# Hash Function

• View
105

0

Tags:

• #### hx collisionfree

Embed Size (px)

DESCRIPTION

Hash Function. Contents. Hash Functions Dedicated Hash Functions Useful for lightweight authentication in RFID system Message Authentication Codes CBC-MAC Nested MAC Collusion Search Attacks SHA-3. Hash function. {0,1} d. d > r. h(). hash, hash code/value/result - PowerPoint PPT Presentation

### Text of Hash Function

Chapter 4. Public Key Cryptography

1Hash FunctionHash FunctionsDedicated Hash FunctionsUseful for lightweight authentication in RFID systemMessage Authentication CodesCBC-MACNested MACCollusion Search AttacksSHA-32Contents

Compress a binary string with an arbitrary length into a fixed short message Important primitive for digital signature, integrity, authentication, etc.

3Hash functionh(){0,1}d{0,1}rd > rhash, hash code/value/result message digest, checksum, MIC,authentication tag, seal, compressiondigital fingerprint, imprint

3#4Configurationoriginal input, xappend padding bitsappend length blockcompression ft, f f gformatted input x=x1,x2,,xtH0=IVHi-1xiHihash function, houtput h(x)=g(Ht)Htpreprocessingiterative processingg : output transformation mapping, e.g., identity mapping

CompressionOne-waynessPrei-mage resistance: Given y, it is computationally infeasible to compute x with y=h(x)Second Pre-image resistance: Given x and h(x), it is computationally infeasible to compute x with h(x)=h(x) Collision-free (Prevent internal misuse): It is computational infeasible to find a pair (x, x), x x satisfying h(x)=h(x).EfficiencyEasy to compute h(x) for a given x.

5Requirements

Whether using key or notKeyed hash : MAC (Message Authentication Code)Un-keyed hash : MDC (Manipulation Detection Code)OWHF(One Way Hash Function)CFHF(Collision-Free Hash Function)

What purposeMACBlock Cipher-Based (DES-CBC MAC)Hash Function-Based(HMAC)MDC Dedicated Hash Functions (MD class, SHS, HAVAL)Block Cipher-Based (MDC-2, MDC-4)Modular Arithmetic: MASH-1, MASH-2

6Classification

Probability that 2 persons have the same birthday among r persons : pr(Assumption) each birthday is independent and uniform in the range 1 to m. pr=1-(m)r / mr =1- m! / mr(m-r)! e-r2/(2m) where, (m)r = m(m-1)(m-r+1)If r= m, pr 0.5 , e.g., m=365, r=23, pr>0.5 n-bit hash function will collide with probability 0.5 after (2n) times operation

Extend Compression ft to Hash ft so that the resulting hash ft to be collusion resistant if compression does. H0=IV, Hi=f(Hi-1,xi), 1it, h(x)=Ht8Merkle-Damgard ConstructionfffH0x1x2xtpaddinghashed codef : hs primitive hash function (a compression function)Hi : connection variable from i-1 to I

9Hash ft (MDC) by block cipherMatyas-Meyer-OseasDavies-MeyerMiyaguchi-Preneel EgHiHi-1xiH0=IVHi=Eg(Hi-1)(xi ) xi EHixiHi-1H0=IVHi=Exi(Hi-1 ) Hi-1 EgHi-1xiHiH0=IVHi=Eg(Hi-1)(xi ) xi Hi-1

Yield m-bit hash using n-bit block cipher with k-bit keyAll of them are secure assuming that a block cipher satisfies required randomness properties10Comparison Hash Function(n,k,m)Rate (k/m)Matyas-Meyer-Oseas(n,k,n)1Davis-Meyer(n,k,n)k/nMiyaguchi-Preneel(n,k,n)1MDC-2 (w/DES)(64,56,128)MDC-4(w/DES)(64,56,128)1/4

MASH: Modular Arithmetic Secure Hash algorithmWeakness: Efficiency (and Insecurity)

Quadratic CongruentialHi = (xi + Hi-1)2 mod N, H0=0where N=Mersenne prime 231-1Hi = (xi Hi-1)2 mod N xiHi = (xi Hi-1)e mod N11Hash by modular operation

12Dedicated Hash FunctionsMDx family: proposed by RivestMD4, Crypt 90MD5, RFC 1992SHA family: proposed by NISTSHA-0, FIPS-180, 1993SHA-1, FIPS-180-1, 1995SHA-2 (SHA-256/384/512), FIPS-180-2, 2002

Dedicated Hash Functions13Preprocessing a message, x1. Padding: d =(447 -|x|) mod 5122. Length of a message: n= |x| mod 264,|n|=64 bit3. M = x ||1||0d||n multiple of 512 where || denotes concatenation

* little-endian : W=224B4+216B3+28B2+B1 (B1: lowest address)

14MD4(I)

15MD4(II)Message BlockRound1

ABCDABCDRound2

Round3

1. A=(A+f(B,C,D)+X) ##### 3.4 Hash Tables - Princeton University Computer Hash code. An int between -231 and 231-1.Hash function
Documents ##### Hash Functions: A Gentle Introduction palash/talks/hash-intro.pdfآ  Hash Function H : [L i=0 {0,1}i
Documents ##### Cipher and Hash Function Design Strategies based on linear ... Cipher and Hash Function Design Strategies
Documents ##### Cryptograhic Hash Function Edon R 1 Cryptographic Hash Algorithm Competition 2 Mathematical Preliminaries
Documents ##### Hashing & Hash TablesHashing & Hash Tables ananth/CptS223/Lectures/ آ  A hash function can result in
Documents ##### hash tables - cs.sfu.ca A Good Hash Function Independent hash function: Express the key as an integer
Documents ##### Chapter 5 Hash Functions What is a Hash Function? The Birthday Problem Tiger Hash Uses of Hash Functions
Documents ##### RIPEMD-160 MDC-2 SHA-256 Hash function design and MD2, ice.mat.dtu.dk/slides/preneel_hash_ ¢  Hash function
Documents ##### CS350: Data Structures Hash Tables - GitHub CS350: Data Structures Hash Function ¢â‚¬¢ Hash function maps
Documents ##### Chapter 6 New HASH Function - 6.pdfآ  Chapter 6 New HASH Function 6.1 Message Authentication Message
Documents Documents