1 / 19

ICS 454 Principles of Cryptography

ICS 454 Principles of Cryptography. Secure Hashing and DSS Sultan Almuhammadi. Outline. One-way functions Secure Hash function Authentication (example) Digital Signature Standards (DSS). Definitions. One-way function f :A  B Given x  A, it is easy to compute f ( x )

elvis-morin
Download Presentation

ICS 454 Principles of Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ICS 454Principles of Cryptography Secure Hashing and DSS Sultan Almuhammadi

  2. Outline • One-way functions • Secure Hash function • Authentication (example) • Digital Signature Standards (DSS)

  3. Definitions • One-way function f :AB • Given x A, it is easy to compute f (x) • Given f (x), it is hard to compute x • Trapdoor one-way function • A one-way function f :A  B with a secret s, such that • Given x A, it is easy to compute f (x) • Given f (x), it is hard to compute x • Given f (x) and s, it is easy to compute x

  4. Examples • One-way function • Multipicative group Zp* with generator g • f (x) = gx mod p • Trapdoor one-way function • Multiplicative group Zn* where n = p.q for primes p,q • f (x) = x2 mod n • The secret is:(p and q)

  5. Hash Function • Definition: one-way hash function h(x) • A one-way hash function operates on an input message x of arbitrary length, and outputs a fixed-length hash value h(x). • Given x, it is easy to compute h(x) • Given h(x), it is infeasible to compute x

  6. Hash Function Properties • h can be applied to an input of any size • h produces a fixed-length output • One-way property: Easy to compute h(x), but infeasible to compute x given h(x) • Collision resistance property: • Weakly collision-free: Given x, it is infeasible to find y  x, such that h(x) = h(y) • Strongly collision-free: It is infeasible to find any pair (x, y) such that y  x and h(x) = h(y)

  7. Secure Hashing • Definition: h is cryptographically secure if it is a one-way collision-free hash function. • Note: Strong/weak collision resistance depends on the sensitivity of the application • Given a message M, h(M) is called the hash value of M , hash code, or the message digest. • Examples: SHA, MD4, MD5, Whirlpool

  8. Security of Hash Functions • Effort Required for Brute-Force Attack (on average)

  9. General Structure of Secure Hashing

  10. Secure Hash Algorithm (SHA) • Developed by National Institute of Standards and Technology (NIST) in 1993. • In 1995, NIST published SHA-1 • Based on MD4 • Output: 160-bit hash value • In 2002, NIST defined 3 versions (SHA-256, SHA-384, SHA-512) with hash value lengths: 256, 384, and 512. • In 2005, NIST approved the phase out of SHA-1 and moving to other versions of SHA by 2010.

  11. MD4 • MD stands for Message Digest and designed by Ron Rivest • Output: 128-bit hash values • Design goals (claimed by Rivest) • Strongly collision-free (no attack is better than brute-foce) • The security is based on no assumption (like hardness of factorization) • MD4 was cryptanalyzed shortly after publishing and some parts were successfully attacked.

  12. MD5 • MD5 is an improved version of MD4 • Output: 128-bit hash values • Ron Rivest made several improvements of MD5 over MD4 • MD5 was cryptanalyzed but there is no practical impact on the security of the hash function

  13. Whirlpool • Based on the use of a block cipher for the compression function (initially DES, later AES) • General drawbacks of using block cipher: • Block ciphers are invertible lack of randomness • Low performance due to slow block ciphers • Weakness due to regularities of block ciphers • Hash value length restriction due to block sizes: h  2b • Since the adoption of AES, Whirlpool overcomes the above drawbacks.

  14. Whirlpool • Advantages of using AES • Hash code length is 512 bits (same as SHA) • Resistant to usual attacks on block-cipher hashing • Good performance and compact implementation on software and hardware

  15. Applications of Secure Hashing • Authentication • Digital Signature

  16. Example: Authentication • Alice logs into a host computer • She identifies herself by a username and a password • The host computer stores a all username-password in a a database and check for a match. • Authentication using secure hash functions • Alice sends her password to the host • The host hashes the password and compares the hash value to the value it previously stored • If Eve steals the hash values, she still cannot log in, since the hash function is one-way and collision-free.

  17. Digital Signature Standard (DSS) • Proposed by the National Institute of Standards and Technology (NIST) in 1991 • DSS uses a digital signature algorithm (DSA): • Designed to provide only the digital signature function • Cannot be used for encryption or key exchange • Must be a public-key technique (publicly verifiable) • Use the SHA for hashing the message • Example of digital signature approaches: • RSA Approach • DSS Approach

  18. Digital Signature Approaches (DSS vs. RSA)

  19. Digital Signature Algorithm (DSA) • NIST adopted DSA based on ElGamal digital signature with the following parameters: • Prime p of length 512-1024 bits • 160-bit prime q such that q | (p – 1) • g is of the form g = h(p-1)/q mod p • Private key: x, Public key: y = gx mod p • The signature (r, s) is computed by: r = (gk mod p) mod q, for random k < q s = (k-1 (SHA(M) + x.r) mod q • The length of the signature (r, s) = 2 x 160 bits

More Related