Hash Functions, the MD5 Algorithm and the Future (SHA-3)

Hash Functions,the MD5 Algorithm

and the Future (SHA-3)

Dylan Field, Fall ’08SSU Math Colloquium

What is a hash?

First, Consider Humpty Dumpty...

Humpty Dumpty sat on a wall.

Humpty Dumpty had a great fall.

All the king’s horses and all the king’s men

Couldn’t put Humpty together again.

X

h(x)

BUT h(x) is a one way function

... so they can’t put Humpty together again.

x h(x)hash function

Humpty falls

x h(x)hash function

Humpty falls

‘hello’ MD5

x h(x)hash function

Humpty falls

‘hello’ MD55d41402abc4b2a76b9719d91

1017c592

- going backwards -

- going backwards -

- going backwards -

- going backwards -

- going backwards -

- going backwards -

NO!!!

- going backwards -

- going backwards -

5d41402abc4b2a76b9719d91

1017c592

- going backwards -

- going backwards -

5d41402abc4b2a76b9719d91

1017c592‘hello’

Requirements

h(x)

Requirements

h(x)

Given h(x)cannot find x

1

Requirements

h(x)


1

h(x) isconstant

2

Requirements

h(x)


1

h(x) isconstant

2

Can’t find x2

so h(x2)=h(x1)

3

Requirement #3 - Humpty Dumpty Style


≠


≠ ≠

≠ ≠ .........

so how does it work?

‘hello’

5d41402abc4b2a76b9719d911017c592

we’re going to focus on MD5

1. Convert ‘x’ to binary

‘hello’ 0110100001100101011011000110110001101111

1. Convert ‘x’ to binary2. Pad ‘x’ so that size of x (mod 512) = 0

0110100001100101011011000110110001101111

1

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 000000000000000

0000000000101000

‘hello’ in binary

0110100001100101011011000110110001101111

1

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 000000000000000

0000000000101000


add ‘1’

0110100001100101011011000110110001101111

1

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 000000000000000

0000000000101000


add ‘1’

0’s until x mod 512 = 496

0110100001100101011011000110110001101111

1

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 000000000000000

0000000000101000


add ‘1’

0’s until x mod 512 = 496

add 16 bit binary representation of x

xpadded = 0110100001100101011011000110110001101111 1 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 00000 0000000000101000

1. Convert ‘x’ to binary2. Pad ‘x’ so that size of x (mod 512) = 03. Break ‘x’ into 512 bit sub parts and 32 bit words

01101000011001010110110001101100

0110100001100101011011000110110001101111 1 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000 0000000000

0000000000 0000000000 0000000000 0000000000 00000 0000000000101000

W1 =

1. Convert ‘x’ to binary2. Pad ‘x’ so that size of x (mod 512) = 03. Break ‘x’ into 512 bit sub parts and 32 bit words4. Assign values to k[i], r[i], w[g], h0, h1, h2 and h3.

k[i] = |sin(i+1)| x 232 where ‘i’ is in radians


r[i] = Various round shift amounts



w[g] = Word number (0 – 15)



w[g] = Word number (0 – 15)

h0 = a = 0x67452301

h1 = b = 0xEFCDAB89

h2 = c = 0x98BADCFE

h3 = d = 0x10325476

1. Convert ‘x’ to binary2. Pad ‘x’ so that size of x (mod 512) = 03. Break ‘x’ into 512 bit sub parts and 32 bit words4. Assign values to k[i], r[i], w[g], h0, h1, h2 and h3.5. Perform 64 rounds on each sub part

But first... binary operations!

∧

∧(AKA ‘AND’)

p q ∧T T

p q ∧T T T

p q ∧T T T

T F

p q ∧T T T

T F F

p q ∧T T T

T F F

F T

p q ∧T T T

T F F

F T F

p q ∧T T T

T F F

F T F

F F

p q ∧T T T

T F F

F T F

F F F

In binary:T = 1F = 0

p q ∧T T T

T F F

F T F

F F F

p q ∧T T T

T F F

F T F

F F F

bit 1 bit 2 ∧1 1 1

1 0 0

0 1 0

0 0 0

∨

⊕

bit 1 bit 2 ∨1 1 1

1 0 1

0 1 1

0 0 0

“XOR is a type of logical disjunction on two operands that results in a value of “true” if and only if exactly one of the operands has a

value of ‘true’”

⊕

bit 1 bit 2 ∨1 1 1

1 0 1

0 1 1

0 0 0

bit 1 bit 2 ⊕1 1 F

1 0 T

0 1 T

0 0 F

¬

¬(not)

¬1=0¬0=1

<<(bit shift)

1 0 1 0 1 0

0 1 0 1 0 0

0 1 0 1 0

0

Remember:a,b,c,d are h0-3

Operation A

f = (b ∧ c) ∨ (¬ b ∧ d)g = i

Operation B

f = (d ∧ b) ∨ ((¬ d) ∧ c)g = (5i + 1) mod 16

Operation C

f = b ⊕ c ⊕ dg = (3i + 5) mod 16

Operation D

f = c ⊕ (b ∨ (¬ d))g = (7i) mod 16

A B C D

A B C D

A B C D

B

b + {(a + f + k[i] + w[g]) << r[i]}

b + {(a + f + k[i] + w[g]) << r[i]}

h1 h0

Calculated inOperations A-D

|sin(i+1)| x 232 where ‘i’ is in radians

The gth word(32 bit chunk)

ith pre-designated shift

After all 64 rounds...

1. Convert ‘x’ to binary2. Pad ‘x’ so that size of x (mod 512) = 03. Break ‘x’ into 512 bit sub parts and 32 bit words4. Assign values to k[i], r[i], w[g], h0, h1, h2 and h3.5. Perform 64 rounds on each sub part6. Add a, b, c and d to register values

h0 = h0 + ah1 = h1 + bh2 = h2 + ch3 = h3 + d

1. Convert ‘x’ to binary2. Pad ‘x’ so that size of x (mod 512) = 03. Break ‘x’ into 512 bit sub parts and 32 bit words4. Assign values to k[i], r[i], w[g], h0, h1, h2 and h3.5. Perform 64 rounds on each sub part6. Add a, b, c and d to register values7. Append the register values to create digest

128 bit digest

‘hello’

5d41402abc4b2a76b9719d911017c592

So?

Applications

Applications

PasswordProtection

Applications

PasswordProtection

MessageIntegrity

Applications

PasswordProtection

MessageIntegrity

DigitalSignatures

Password Protection

‘password’MD5

When you registered...

5f4dcc3b5aa765d61d8327deb882cf99

‘password’MD5

When you registered...


Data Base

‘password’

‘password’MD5

‘password’MD5



=

stored, hashed password?


=


No.

Give ‘incorrect password’ error


=


No.

Give ‘incorrect password’ error

Yes.

Let user into website

Attacks

Rainbow Tables

omgyouarenevergoingtocrackthis

123

1c9fee8bd70a5afb630fc4f38e97123f

omgyouarenevergoingtocrackthis

123

1c9fee8bd70a5afb630fc4f38e97123f

and Brute Force Attacks

Message Integrity

digest

File Verification

File Verification

Guarding against corruption

File Verification

Guarding against corruption

Proving you have something

before you release it

Attacks

Nostradamus Attack

But on November 30th 2007...

“We have used a Sony Playstation 3 to correctly predict the outcome of the 2008 US presidential elections. In order not to

influence the voters we keep our prediction secret, but commit to it by publishing its cryptographic hash on this website. The

document with the correct prediction and matching hash will be revealed after the elections.”

- Marc Stevens, Arjen Lenstra and Benne de Weger

3D515DEAD7AA16560ABA3E9DF05CBC80

But how could they have known!?!?

But how could they have known!?!?They didn’t.

3D515DEAD7AA16560ABA3E9DF05CBC80

Digital Signatures

MD5hash

hashMD5

privatekey

encrypted

hashMD5

privatekey

encryptedpublic

key

hash

hashMD5

privatekey

encryptedpublic

key

hash

MD5

hashMD5

privatekey

encryptedpublic

key

hash

MD5

✔

Attacks

Collision Attack

hash

privatekey

encryptedpublic

key

hash

MD5

✔

hash

encryptedpublic

key

hash✔

Changed Message

MD5

Very Dangerous!

Birthday Attack

Relies on ‘Birthday Paradox’

First we calculate the chance no one has the same birthday

Relies on ‘Birthday Paradox’

p(1)=100%

p(2)=(1)(1 - 1/365)

p(3)=(1)(1 - 1/365)(1 - 2/365)

To Generalize...

365! .365n(365-n)!

P(n)=

23 50% chance

30 70.6% chance

50 97% chance

We can use this property to find out how many hashes must

be calculated to find a collision.

Current State of MD5

MD5 =

MD5 = Broken

The Future of Hashes

Submissions were due on October 30th

Currently Submitted

BLAKE

Blue Midnight Wish

Boole

CubeHashEdon-R

EnRUPT

ESSENCE

Sgàil

Grøstl

Keccak

Maraca

MCSSHA-3

MD6

NaSHANKS2D

PonicSHAMATA

Skein

WaMM

Waterfall

BLAKE

Blue Midnight Wish

Boole

CubeHashEdon-R

EnRUPT

ESSENCE

Sgàil

Grøstl

Keccak

Maraca

MCSSHA-3

MD6

NaSHANKS2D

PonicSHAMATA

Skein

WaMM

Waterfall

Thank you for coming!

Any Questions?

Education

Hash Functions, the MD5 Algorithm and the Future (SHA-3)