Secure Hash Function

advertisement
S. Erfani, ECE Dept., University of Windsor
4.14
0688-590-18 Network Security
Simple Hash Functions
All hash functions operate using the following general principles:
a) The input string is viewed as a sequence of n-byte blocks.
b) The input is processed one block at a time in an iterative fashion to produce
an n-bit hash function.
The simplest hash function is the list-by-list XOR of every block, expressed as
following:
Ci=bi1  bi2  · · ·  bim
Where
Ci=ith list of the hash code, 1in
M=number of n-bit blocks in the input
Bij=ith list in jth block
=XOR operation.
This is shown in Fig. 7.
bit 1
Block1
Block2
b11
bit 2
b21
b12
….
bit n
bn1
bn2
:
:
Block m
b1m
C1
bnm
C2
Cn
Hash
code
Figure 7: Simple Hash Function using Bitwise XOR.
Note1: Fig.7 produces a simple parity for each bit position, and is known as a
longitudinal redundancy check. It is reasonably effective for random data as a
data integrity check.
Oct. 9, 2003
1
S. Erfani, ECE Dept., University of Windsor
0688-590-18 Network Security
Another scheme, originally proposed by NIST, used the simple XOR applied to
64 bit blocks of the message and then an encryption of the entire message that
used the cipher block-chaining (CBC) mode. In other words, given a message
consisting of a sequence of 64 bit blocks X1, X2, …., XN, define the hash code C
as the block and append the hash code as the final block:
C = XN+1 = X1  X2  ….  XN
Next, encrypt the entire message plus hash code, using CBC mode to produce
the encrypted message Y1, Y2, …., YN+1.
Note 2: It was shown that the above scheme to produce a hash code is not
secure.
4.15
Secure Hash Algorithm
A cryptographic hash function uses a cryptographic function as part of the
hash function. An intruder or opponent would presumably not have access to the
cryptographic function. The intruder could modify the data or the hash value or
both but without knowing the Cryptographic relationship between the data and
the hash value, the intruder would be unlikely to be able to modify both in such a
way that they match. Thus, modifications could be detected at the recipient’s
end, with a probability depending on the strength of the cryptographic algorithm
and on the degree to which the data was reduced.
The secure hash algorithm ( SHA ) was developed by NIST in 1993 (FIPS
PUB180). A revised version referred to as SHA-1 was issued in 1995 ( FIPS PUB
180-1). The algorithm takes as input a message with a maximum length of less
than 2 64 bits
Figure 8: Message Digest Generating Using SHA-1
Oct. 9, 2003
2
S. Erfani, ECE Dept., University of Windsor
0688-590-18 Network Security
And produces as output a 160-bit message digest. The input is processed in 512
– bit blocks. Figure 8 shows the overall processing of a message to produce a
digest. The processing consists of the following steps:
Step 1 -
Append Padding bits
The (plaintext message is padded so that its length is congruent to 448 module
512. Padding is always added, even if the message is already of the desired
length. Thus the number of padding bits is in the range of 1 to 512. The padding
consists of a single 1-bit followed by the necessary number of 0-bits.
Step 2 -
Append Length
A block of 64 bits is appended to the message. This block is treated as an
unsigned 64-bit integer and contains the length of the original message before
the padding.
The outcome of these two steps yields a message that is an integer multiple of
512 bits in length. In Figure 8 the expanded message is represented as the
sequence of 512-bit blocks Y0, Y1, ….., Y2-1, so that the total length of the
expanded message is
L x 512 bits. Equivalently, the result is a multiple of 16
32-bit words. Let M [0…….N-1] denote the words of the resulting message, with
N an integer multiple of 16. Thus, N=Lx16.
Step 3 -
Initialize MD Buffer
160-bit buffer is used to hold intermediate and final results of the hash function.
The buffer can be represented as five 32-bit registers (A,B,C,D,E). These
registers are initialized to the following 32-bit integers (hexadecimal values):
A = 67452301
B = EFCDAB89
C = 98BADCFF
D = 10325476
E = C3D2E1F0
Step 4 –
Process Message in 512-bit (16-Word) Blocks
The heart of the algorithm is a module, known as compression function, that
consists of four rounds of processing 20 steps each. The logic is illustrated in
Figure 9 (on the next page). The four rounds have a similar structure, but each
uses a different primitive logical function, which we call f1, f2, f3, and f4.
Each round takes as input the current 512-bit block being processed, Yq and the
160-bit buffer value ABCDE and updates the contents of the buffer. Each round
Oct. 9, 2003
3
S. Erfani, ECE Dept., University of Windsor
0688-590-18 Network Security
also uses an additive constant Kt, where 0<= t <= 79 indicates one of the 80
steps across five rounds.
Figure 9: SHA-1 Processing of a Single 512-Bit Block
(SHA-1 Compression Function)
In fact, only four distinct constants are used. The values, in hexadecimal and
decimal, are as follows:
Step number
Hexadecimal
Take integer part
0<= t <= 19
Kt = 5A827999
[ 230 x 2 ½ ]
20<= t <= 39
Kt = 6ED9EBA1
[ 230 x 3 ½ ]
40<= t <= 59
Kt = 8F1BBCDC
[ 230 x 5 ½ ]
60<= t <= 79
Kt = CA62C1D6
[ 230 x 10½ ]
Oct. 9, 2003
4
S. Erfani, ECE Dept., University of Windsor
0688-590-18 Network Security
The output of the fourth round (eightieth step) is added to the input to the first
round, CVq , to produce CVq+1. The addition is done independently for each of the
five words in the buffer with each of the corresponding words in CV q , using
addition module 232.
Step 5 –
Output
After all L 512-bit blocks have been processed, the output from the Lth stage is
the 160-bit message digest.
Note 1
The SHA-1 algorithm has the property that every bit of the hash
code is a function of every bit of the input. The complex repetition of the basic
function of ft produces results that are well mixed. It is unlikely that two messages
chosen at random will have the same hash code.
Note 2
The difficulty of coming up with two messages having the same
message digest is on the order of 280 operations. The difficulty of finding a
message with a given digest is on the order of 2160 operations.
Note 3
There are other secure hash algorithms:
1)
MD5 -
2)
RIPEMD -160 -
Oct. 9, 2003
The MD5 message-digest algorithm was
developed by Ron Rivest. It takes as input a message of
arbitrary length and produces as output a 128-bit
message-digest. The input is processed in 512-bit blocks.
It is shown that MD5 is vulnerable to cryptanalysis.
This algorithm was developed
under the European RACE Integrity Primitive Evaluation
(RIPE) project, by a group of researchers, who launched
partially successful attacks on MD4 and MD5. RIPEMD160 is quite similar to SHA-1. The algorithm takes as
input a message of arbitrary length and produces as
output a 160-bit message digest. The input is processed
in 512-bit blocks.
5
Download