Download pdf - Chapter 6 New HASH Function - Shodhgangashodhganga.inflibnet.ac.in/bitstream/10603/5051/15/15_chapter 6.pdf · Chapter 6 New HASH Function 6.1 Message Authentication Message authentication

Chapter 6

New HASH Function

6.1 Message Authentication

Message authentication is a mechanism or service used for verifying

the integrity of a message. Message authentication assures that the

data received are exactly as sent by i.e., contain no modification,

insertion, deletion, or replay and that the purported identity of

the sender is valid. Symmetric encryption provides authentication

among those who share the secret key. Encryption of a message

by a sender’s private key also provides a form of authentication.

The two most common cryptographic techniques for message au-

thentication are a message authentication code (MAC) and secure

hash function. A MAC is an algorithm that requires the use of a

secret key. A MAC takes a variable length message and a secret

key as input and produces an authentication code . A recipient in

possession of the secret key can generate an authentication code

to verify the integrity of the message. A hash function maps a

110

variable length message into a fixed length hash value, or message

digest. For message authentication, a secure hash function must

be combined in some fashion with a secret key.

6.1.1 Authentication Requirements

In the context of communication across a network, the following

attacks can be identified:

• Disclosure: Release of message contents to any person or pro-

cess not processing the appropriate cryptographic key.

• Traffic analysis: Discovery of the pattern of traffic between

parties. In a connection-oriented application, the frequency

and duration of connections could be determined. In either a

connected-oriented or connectionless environment, the num-

ber and length of the messages between the parties could be

determined.

• Masquerade: Insertion of messages into the network from a

fraudulent source. This includes the creation of messages by

an opponent that are purported to come from an authorized

entity. Also included are fraudulent acknowledgments of mes-

sage receipt or non receipt by someone other than the message

recipient.

• Content modification: changes to the contents of a message,

111

including insertion, deletion, transposition, and modification.

• Sequence modification: Any modification to a sequence of

messages between parties, including insertion, deletion, and

recording.

• Timing modification: Delay or replay of messages. In a connection-

oriented application, an entire session or sequence of messages

could be a replay of some previous valid session, or individual

messages in the sequence could be delayed or replayed. In

a connectionless application, an individual message could be

delayed or replayed.

• Source repudiation: Denial of transmission of message by

source.

• Destination repudiation: Denial of receipt of message by des-

tination.

6.1.2 Authentication Functions

Following are the commonly used functions for authentication.

• Message Encryption: The cipher text of the entire message

serves as its authentication. A message ′M ′ transmitted from

source ′A′ to destination ′B′ is encrypted using a secret key ′K ′

shared by ′A′ and ′B′. If no other party knows the key, then

confidentiality is provided: No other party can recover the

112

plaintext of the message. In addition, we may say that ′B′ is

assured that the message was generated by ′A′. The message

must have come from ′A′ because ′A′ is the only other party

that possesses secret key ′K ′ and therefore the only other

party with the information necessary to construct ciphertext

that can be decrypted with ′K ′. Furthermore, if message ′M ′

is recovered, B knows that none of the bits of ′M ′ have been

altered, because an opponent that does not know ′K ′ would

not know how to alter the bits in the ciphertext to produce

desired changes in the plaintext

• Message Authentication Code (MAC): A function of the mes-

sage and a secret key that produces a fixed-length value that

serves as authentication. An alternative technique involves

the use of a secret key to generate a small fixed-size block

of data, known as a cryptographic checksum or MAC that is

appended to the message. This technique assumes that two

communication parties say ′A′ and ′B′, share a common se-

cret key ′K ′. When ′A′ has a message to be sent to ′B′, it

calculates the MAC as a function of the message and the key.

The message and the MAC are transmitted to the intended

recipient ′B′. The recipient performs the same calculation on

the received message, using the same secret key to generate a

new MAC. The received MAC is compared to the calculated

113

MAC and if they match, then accept the received message.

• Hash Function: A function that maps a message of any length

into a fixed-length hash value, which serves as an authentica-

tion.

A hash function accepts a variable-size message ′M ′ as input

and produces a fixed-size output, referred to as a hash code H(M).

The hash code is also referred to as a message digest or hash value.

The hash code is a function of all the bits of the message and pro-

vides an error-detection capability. A change to any bit or bits

in the message results in a change to the hash code. Fig.6.1 a

simple block diagram hash function generator. The message ′M ′

Figure 6.1: Encrypt message plus hash code

plus concatenated hash code H(M) is encrypted using symmetric

encryption. Because only ′A′ and ′B′ share the secret key, the mes-

sage must have come from ′A′ and has not been altered. The hash

code provides the structure or redundancy required to achieve au-

thentication. Because encryption is applied to the entire message

plus hash code, confidentiality is also provided. Fig.6.2 shows the

114

block diagram of hash function generator using a shared secret key.

Only the hash code is encrypted using the symmetric encryption.

Figure 6.2: Encrypt hash code with shared secret key

This reduces the processing burden for those applications that do

not require confidentiality. Fig.6.3 shows hash function generator

using sender’s private key in public key cryptography

Figure 6.3: Encrypt hash code with sender’s Private key

Only the hash code is encrypted, using the public key encryp-

tion algorithm with the sender’s private key, this provides authen-

tication. It also provides digital signature, because only the sender

could have produced the encrypted hash code as shown in Fig.6.4

If confidentiality as well as the digital signature is desired then

the message plus the private- key-encrypted hash code can be en-

crypted using a symmetric secret key. This is a common technique

115

Figure 6.4: Encrypt result of encrypted hash code with shared secret key

used as shown in Fig.6.5

Figure 6.5: Compute hash code of message plus secret key

It is possible to use a hash function but no encryption for mes-

sage authentication as shown in Fig.6.6. The technique assumes

that the two communicating parties share a common secret value

K. A computes the hash over the communication message of M

and K and appends the resulting hash value to M . Because the

secret key value itself, if not sent, an opponent cannot modify an

intercepted message and cannot generate a false message.

116

Figure 6.6: Encrypt the result of hash code of message plus secret key

6.2 Hash Functions

A hash function value h is generated by a function ′H ′ of the form

h = H(M), where ′M ′ is a variable-length message and H(M) is

the fixed length hash value. The hash value is appended to the

message at the source at a time when the message is assumed or

known to be correct. The receiver authenticates that message by

recomputing the hash value.

6.2.1 Requirements for a hash function

To be useful for message authentication, a hash function H must

have the following properties.

• H can be applied to a block of data of any size.

• H produces a fixed-length output.

• H(x) is relatively easy to compute for any given x, making

both hardware and software implementing practical.

• For any given value h, it is computationally unfeasible to find

117

x such that H(x) = h. This is referred as the one-way prop-

erty.

• For any given block x, it is computationally unfeasible to find

y 6= x, such that H(y) = H(x). This is referred to as weak

collision resistance.

• It is computationally unfeasible to find any pair(x, y) such

that H(x) = H(y). This is referred to as strong collision

resistance.

6.2.2 Security of Hash Function

The strength of a hash function against brute-force attacks de-

pends solely on the length of the hash code produced by the algo-

rithm.

• One-way: For any given code h, it is computationally unfea-

sible to find x such that H(x) = h. Hence the level of effort

required is 2n.

• Weak collision resistance: For any given block x, it is compu-

tationally unfeasible to find y 6= x with H(y) = H(x). The

level of effort required is 2n.

• Strong collision resistance: It is computationally unfeasible

to find any pair (x, y) such that H(x) = H(y). The level of

effort required is 2n/2.

118

6.2.3 Message Digest Hash (MDH)

Hash functions of the message digest family are iterated hash func-

tions. They share a common structure of the compression function.

It consists of two major parts, namely, message expansion and

consecutive evaluation of number of similar steps. The Message

Digest-4 (MD-4) algorithm compresses an input with a maximum

length of 264 to a 128-bit hash value. The size of one message block

in MD-4 is 512 bit. The input message is padded to fit this message

block size. The padding scheme always appends a single bit 1 to

the end of the message. Then, 0’s are appended until the message

length is congruent to 448 modulo 512. Finally, the 64-bit repre-

sentation of the message length, before the padding was applied

is appended. Each 512-bit message block of the padded message

is compressed by the compression function which consists of three

rounds having 16 steps each. In each round a different Boolean

functions is used. In MD-4 there are three Boolean functions.

Because of the initial cryptanalysis that was done on MD-4 by

Ralph Merkel and Eli Biham, MD-4 was improved to MD-5 by

Rivest. The structure of MD-5 is quite similar to MD-4 but there

are four linear Boolean functions and four rounds. However, there

have been significant improvements in collision attacks on these

hash functions.

119

6.2.4 Secure Hash Algorithm (SHA)

Secure Hash Algorithm was developed by the National Institute of

Standards and Technology (NIST)and published as a federal infor-

mation processing standard (FIPS 180) in 1993; a revised version

was issued as FIPS 180-1 in 1995 and is generally referred to as

SHA-1. The actual standards’ document is entitled Secured Hash

Standard. SHA is based on the hash function MD4 and its design

closely models MD4. SHA-1 is also specified in RFC 3174, which

essentially duplicates the material in FIPS 180-1, but adds a C

code implementation.

SHA-1 produces a hash value of 160 bits. In 2002, NIST pro-

duced a revised version of the standard. FIPS 180-2, that defined

three new versions of SHA, with hash value lengths of 256, 384,

and 512 bits, known as SHA-256, SHA-384, and SHA-512. Table

6.1 shows the comparison of SHA parameters. These new ver-

Table 6.1: Comparison of SHA parameters

SHA-1 SHA-256 SHA-384 SHA-512

Message digest size 160 256 384 512

Message size < 264 < 264 < 2128 < 2128

Block size 512 512 1024 1024

Word size 32 32 64 64

Number of steps 80 64 80 80

Security 80 128 192 256

120

sions have the same underlying structure and use the same types

of modular arithmetic and logical binary operations as SHA-1.

In 2005, NIST announced the intention to phase out approval of

SHA-1 and move to a reliance on the other SHA versions by 2010.

Shortly thereafter, a research team described an attack in which

two separate messages could be found that they deliver the same

SHA-1 hash using 269 operations, far fewer than the 280 operations

previously thought needed to find a collision with an SHA-1 hash.

This result should hasten the transition to the other versions of

SHA.

6.3 Whirlpool Hash Function

The Whirlpool Hash Algorithm is 512-bit hash function designed

by Vincent Rijmen and Paulo S.L.M. Barreto. It uses a symmetric-

key block cipher based on AES, known as the Whirlpool Cipher.

The Whirlpool Hash Function is endorsed by New European Schemes

for Signatures, Integrity and Encryption (NESSIE). It has also

been adopted by the International Organization for Standardiza-

tion (ISO) and the International Electro-technical Commission

(IEC) as part of the joint ISO/IEC 10118-3 international stan-

dard. The Whirlpool is based on the use of a block cipher for the

compression function. The following are potential draw backs of

the block cipher.

121

• Block ciphers do not possess the properties of randomizing

functions. For example they are invertible. This lack of ran-

domness may lead to weaknesses that can be exploited

• Block ciphers typical exhibit other regularities or weaknesses

• Typically block cipher based hash functions are significantly

slower than hash functions based on a compressed functions,

specifically designed for the hash functions.

• A principal measure of the strength of a hash function is the

length of the hash code in bits. For DES it is 64-bits or 128-

bits, resulting in a hash code of questionable strength.

However, since the adoption of AES, there has been renewed in-

terest in developing a secure hash function based on strong block

cipher and exhibiting good performance. Whirlpool is block cipher

based hash function intended to provide security and performance

that is comparable than that found in non block cipher based hash

functions such as SHA. Whirlpool has the following features:

• The hash code length is 512-bits, equaling the longest hash

code available with SHA.

• The overall structure of the hash function is one that has been

shown to be resistant to the usual attacks on block cipher

based hash codes.

122

• The underlying block cipher based on AES and is designed to

provide for implementation in both software and hardware i.e

both compact and exhibits good performance

The design of whirlpool sets the following security goals:

• The expected workload of generating a collision is of the order

of the 2n/2 executions of whirlpool.

• Given an n-bit value, the expected workload of finding a mes-

sage that hashes to that value is of the order of 2n executions

of whirlpool.

• The given is a message and its n-bit hash result, the expected

workload of finding a second message that hashes to the same

value is of the order of 2n executions of Whirlpool.

• It is unfeasible to detect systematic correlations between any

linear combinations of input bits and any linear combinations

of bits of the hash results or to predict what bits of the hash re-

sult will change the value when certain input bits are flipped.

This means resistance against linear and differential attacks.

The Whirlpool hash structure is based on the Miyaguchi-Preneel

scheme and consists of 10 rounds. Fig.6.7 shows the model of sin-

gle iteration of Whirlpool function. P is Plain text or ith block of

input message, C is cipher text, K is encryption key, Hi is the ith

intermediate hash value, FF is feed forward value

123

Figure 6.7: Model of Single Iteration of the Whirlpool Hash Function

6.3.1 Hash Function Structure

Given a message consisting of a sequence of blocks m1,m2, · · ·mt,

the Whirlpool hash function is expressed as follows:

H0 = Initial Value

Hi = W (Hi−1,mi) +Hi−1 +mi

Ht = Final Hash Code value.

In terms of the model, the encryption key input for each itera-

tion is the intermediate hash value from the previous iteration;

the plaintext is the current message block; and the feed-forward

value is the bitwise XOR of the current message block and the

intermediate hash value from the previous iteration.

Whirlpool Algorithm

The algorithm takes as input a message with a maximum length

of less than 2256 bits and produces as output a 512-bit message

digest. The input is processed in 512-bit blocks. Fig.6.8 depicts

124

the overall processing of a message to produce a digest.

Figure 6.8: Message Digest Generation using Whirlpool

Message Preparation

The processing consists of the following steps:

• Append padding bits: The message is padded so that its

length in bits is an odd multiple of 256. Padding is always

added, even if the message is already of the desired length.

For example, if the message is 256 × 3 = 768 bits long, it is

padded by 512 bits to a length of 256× 5 = 1280 bits. Thus,

the number of padding bits is in the range of 1 to 512.

• Append length: A block of 256 bits is appended to the mes-

sage. This block is treated as an unsigned 256-bit integer

(most significant byte first) and contains the length in bits of

the original message (before the padding). The outcome of

the first two steps yields a message that is an integer multi-

ple of 512 bits in length. In Fig.6.8, the expanded message

125

is represented as the sequence of 512-bit blocks m1,m2, · · ·mt

so that the total length of the expanded message is t × 512

bits. These blocks are viewed externally as arrays of bytes

by sequentially grouping the bits in 8-bit chunks. However,

internally, the hash state Hi is viewed as an 8 × 8 matrix

of bytes. The transformation between the two is explained

subsequently.

• Initialize hash matrix: An 8 × 8 matrix of bytes is used to

hold intermediate and final results of the hash function. The

matrix is initialized as consisting of all 0-bits.

• Process the message in 512-bit (64-byte) blocks. The heart of

the algorithm is the block cipher W .

The Block Cipher W

Whirlpool uses a block cipher that is specifically designed for use

in the hash function. The block cipher W, which has a similar

structure and uses the same elementary functions as AES, uses a

block size and a key size of 512-bits. Although W is similar to

AES, it is not simply an extension. AES operates on a state of

4×4 bytes, whereas W operates on a state of 8×8 bytes. W uses a

row-oriented matrix whereas AES uses a column-oriented matrix.

A comparison between AES and W is presented in Table 6.2

126

Table 6.2: Comparison of AES and W Block ciphers

W AES

Block size(bits) 512 128

Key size(bits) 512 128,192 or 256

Matrix orientation Input is mapped row-wise Input is mapped column-

wise

Number of rounds 10 10, 12 and 14

Key expansion W round function Dedicated expansion algo-

rithm

GF (28) polynomial x8+x4+x3+x2+1 (0x11D) x8 +x4 +x3 +x+ 1 (0x11B)

Origin of S-box Recursive structure Multiplicative inverse in

GF (28) + affine transfor-

mation

Origin of round

constants

Successive entries of the S-

box

Elements 2i of GF (28)

Diffusion layer Right multiplication by 8×8

circulant MDS matrix (1, 1,

4, 1, 8, 5, 2, 9) - mix rows

Left multiplication by 4× 4


1, 1) - mix columns

Permutation Shift columns Shift rows

127

6.3.2 The Overall Structure

Fig.6.9 shows the overall structure of W. The encryption algorithm

takes a 512-bit block of plaintext and a 512-bit key as input and

produces a 512-bit block of cipher-text as output. The encryption

algorithm involves the use of four different functions, or transfor-

mations which are used in each round are:

• Substitute Bytes (SB)

• Shift Columns (SC)

• Mix Rows (MR)

• Add Key Round (AK)

W consists of a single application of AK followed by 10 rounds

that involve all four functions. Each round r can be expressed as a

round function RF which is a composition of the above functions:

RF (Kr) = AK[Kr] ◦MR ◦ SC ◦ SB

Substitute Bytes

The substitute byte function (SB) is a simple table lookup that

provides a nonlinear mapping. W defines a 16× 16 matrix of byte

values, called an S-box that contains a permutation of all possible

256, 8-bit values. Each individual byte of c-state is mapped into a

new byte in the following way:

128

Figure 6.9: : The Whirlpool Cipher W

129

The leftmost 4 bits of the byte are used as a row value and the

rightmost 4 bits are used as a column value. These row and col-

umn values serve as indices into the S-box to select a unique 8-bit

output value. For example, the hexadecimal value 95h references

row 9, column 5 of the S-box, which contains the value bah. Ac-

cordingly, the value 95h is mapped into the value bah. The S-box

can be generated by using a recursive structure. It consists of two

nonlinear layers, each containing two 4 × 4 S-boxes separated by

a 4 × 4 randomly generated box. Each of the boxes maps a 4-bit

input into a 4-bit output.

Shift Columns

The Shift Columns cause a circular downward shift of each column

of c state except the first column. For the second column, a 1-byte

circular downward shift is performed; for the third column, a 2-

byte circular downward shift is performed; and so on. The SC

function serves as the permutation layer.

Mix Rows

Any Block Cipher warrants having a diffusion layer, Mix Rows

serves this purpose in Whirlpool. This is achieved by having each

input bit affect the value of many output bits; generally, this results

in each output bit being affected by many input bits. The diffusion

layer (mix rows) achieves diffusion within each row individually.

130

Each byte of a row is mapped into a new value that is a function

of all eight bytes in that row. The transformation can be defined by

the matrix multiplication: B = C A Where, A is the input matrix,

B is the output matrix, and C is the transformation matrix. The

C matrix used in mix row operation is given below.

01 01 04 01 08 05 02 09

09 01 01 04 01 08 05 02

02 09 01 01 04 01 08 05

05 02 09 01 01 04 01 08

08 05 02 09 01 01 04 01

01 08 05 02 09 01 01 04

04 01 08 05 02 09 01 01

01 04 01 08 05 02 09 01

All the elements in the C-matrix are hexadecimal numbers.

Each element in the product matrix is the sum of the products

of elements of one row and one column. In this case, the individ-

ual additions and multiplications are performed in GF (28) with

the irreducible polynomial f(x) = x8 +x4 +x3 +x2 + 1, i.e., 11Dh.

Add Round Key

In the Add round key layer, the 512 bits of c-state are bitwise

XORed with the 512 bits of the round key. It is done byte by byte

on the C state matrix. Whirlpool doesn’t have a dedicated key

131

expansion algorithm. It uses a copy of the encryption algorithm

for key expansion. The round keys for the key expansion are 10

round constants. The key-generation algorithm treats the cipher-

key as plaintext and encrypts it, thus generating a round key for

the encryption algorithm at the end of every round of the key-

expansion algorithm.

Key Expansion for W

As shown in Figure 2.3, key expansion is achieved by using the

block cipher itself, with a round constant serving as the round key

for the expansion. The round constant for round 1 ≤ r ≤ 10 is a

matrix RC[r] in which only the first row is nonzero, and is defined

as follows:

RC[r]0,j = S[8(r − 1) + j] , (0 ≤ j ≤ 7), (1 ≤ r ≤ 10)

RC[r]i,j = 0 , (1 ≤ i ≤ 7), (0 ≤ j ≤ 7), (1 ≤ r ≤ 10)

Using the round constants, the key schedule expands the 512-bit

cipher key K onto a sequence of round keys K0, K1, . . . , K10

K0 = K

Kr = RF [RC[r]] (Kr−1)

where RF is the round function defined earlier. Note that for the

Add Round Key phase of each round, only the first row of k-state

is altered.

132

Whirlpool Performance and Security

The design of Whirlpool sets the following security goals: Assume

we take as hash result the value of any n-bit substring of the full

Whirlpool output,


of 2n/2 executions of Whirlpool.

• Given an n-bit value, the expected workload of finding a mes-

sage that hashes to that value is of the order of 2n executions

of Whirlpool.

• Given a message and its n-bit hash result, the expected work-

load of finding a second message that hashes to the same value

is of the order of 2n executions of Whirlpool.


linear combination of input bits and any linear combination

of bits of the hash result, or to predict what bits of the hash

result will change value when certain input bits are flipped

(this means resistance against linear and differential attacks).

6.4 New Whirlpool Hash Structure

In this New Whirlpool Hash Structure most of the structure is

same as existing Whirlpool structure, except the S-box generation.

133

In this structure we introduced the dynamic S-box generated by

using two keys namely, Permute Key and Auxiliary Key. Depend-

ing on the permute key initial permutation of the S-box entries

are modified, Using auxiliary key, affine transformation constants

A matrix, constant C and irreducible polynomial m are calculated.

Now dynamic S-box is constructed by using the affine transforma-

tion y = Ax⊕C mod m. The steps to generate the dynamic S-box

are as follows:

• Select a permute key of variable length from 1 byte to 256

byte.

• Initialize an array S[256] with 00h to ffh.

• Initialize another array T[256], by using the secret key. If

the key length is less than 256 bytes, repeatedly copy the key

bytes till the last element of the array.

• Initial permutation is done by using T as follows:

j = 0;

for i = 0 to 255;

do j = (j + S[i])mod256;

swap (S[i] , S[j]);

end;

• Construct an 8 x 8, non-singular A matrix entries with GF(2),

depending on Auxiliary key.

134

• Using Affine transformation y = Ax⊕C mod m, construct

an S-box.

– First convert S array into new S array by finding the

multiplicative inverse of each element by using a key de-

pendent irreducible polynomial m.

– Constant C is calculated by using key.

• Remaining procedure is as in existing Whirlpool Hash gener-

ation.

6.5 Advantages Over Whirlpool Hash Function


of the 2128+1638 = 21766.

• Given an 512-bit hash value, the expected workload of finding

a message that hashes to the same value is of the order of

2512+1638 = 22150 executions of new Hash function.

• The given is a message and its 512-bit hash result, the ex-

pected workload of finding a second message that hashes to

the same value is of the order of 2512+1638 = 22150 executions

of new Hash function.


linear combination of input bits and any linear combination

135

Table 6.3: Comparison of W and New W Block ciphers

W-block cipher New W-block cipher

Block size(bits) 512 512

Key size(bits) 512 512

Matrix orienta-

tion

Input is mapped row-wise Input is mapped row-wise

Number of

rounds

10 10

Key expansion W round function W round function

GF (28) polyno-

mial

(11dh) Key dependent irre-

ducible Polynomial

Origin of S-box Recursive structure Multiplicative inverse in

GF (28) + Key depen-

dent affine transforma-

tion

Origin of round

constants


box


box

Diffusion layer Right multiplication by 8×8


4, 1, 8, 5, 2, 9) - mix rows

Right multiplication by 8×8


4, 1, 8, 5, 2, 9) - mix rows

Permutation Shift columns Shift columns

136

of bits of the hash result, or to predict what bits of the hash

result will change value when certain input bits are flipped

(this means resistance against linear and differential attacks).

6.6 Results

The modified Hash function is constructed with the key dependent

S-box and tested with different text files of different sizes. It is

found that a single bit change in the text or a single bit in any one

key (secret key/permute key/auxiliary key) changes hash value to

great extent. Some of the results are tabulated in Table6.4 and

Table6.5

Table 6.4: Hash value for a text file1512 bit Hash value for a text of 2196 bytes

Original text Last bit changed Initial bit changed Change in one key bit

83422F2B0C5C0702 B69864A4486E23F3A 3D2F0E09B6F4767B 03E8AD681FFCBEDF

4C3BD78111F5B209 38273825F4854334 B6C3A1CAA7D49145 1BF6BBF286677A33

C9B963BDFA2D4AA3 5BDA54B65ECF739F 462806AA7EB6CFC3 44BDBBD59578173C

5A9BC39F07A359D2 C317DF9F5AD392B8 04DBBDB82B6054D1 6F5EDFCB1656393C

BB5F13BC014C1B50 56339628D1396A86 864A4E4CA315DBE3 BA2DD0125E5FAC78

589F24CDEEC8EB9F AD9D8EA62AFBC49C 033CE227AF6012B7 07FC1FE7D5C1C168

70F037D0C1E4209C D0160B97D701FF54 DC165F60B04F12AE 9FEC9FDB0C96AD94

CB47C10B14492827 78046ADD71F13F4C 93DDEF1A2676CD38 D1A56E7E99D0DD8E

6.7 Conclusion

The implementations of new Hash Algorithm with key dependent

S-box are developed and tested on various kinds of data. Typically,

137

Table 6.5: Hash value for a text file2512 bit Hash value for a text of 7 bytes

Original text Last bit changed Initial bit changed Change in one key bit

6D0032E7FBB38BC4 3D6442E9A756C3C2 AC3BD1A4D8353D67 3A3DE4CF5E7862DE

FF4F5AE3ADA6555C 44149183FAE89221 39973292A9A14C34 2385E9E8CB4BB000

5BC0B76FD7FE1E3A 91F9D86D0D9E08E9 D45B7123301396DF D051F0995DFD2E9E

1623D375A7705EF8 67E33192B939ED93 AF9BFA8E9073976E C9F0CD40CF92B484

17CCEA7389484186 600C1C3996A69B89 C7DFD2BDB4E17F95 014D8FA5CB7B239F

0DF19D17B6216F30 09C3F8E1994DAEA0 E07431B8A8827406 BBD736B2A131E3D7

3D02E1F85B8CAA4E FCFBBD41EB7F631E BDC3C18605900C26 3D4768D6E191DD79

EBEF046D96B7749A 6F0A9AE400120B53 58539560EAB06420 C4D6019ACF1A264E

data in the forms of text, image or audio is encrypted and then

a corresponding message digest is generated using new hash func-

tion. In each case a single bit of data was changed and new hash

was generated and found that the message digest was completely

different for each case.

138