Home Uncategorized cr-9

Uncategorized

cr-9

Attached.

Cryptography and Network Security:

Principles and Practice
Eighth Edition

Chapter 11

Cryptographic

Hash

Function

Hash

Functions

• A hash

function

H accepts a variable-length block of data

M as input and produces a fixed-size hash value

– h = H(M)

– Principal object is data integrit

• Cryptographic hash function

– An algorithm for which it is computationally infeasible to

find either:

(a) a data object that maps to a pre-specified hash

result (the one-way property)

(b) two data objects that map to the same hash result

(the collision-free property)

Figure 11.1 Cryptographic Hash

Function; h = H(M)

Figure 11.2 Attack Against Hash

Function

Figure 11.3 Simplified Examples of

the Use of a Hash

Function f

Message Authentication

Message Authentication Code (MAC)

• Also known as a keyed hash function

• Typically used between two parties that share a secret key

to authenticate information exchanged between those

parties

• Takes as input a secret key and a data block and produces

a hash value (MAC) which is associated with the protected

message

– If the integrity of the message needs to be checked, the

MAC function can be applied to the message and the

result compared with the associated MAC value

– An attacker who alters the message will be unable to

alter the associated MAC value without knowledge of

the secret key

Digital Signature

• Operation is similar to that of the MAC

• The hash value of a message is encrypted with a user’s

private key

• Anyone who knows the user’s public key can verify the

integrity of the message

• An attacker who wishes to alter the message would need

to know the user’s private key

• Implications of digital signatures go beyond just message

authentication

Figure 11.4 Simplified Examples of

Digital Signatures

Other Hash Function Uses

• Commonly used to create a one-way password file

– W hen a user enters a password, the hash of that password is

compared to the stored hash value for verification

– This approach to password protection is used by most operating

systems

• Can be used for intrusion and

virus detection

– Store H(F) for each file on a system and secure the hash values

– One can later determine if a file has been modified by recomputing

H(F)

– An intruder would need to change F without changing H(F)

• Can be used to construct a pseudorandom function (PRF) or a

pseudorandom number generator (PRNG)

– A common application for a hash-based PRF is for the generation

of symmetric keys

Two Simple Hash Functions

• Consider two simple insecure hash functions that operate using the

following general principles:

– The input is viewed as a sequence of n-bit blocks

– The input is processed one block at a time in an iterative fashion

to produce an n-bit hash function

• Bit-by-bit exclusive-OR (XOR) of every block

– Ci = bi1 xor bi2 xor . . . xor bim

– Produces a simple parity for each bit position and is known as a

longitudinal redundancy check

– Reasonably effective for random data as a data integrity check

• Perform a one-bit circular shift on the hash value after each block is

processed

– Has the effect of randomizing the input more completely and

overcoming any regularities that appear in the input

Figure 11.5 Two Simple Hash

Functions

Requirements and Security
Preimage

• x is the preimage of h for a hash value h = H(x)

• Is a data block whose hash function, using the function H,

is h

• Because H is a many-to-one mapping, for any given hash

value h, there will in general be multiple preimages

Collision

• Occurs if we have x ≠ y and H(x) = H(y)

• Because we are using hash functions for data integrity,

collisions are clearly undesirable

Table 11.1 Requirements for a

Cryptographic Hash Function H

Requirement Description

Variable input size H can be applied to a block of data of any size.

Fixed output size H produces a fixed-length output.

Efficiency H(x) is relatively easy to compute for any

given x, making both hardware and software
implementations practical.

Preimage resistant (one-way property) For any given hash value h, it is computationally

infeasible to find y such that H(y) = h.

Second preimage resistant (weak collision

resistant)

For any given block x, it is computationally

Infeasible to find y x with H(y) = H(x).

Collision resistant (strong collision resistant) It is computationally infeasible to find any pair

(x, y) with x y, such that H(x) = H(y).

Pseudorandomness Output of H meets standard tests for

pseudorandomness.

Figure 11.6 Relationship Among Hash

Function Properties

Table 11.2 Hash Function Resistance

Properties Required for Various Data

Integrity Applications

Blank Preimage

Resistan

Second Preimage

Resistant

Collision Resistant

Hash + digital signature yes yes yes*

Intrusion detection and

virus detection

Blank Blank Blank

Hash + symmetric

encryption

Blank Blank Blank

One-way password file yes Blank Blank

MAC yes yes yes*

*Resistance required if attacker is able to mount a chosen message attack

Attacks on Hash Functions

Brute-Force Attacks

• Does not depend on the

specific algorithm, only

depends on bit length

• In the case of a hash

function, attack depends

only on the bit length of

the hash value

• Method is to pick values at

random and try each one

until a collision occurs

Cryptanalysis

• An attack based on

weaknesses in a

particular cryptographic

algorithm

• Seek to exploit some

property of the algorithm

to perform some attack

other than an exhaustive

Collision Resistant Attacks (1 of 2)

• For a collision resistant attack, an adversary wishes to find two

messages or data blocks that yield the same hash function

– The effort required is explained by a mathematical result

referred to as the birthday parado

• Yuval proposed the following strategy to exploit the birthday

paradox in a collision resistant attack:

– The source (A) is prepared to sign a legitimate message x

by appending the appropriate m-bit hash code and

encrypting that hash code with A’s private key

– Opponent generates 2m/2 variations x’ of x, all with

essentially the same meaning, and stores the messages

and their hash values

– Opponent prepares a fraudulent message y for which A’s

signature is desired

Collision Resistant Attacks (2 of 2)

– Opponent generates minor variations y’ of y, all of which convey

essentially the same meaning. For each y’, the opponent

computes H (y’), checks for matches with any of the H (x’) values,

and continues until a match is found. That is, the process

continues until a y’ is generated with a hash value equal to the

hash value of one of the x’ values

– The opponent offers the valid variation to A for signature which can

then be attached to the fraudulent variation for transmission to the

intended recipient

▪ Because the two variations have the same hash code, they will

produce the same signature and the opponent is assured of

success even though the encryption key is not known

A Letter in 238

Variations

Figure 11.7 A Letter in 238

Variations

Figure 11.8 General Structure of

Secure Hash Code

Secure Hash Algorithm (SHA)

• SHA was originally designed by the National Institute of

Standards and Technology (NIST) and published as a

federal information processing standard (FIPS 180) in

1993

• Was revised in 1995 as SHA-1

• Based on the hash function MD4 and its design closely

models MD4

• Produces 160-bit hash values

• In 2002 NIST produced a revised version of the standard

that defined three new versions of SHA with hash value

lengths of 256, 384, and 512

– Collectively known as SHA-2

Table 11.3 Comparison of SHA

Parameters

Algorithm Message

Size

Block Size Word Size Message

Digest Size

SHA-1 < 264 512 32 160

SHA-224 < 264 512 32 224

SHA-256 < 264 512 32 256

SHA-384 < 2128 1024 64 384

SHA-512 < 2128 1024 64 512

SHA-512/224 < 2128 1024 64 224

SHA-512/256 < 2128 1024 64 256

Note: All sizes are measured in bits.

Figure 11.9 Message Digest

Generation Using SHA-512

Figure 11.10 SHA-512 Processing of a

Single 1024-Bit Block

Table 11.4 SHA-512 Constants
428a2f98d728ae22 7137449123ef65cd b5c0fbcfec4d3b2f e9b5dba58189dbbc

3956c25bf348b538 59f111f1b605d019 923f82a4af194f9b ab1c5ed5da6d8118

d807aa98a3030242 12835b0145706fbe 243185be4ee4b28c 550c7dc3d5ffb4e2

72be5d74f27b896f 80deb1fe3b1696b1 9bdc06a725c71235 c19bf174cf692694

e49b69c19ef14ad2 efbe4786384f25e3 0fc19dc68b8cd5b5 240ca1cc77ac9c65

2de92c6f592b0275 4a7484aa6ea6e483 5cb0a9dcbd41fbd4 76f988da831153b5

983e5152ee66dfab a831c66d2db43210 b00327c898fb213f bf597fc7beef0ee4

c6e00bf33da88fc2 d5a79147930aa725 06ca6351e003826f 142929670a0e6e70

27b70a8546d22ffc 2e1b21385c26c926 4d2c6dfc5ac42aed 53380d139d95b3df

650a73548baf63de 766a0abb3c77b2a8 81c2c92e47edaee6 92722c851482353b

a2bfe8a14cf10364 a81a664bbc423001 c24b8b70d0f89791 c76c51a30654be30

d192e819d6ef5218 d69906245565a910 f40e35855771202a 106aa07032bbd1b8

19a4c116b8d2d0c8 1e376c085141ab53 2748774cdf8eeb99 34b0bcb5e19b48a8

391c0cb3c5c95a63 4ed8aa4ae3418acb 5b9cca4f7763e373 682e6ff3d6b2b8a3

748f82ee5defb2fc 78a5636f43172f60 84c87814a1f0ab72 8cc702081a6439ec

90befffa23631e28 a4506cebde82bde9 bef9a3f7b2c67915 c67178f2e372532b

ca273eceea26619c d186b8c721c0c207 eada7dd6cde0eb1e f57d4f7fee6ed178

06f067aa72176fba 0a637dc5a2c898a6 113f9804bef90dae 1b710b35131c471b

28db77f523047d84 32caab7b40c72493 3c9ebe0a15c9bebc 431d67c49c100d4c

4cc5d4becb3e42b6 597f299cfc657e2a 5fcb6fab3ad6faec 6c44198c4a475817

Figure 11.11 Elementary SHA-512

Operation (single round)

Figure 11.12 Creation of 80-word

Input Sequence for SHA-512

Processing of Single Block

Figure 11.13 SHA-512 Logic

SHA-3

• SHA-1 has not yet been “broken”

– No one has demonstrated a technique for producing collisions in a

practical amount of time

– Considered to be insecure and has been phased out for SHA-2

• SHA-2 shares the same structure and mathematical operations as its

predecessors so this is a cause for concern

– Because it will take years to find a suitable replacement for SHA-2

should it become vulnerable, NIST decided to begin the process of

developing a new hash standard

• NIST announced in 2007 a competition for the SHA-3 next generation

NIST hash function

– W inning design was announced by NIST in October 2012

– SHA-3 is a cryptographic hash function that is intended to

complement SHA-2 as the approved standard for a wide range of

applications

The Sponge Construction

• Underlying structure of SHA-3 is a scheme referred to by its

designers as a sponge construction

• Takes an input message and partitions it into fixed-size blocks

• Each block is processed in turn with the output of each iteration

fed into the next iteration, finally producing an output block

• The sponge function is defined by three parameters:

– f = the internal function used to process each input block

– r = the size in bits of the input blocks, called the bitrate

– pad = the padding algorithm

Figure 11.14 Sponge Function Input

and Output

Figure 11.15 Sponge Construction

Table 11.5 SHA-3 Parameters

Message Digest Size 224 256 384 512

Message Size no maximum no maximum no maximum no maximum

Block Size (bitrate r) 1152 1088 832 576

Word Size 64 64 64 64

Number of Rounds 24 24 24 24

Capacity c 448 512 768 1024

Collision Resistance 2112 2128 2192 2256

Second Preimage Resistance 2224 2256 2384 2512

Note: All sizes and security levels—are measured in bits.

Figure 11.16 SHA-3 State Matrix

SHA-3 Iteration Function f

Figure 11.17 SHA-3 Iteration

Function f

Table 11.6 Step Functions in SHA-3

Function Type Description

θ Substitution New value of each bit in each word depends on its

current value and on one bit in each word of

preceding column and one bit of each word in

succeeding column.

ρ Permutation The bits of each word are permuted using a

circular bit shift. W[0, 0] is

not affected.

π Permutation Words are permuted in the 5 × 5 matrix. W[0, 0] is

not affected.

x Substitution New value of each bit in each word depends on its

current value and on one bit in next word in the

same row and one bit in the second next word in

the same row.

ι Substitution W[0, 0] is updated by XOR with a round constant.

Figure 11.18 Theta and Chi Step

Functions

Table 11.7 Rotation Values Used in SHA-3 (1 of 2)

(a) Calculation of values and positions

t g(t) g (t) mod 64 x, y

0 1 1 1, 0

1 3 3 0, 2

2 6 6 2, 1

3 10 10 1, 2

4 15 15 2, 3

5 21 21 3, 3

6 28 28 3, 0

7 36 36 0, 1

8 45 45 1, 3

9 55 55 3, 1

10 66 2 1, 4

11 78 14 4, 4

t g(t) g (t) mod 64 x, y

12 91 27 4, 0

13 105 41 0, 3

14 120 56 3, 4

15 136 8 4, 3

16 153 25 3, 2

17 171 43 2, 2

18 190 62 2, 0

19 210 18 0, 4

20 231 39 4, 2

21 253 61 2, 4

22 276 20 4, 1

23 300 44 1, 1

: ( ) = ( + 1)( + 2)/2

0 1 1
mod 5

2 3 0

Note g t t t

x
y

     
=     

     

Table 11.7 Rotation Values Used in SHA-3 (2 of 2)

(b) Rotation values by word position in matrix

Blank x = 0 x = 1 x = 2 x = 3 x = 4

y = 4 18 2 61 56 14

y = 3 41 45 15 21 8

y = 2 3 10 43 25 39

y = 1 36 44 6 55 20

y = 0 0 1 62 28 27

Figure 11.19 Pi Step Function

Table 11.8 Round Constants in SHA-3

Round
Constant

(hexadecimal)

Number

of 1 bits

0 0000000000000001 1

1 0000000000008082 3

2 800000000000808A 5

3 8000000080008000 3

4 000000000000808B 5

5 0000000080000001 2

6 8000000080008081 5

7 8000000000008009 4

8 000000000000008A 3

9 0000000000000088 2

10 0000000080008009 4

11 000000008000000A 3

Round
Constant
(hexadecimal)
Number
of 1 bits

12 000000008000808B 6

13 800000000000008B 5

14 8000000000008089 5

15 8000000000008003 4

16 8000000000008002 3

17 8000000000000080 2

18 000000000000800A 3

19 800000008000000A 4

20 8000000080008081 5

21 8000000000008080 3

22 0000000080000001 2

23 8000000080008008 4

Summary

• Summarize the applications of cryptographic hash

functions

• Explain why a hash function used for message authentication needs to

be secured

• Understand the operation of SHA-512

• Understand the differences among preimage resistant, second

preimage resistant, and collision resistant properties

• Present an overview of the basic structure of cryptographic hash

functions

• Describe how cipherblock chaining can be used to construct a hash

function

This work is protected by United States copyright laws and is

provided solely for the use of instructors in teaching their

courses and assessing student learning. Dissemination or sale of

any part of this work (including on the World Wide Web) will

destroy the integrity of the work and is not permitted. The work

and materials from it should never be made available to students

except by instructors using the accompanying text in their

classes. All recipients of this work are expected to abide by these

restrictions and to honor the intended pedagogical purposes and

the needs of other instructors who rely on these materials.

After reading chapter 11, describe a cryptographic hash function and how it is used as a security application.

The initial post must be completed by Thursday at 11:59 eastern.

You must use at least one scholarly resource.

Every discussion posting must be properly APA formatted.

Plagiarism in the discussion will not be tolerated.

Attached is PPT to the question.

Turn in your highest-quality paper
Get a qualified writer to help you with

“ cr-9 ”

Get high-quality paper

NEW! AI matching with writer

Hire a Writer

Client Reviews

4.9

Sitejabber

4.6

Trustpilot

4.8

Our Guarantees

100% Confidentiality

Information about customers is confidential and never disclosed to third parties.

Original Writing

We complete all papers from scratch. You can get a plagiarism report.

Timely Delivery

No missed deadlines – 97% of assignments are completed in time.

Money Back

If you're confident that a writer didn't follow your order details, ask for a refund.

New to Your Trusted Assignment Help Service? Sign up & Save

Calculate the price of your order

Type of paper needed:

Pages:

You will get a personal manager and a discount.

Academic level:

We'll send you the first draft for approval by at

Total price:

$0.00

Power up Your Academic Success with the
Team of Professionals. We’ve Got Your Back.

Power up Your Study Success with Experts We’ve Got Your Back.

Order Now Order Now