUNCTIONS - comparisonsHASH FUNCTIONS - comparisons

Table 12.8 - comparison

Table 12.9 - relative performance

HMAC – a MAC from a HMAC – a MAC from a HASHHASHWhy?Hash functions (e.g. MD5, SHA-1)execute faster than Sym. Key (e.g. DES)

HMAC combines HASH with Secret Key to make a MAC

HMACK(M) = H[(K+ + opad)||H[K+ + ipad)||M]]

Security(H) Security(HMAC)

HMAC STRUCTURE

Y 0S i

So

Y 1 Y L Ð1¥ ¥ ¥b bits

b bits

b bits b bits

»

ipad

»

K +

K +

opad

H ashI V n bits

n bits

pad to b bits

H ashI V n bits

n bits

H M A C K (M )

H (S i || M )

F igur e 12.10 H M A C Structur e

EFFICIENT IMPLEMENTATION of HMAC

Y 0S i

So

Y 1 Y L Ð1¥ ¥ ¥b bits b bits b bits

»

P r ecom puted C om puted per m essage

opad

ipad

H ashI Vn bits

b bits

n bits

pad to b bits

n bits

n bits

H M A C K (M )

F igur e 12.11 E fficient I mplementation of H M A C

f

»

K+

K +

I V

b bits

f f

H (S i || M )