Network Security: Hashes
|
|
- Joan Todd
- 6 years ago
- Views:
Transcription
1 1 Network Security: Hashes Henning Schulzrinne Columbia University, New York Columbia University, Fall 2000 cfl , Henning Schulzrinne Last modified October 5, 2000
2 2 Hashes hash message digest one-way function: d = h(m), but no h 0 (d) =m cannot find message with given digest cannot find m 1 ;m 2 where d 1 = d 2 cannot find different m 2 with same digest (given some m 1 ) arbitrary-length message! fixed-size hash different: checksums (CRC): fast easy to compute two messages with same hash, protect against noisy channels
3 3 Randomness for 1000 inputs, any bit in the outputs 1 half the time each output: 50% 1 bits similar inputs uncorrelated outputs (half the bits should differ) note: efficiency not important
4 4 Random vs. Random random numbers for simulation (! Knuth, Bratley/Fox/Schrage): sequence no short cycles average = 0.5, variance,... completely predictable, repeatable white noise : flat frequency spectrum must be very efficient (multiply, add) random numbers for picking keys: unpredictable by outside observer two processes at the same time different number use audio, video efficiency not very important
5 5 The Birthday Problem (Approximate) two people with same birthday in room n inputs (humans) k = 365 possible outputs (birthdays) n (n 1)=2 pairs of inputs check for each pair: 1=k of both humans having same birthday k=2 pairs for 50% matching probability n ß p k for 50% chance warning: simplified, does not hold for large n! or: Example: n =23 p alldifferent =0:31 p same = n(n 1) 1 k 2
6 6 Birthday Problem, Correct compute probability of different birthdays no sample twice sampling without replacement sampling with replacement random sample of n people (birthdays) taken from k (365 days) k n samples with replacement (k) n = k(k 1) (k n +1)samples without replacement
7 7 Birthday Problem, Correct probability of no repetition: = n k(k (k 1) n +1) p (k) ß 1 = n k n k 1) n(n 2k = n 365 ( n +1) p (365) = n = n ::: n +1 1 = Example: n =23 p =0:43 365
8 8 How Many Bits for Hash? m bits, takes 2 m=2 to find two with the same hash 64 bits 2 32 messages to search note: different from picking h and finding m Example: Alice (secretary: Bob) wants to fire Fred Bob is Fred s friend Bob composes two messages (same hash), one to be read, the other sent generate lots of similar messages: 2 choices of wording in 32 places 2 32 messages
9 9 Hash Functions RFC: name inventor docs entity hash sub-stages MD2 Ron Rivest RFC 1319 bytes MD4 Ron Rivest RFC bit MD5 Ron Rivest RFC bit SHS NIST 32-bit 160
10 ψ MD(K AB jr A ) ψ r B 10 Authentication Alice Bob r A! MD(K AB jr B )! only need to compare result, not decrypt
11 MIC: MD(K AB jm 1 ) 11 Computing a MIC with a Hash can t just compute MD(m) but: Trudy can get MIC of m 2,givenm bit blocks, append (message length, pad) allow to concatenate padding, plus additional message put secret at end of message or: use only half the bits of MD can t continue message
12 b 2 = MD(K AB jb 1 ) 12 Encryption: One-Time Pad b 1 = MD(K AB jiv) b i = MD(K AB jb i 1 ) then: b used as one-time pad can t use same OTP twice use IV any OTP has privacy only: if plaintext known, can encrypt anything separate integrity function
13 break message into MD-length chunks p i b 1 = MD(K AB jiv ) c 1 = p 1 Φ b 1 b i = MD(K AB jc i 1 ) c i = p i Φ b i 13 Encryption: Mixing in the Plaintext similar to cipher feedback mode (CFB) 2 = MD(K AB jc 1 ) c 2 = p 2 Φ b 2 b..
14 14 Using Secret Key for a Hash Unix password algorithm: compute hash of user password, compare to hash of password typed first 8 bytes of password! secret key encrypt 0 with DES-like algorithm salt: 12-bit random number determines bits to duplicate in mangler when expanding 32 to 48 bits salt stored with hashed result
15 15 Hashing Large Messages Using Encryption key length k, block length b divide message into k-bit chunks m 1 ;m 2 ;::: first, encrypt a constant with m 1 as key encrypt output with m 2 as key output b(= 64) too short generate 2nd 64-bit quantity by reversing chunk order or: use different initial constants
16 Hashing Large Messages 16
17 17 IV IV m1 + m1 E K E m2 E m2 +
18 18 MD2 128-bit message digest arbitrary number of bytes pad to multiple of 16 bytes append MD2 checksum to end process whole message
19 c n := ß(m nk Φ c n 1 ) Φ c n 19 MD2 Checksum m nk : byte nk of message ß: 0! 41; 1! 46;::: supposedly based on ß
20 c n = c n Φ ß(c n 1 ) for n =0;:::;47; c 1 =0 20 MD2 Final Pass operate on 16-byte chunks 48-byte quantity q: (current digest j chunk j digest Φ chunk) 18 passes over q c 1 =(c 47 + pass #) mod 256 after pass 17, use first 16 bytes as new digest minimal storage: checksum, 48 bytes
21 16 message words m 0 ;m 1 ;:::;m 15 4 message digest words d 0 ;d 1 ;d 2 ;d 3 21 MD4 any number of bits operates on 32-bit quantities pad to multiple of 512 bits (16 32-bit words): ,messagelengthinbits digest = f(512-bit blocks, previous digest or initial constant) 1 stage = three mangling passes d 0 = ;d 1 =89abcdef 16 ;d 2 = fedcba98 16 ;:::
22 x + y: addition mod MD4 Operations bxc ο: bitwise complement x ^ y: bitwise and x _ y: bitwise or x ψ- y: rotate left y bits
23 selection function: F (x; y; z) =(x ^ y) _ (ο x ^ z) if bit x n is 1: pick F n = y n,otherwisez n d 0 = (d 0 + F (d 1 ;d 2 ;d 3 )+m 0 ) ψ- 3 d 1 = (d 3 + F (d 0 ;d 1 ;d 2 )+m 1 ) ψ- 7 d 2 = (d 2 + F (d 3 ;d 0 ;d 1 )+m 2 ) ψ- 11 d 3 = (d 1 + F (d 2 ;d 3 ;d 0 )+m 3 ) ψ- 15 d 0 = (d 0 + F (d 1 ;d 2 ;d 3 )+m 4 ) ψ MD4 Pass 1: Selection d ( i)^3 =(d ( i)^3 + F (d (1 i)^3 ;d (2 i)^3 ;d (3 i)^3 )+m i ) ψ- S 1 (i ^ 3) where S 1 (i) =3+4i, 1 10 = ; 2 10 = ;:::
24 constant b2 30p 2c =5a MD4 Pass 2: Majority G(x; y; z) =(x ^ y) _ (x ^ z) _ (y ^ z) G n =1iff 2 out of 3 bits x n ;y n ;z n are 1 d ( i)^3 = (d ( i)^3 + G(d (1 i)^3 ;d (2 i)^3 ;d (3 i)^3 )+m X(i) +5a ) where X(i) exchange bits (2,3) with (0,1); S 2 =3; 5; 9; 13; 3;::: ψ- S 2 (i ^ 3) d 0 = (d 0 + G(d 1 ;d 2 ;d 3 )+m 0 +5a ) ψ- 3 d 1 = (d 3 + G(d 0 ;d 1 ;d 2 )+m 4 +5a ) ψ- 5 d 2 = (d 2 + G(d 3 ;d 0 ;d 1 )+m 8 +5a ) ψ- 9 d 3 = (d 1 + G(d 2 ;d 3 ;d 0 )+m 12 +5a ) ψ- 13 d 0 = (d 0 + G(d 1 ;d 2 ;d 3 )+m 1 +5a ) ψ- 3
25 25
26 constant b2 30p 3c =6ed9eba1 16 d 0 = (d 0 + H(d 1 ;d 2 ;d 3 )+m 0 +6ed9eba1 16 ) ψ- 3 d 1 = (d 3 + H(d 0 ;d 1 ;d 2 )+m 4 +6ed9eba1 16 ) ψ- 9 d 2 = (d 2 + H(d 3 ;d 0 ;d 1 )+m 8 +6ed9eba1 16 ) ψ- 11 d 3 = (d 1 + H(d 2 ;d 3 ;d 0 )+m 12 +6ed9eba1 16 ) ψ- 15 d 0 = (d 0 + H(d 1 ;d 2 ;d 3 )+m 2 +6ed9eba1 16 ) ψ MD4 Pass 3: Ex-Or H(x; y; z) =x Φ y Φ z d ( i)^3 = (d ( i)^3 + H(d (1 i)^3 ;d (2 i)^3 ;d (3 i)^3 )+m R(i) +6ed9eba1 16 ) where R(i) Reverses bits in i; S 3 =3; 9; 11; 15 ψ- S 3 (i ^ 3)
27 27 MD5 MD4, MD5: same message padding, blocking, initial d i MD4: 3 passes MD5: 4 passes different functions, different shifts MD4: two constants for all m i MD5: different T i = b2 32 j sin ijc
28 d ( i)^3 = (d ( i)^3 + F (d (1 i)^3 ;d (2 i)^3 ;d (3 i)^3 )+m i + T i+1 ) d 0 = (d 0 + F (d 1 ;d 2 ;d 3 )+m 0 + T 1 ) ψ- 7 d 1 = (d 3 + F (d 0 ;d 1 ;d 2 )+m 1 + T 2 ) ψ- 12 d 2 = (d 2 + F (d 3 ;d 0 ;d 1 )+m 2 + T 3 ) ψ- 17 d 3 = (d 1 + F (d 2 ;d 3 ;d 0 )+m 3 + T 4 ) ψ- 22 d 0 = (d 0 + F (d 1 ;d 2 ;d 3 )+m 4 + T 5 ) ψ MD5 Pass 1: Selection where S 1 =7+5i: ψ- S 1 (i ^ 3)
29 G(x; y; z) =(x ^ z) _ (y^ οz) d 0 = (d 0 + G(d 1 ;d 2 ;d 3 )+m 1 + T 17 ) ψ- 5 d 1 = (d 3 + G(d 0 ;d 1 ;d 2 )+m 6 + T 18 ) ψ- 9 d 2 = (d 2 + G(d 3 ;d 0 ;d 1 )+m 11 + T 19 ) ψ- 14 d 3 = (d 1 + G(d 2 ;d 3 ;d 0 )+m 0 + T 20 ) ψ- 20 d 0 = (d 0 + G(d 1 ;d 2 ;d 3 )+m 5 + T 21 ) ψ MD5 Pass 2: Selection Selection function: d ( i)^3 = (d ( i)^3 + F (d (1 i)^3 ;d (2 i)^3 ;d (3 i)^3 )+m (5i+1)^15 + T i+17 ) ψ- S 2 (i ^ 3) where S 2 (i) =i(i +7)=2 +5:
30 d ( i)^3 = (d ( i)^3 + H(d (1 i)^3 ;d (2 i)^3 ;d (3 i)^3 )+m (3i+5)^15 )+T i+33 ) d 0 = (d 0 + H(d 1 ;d 2 ;d 3 )+m 5 + T 33 ) ψ- 4 d 1 = (d 3 + H(d 0 ;d 1 ;d 2 )+m 8 + T 34 ) ψ- 11 d 2 = (d 2 + H(d 3 ;d 0 ;d 1 )+m 11 + T 35 ) ψ- 16 d 3 = (d 1 + H(d 2 ;d 3 ;d 0 )+m 14 + T 36 ) ψ- 23 d 0 = (d 0 + H(d 1 ;d 2 ;d 3 )+m 1 + T 37 ) ψ MD5 Pass 3: Ex-Or H(x; y; z) =x Φ y Φ z as in MD4 where S 3 (i) =4; 11; 16; 23; 4;::: ψ- S 3 (i ^ 3)
31 I(x; y; z) =y Φ (x_ οz) d ( i)^3 = (d ( i)^3 + I(d (1 i)^3 ;d (2 i)^3 ;d (3 i)^3 )+m (7i)^15 + T i+49 ) d 0 = (d 0 + I(d 1 ;d 2 ;d 3 )+m 0 + T 49 ) ψ- 6 d 1 = (d 3 + I(d 0 ;d 1 ;d 2 )+m 7 + T 50 ) ψ- 10 d 2 = (d 2 + I(d 3 ;d 0 ;d 1 )+m 14 + T 51 ) ψ- 15 d 3 = (d 1 + I(d 2 ;d 3 ;d 0 )+m 5 + T 52 ) ψ- 21 d 0 = (d 0 + I(d 1 ;d 2 ;d 3 )+m 12 + T 53 ) ψ MD5 Pass 4: Ex-or where S 4 (i) =6; 10; 15; 21; 6;::: ψ- S 4 (i ^ 3)
32 A = B = efcdab89 16 C = 98badcfe 16 D = E = c3d2e1f Secure Hash Standard (SHS) 64 bits! 160 bits similar to MD5 5 passes 5 32-bit digest words digest AjBjCjDjE:
33 A 0 = E +(A ψ- 5) + W t + K t + f(t; B; C; D) C 0 = B ψ- 30 K t = b2 30p xc, wherex = f2; 3; 5; 10g[t=20] 33 SHS start with 512-bit block fill 4 more blocks with recursion bit words: word W n = W n 3 Φ W n 8 Φ W n 14 Φ W n 16 ψ- 1 modify digest: B 0 = A D 0 = C E 0 = D
34 f(t; B; C; D) = (B ^ C) _ (ο B ^ D) for 0» t» 19 f(t; B; C; D) = B Φ C Φ D for 20» t» 39 f(t; B; C; D) = (B ^ C) _ (B ^ D) _ (C ^ D) for 40» t» 59 f(t; B; C; D) = B Φ C Φ D for 60» t» SHS Function f():
Henning Schulzrinne Columbia University, New York Columbia University, Fall 2000
1 Network Security: Hashes Henning Schulzrinne Columbia University, New York schulzrinne@cs.columbia.edu Columbia University, Fall 2000 cfl1999-2000, Henning Schulzrinne Last modified October 5, 2000 Slide
More information4. Hash Functions Contents. 4. Hash Functions Message Digest
Contents 1 / 34 Message Digest Application of Message Digest Message Digest 2 (MD2) Message Digest 4 (MD4) Message Digest 5 (MD5) Secure Hash Standard (SHS) purpose: should should prevent prevent from
More informationHashes and Message Digests Alex X. Liu & Haipeng Dai
Hashes and Message Digests Alex X. Liu & Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University Integrity vs. Secrecy Integrity: attacker cannot
More informationHash Functions. A hash function h takes as input a message of arbitrary length and produces as output a message digest of fixed length.
Hash Functions 1 Hash Functions A hash function h takes as input a message of arbitrary length and produces as output a message digest of fixed length. 0 1 1 0 1 0 0 1 Long Message Hash Function 1 1 1
More informationENEE 459-C Computer Security. Message authentication (continue from previous lecture)
ENEE 459-C Computer Security Message authentication (continue from previous lecture) Last lecture Hash function Cryptographic hash function Message authentication with hash function (attack?) with cryptographic
More informationCryptographic Hashing
Innovation and Cryptoventures Cryptographic Hashing Campbell R. Harvey Duke University, NBER and Investment Strategy Advisor, Man Group, plc January 30, 2017 Campbell R. Harvey 2017 2 Overview Cryptographic
More informationIntroduction to Cryptography Lecture 4
Data Integrity, Message Authentication Introduction to Cryptography Lecture 4 Message authentication Hash functions Benny Pinas Ris: an active adversary might change messages exchanged between and M M
More informationProblem 1. k zero bits. n bits. Block Cipher. Block Cipher. Block Cipher. Block Cipher. removed
Problem 1 n bits k zero bits IV Block Block Block Block removed January 27, 2011 Practical Aspects of Modern Cryptography 2 Problem 1 IV Inverse Inverse Inverse Inverse Missing bits January 27, 2011 Practical
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 15 October 20, 2014 CPSC 467, Lecture 15 1/37 Common Hash Functions SHA-2 MD5 Birthday Attack on Hash Functions Constructing New
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Appendix A: Symmetric Techniques Block Ciphers A block cipher f of block-size
More informationPublic Key Algorithms
1 Public Key Algorithms ffl hash: irreversible transformation(message) ffl secret key: reversible transformation(block) encryption digital signatures authentication RSA yes yes yes El Gamal no yes no Zero-knowledge
More informationIntroduction to Information Security
Introduction to Information Security Lecture 4: Hash Functions and MAC 2007. 6. Prof. Byoungcheon Lee sultan (at) joongbu. ac. kr Information and Communications University Contents 1. Introduction - Hash
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 16 October 30, 2017 CPSC 467, Lecture 16 1/52 Properties of Hash Functions Hash functions do not always look random Relations among
More informationWeek 12: Hash Functions and MAC
Week 12: Hash Functions and MAC 1. Introduction Hash Functions vs. MAC 2 Hash Functions Any Message M Hash Function Generate a fixed length Fingerprint for an arbitrary length message. No Key involved.
More informationENEE 457: Computer Systems Security 09/19/16. Lecture 6 Message Authentication Codes and Hash Functions
ENEE 457: Computer Systems Security 09/19/16 Lecture 6 Message Authentication Codes and Hash Functions Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland,
More informationIntroduction to Cryptography k. Lecture 5. Benny Pinkas k. Requirements. Data Integrity, Message Authentication
Common Usage of MACs for message authentication Introduction to Cryptography k Alice α m, MAC k (m) Isα= MAC k (m)? Bob k Lecture 5 Benny Pinkas k Alice m, MAC k (m) m,α Got you! α MAC k (m )! Bob k Eve
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 14 October 16, 2013 CPSC 467, Lecture 14 1/45 Message Digest / Cryptographic Hash Functions Hash Function Constructions Extending
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationHASH FUNCTIONS 1 /62
HASH FUNCTIONS 1 /62 What is a hash function? By a hash function we usually mean a map h : D {0,1} n that is compressing, meaning D > 2 n. E.g. D = {0,1} 264 is the set of all strings of length at most
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationExam Security January 19, :30 11:30
Exam Security January 19, 2016. 8:30 11:30 You can score a maximum of 100. Each question indicates how many it is worth. You are NOT allowed to use books or notes, or a (smart) phone. You may answer in
More informationSymmetric Ciphers. Mahalingam Ramkumar (Sections 3.2, 3.3, 3.7 and 6.5)
Symmetric Ciphers Mahalingam Ramkumar (Sections 3.2, 3.3, 3.7 and 6.5) Symmetric Cryptography C = E(P,K) P = D(C,K) Requirements Given C, the only way to obtain P should be with the knowledge of K Any
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationIntro to Public Key Cryptography Diffie & Hellman Key Exchange
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary - Math Part
More informationSIGNATURE SCHEMES & CRYPTOGRAPHIC HASH FUNCTIONS. CIS 400/628 Spring 2005 Introduction to Cryptography
SIGNATURE SCHEMES & CRYPTOGRAPHIC HASH FUNCTIONS CIS 400/628 Spring 2005 Introduction to Cryptography This is based on Chapter 8 of Trappe and Washington DIGITAL SIGNATURES message sig 1. How do we bind
More informationNetwork Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30
Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) LIU Zhen Due Date: March 30 Questions: 1. RSA (20 Points) Assume that we use RSA with the prime numbers p = 17 and q = 23. (a) Calculate
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA: Review and Properties Factoring Algorithms Trapdoor One Way Functions PKC Based on Discrete Logs (Elgamal) Signature Schemes Lecture 8 Tel-Aviv University
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 11 Hash Functions ver.
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 11 Hash Functions ver. October 29, 2009 These slides were prepared by
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from
More informationLeftovers from Lecture 3
Leftovers from Lecture 3 Implementing GF(2^k) Multiplication: Polynomial multiplication, and then remainder modulo the defining polynomial f(x): (1,1,0,1,1) *(0,1,0,1,1) = (1,1,0,0,1) For small size finite
More informationPrivate-key Systems. Block ciphers. Stream ciphers
Chapter 2 Stream Ciphers Further Reading: [Sim92, Chapter 2] 21 Introduction Remember classication: Private-key Systems Block ciphers Stream ciphers Figure 21: Private-key cipher classication Block Cipher:
More informationRSA RSA public key cryptosystem
RSA 1 RSA As we have seen, the security of most cipher systems rests on the users keeping secret a special key, for anyone possessing the key can encrypt and/or decrypt the messages sent between them.
More informationNumber theory (Chapter 4)
EECS 203 Spring 2016 Lecture 12 Page 1 of 8 Number theory (Chapter 4) Review Compute 6 11 mod 13 in an efficient way What is the prime factorization of 100? 138? What is gcd(100, 138)? What is lcm(100,138)?
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationWinter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2
0368.3049.01 Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod Assignment #2 Published Sunday, February 17, 2008 and very slightly revised Feb. 18. Due Tues., March 4, in Rani Hod
More informationKlein s and PTW Attacks on WEP
TTM4137 Wireless Security Klein s and PTW Attacks on WEP Anton Stolbunov NTNU, Department of Telematics version 1, September 7, 2009 Abstract These notes should help for an in-depth understanding of the
More informationCHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 11 April 2017, 8:30-12:30
CHALMERS GÖTEBORGS UNIVERSITET CRYPTOGRAPHY TDA35 (Chalmers) - DIT50 (GU) 11 April 017, 8:30-1:30 No extra material is allowed during the exam except for pens and a simple calculator (not smartphones).
More informationQuestion: Total Points: Score:
University of California, Irvine COMPSCI 134: Elements of Cryptography and Computer and Network Security Midterm Exam (Fall 2016) Duration: 90 minutes November 2, 2016, 7pm-8:30pm Name (First, Last): Please
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationAlternative Approaches: Bounded Storage Model
Alternative Approaches: Bounded Storage Model A. Würfl 17th April 2005 1 Motivation Description of the Randomized Cipher 2 Motivation Motivation Description of the Randomized Cipher Common practice in
More informationA block cipher enciphers each block with the same key.
Ciphers are classified as block or stream ciphers. All ciphers split long messages into blocks and encipher each block separately. Block sizes range from one bit to thousands of bits per block. A block
More informationOne-way Hash Function Based on Neural Network
One-way Hash Function Based on Neural Network Shiguo Lian, Jinsheng Sun, Zhiquan Wang Department of Automation, Nanjing University of Science & echnology, Nanjing, 294, China, sg_lian@63.com Abstract A
More information2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms
CRYPTOGRAPHY 19 Cryptography 5 ElGamal cryptosystems and Discrete logarithms Definition Let G be a cyclic group of order n and let α be a generator of G For each A G there exists an uniue 0 a n 1 such
More informationHASH FUNCTIONS. Mihir Bellare UCSD 1
HASH FUNCTIONS Mihir Bellare UCSD 1 Hashing Hash functions like MD5, SHA1, SHA256, SHA512, SHA3,... are amongst the most widely-used cryptographic primitives. Their primary purpose is collision-resistant
More informationThe Hash Function JH 1
The Hash Function JH 1 16 January, 2011 Hongjun Wu 2,3 wuhongjun@gmail.com 1 The design of JH is tweaked in this report. The round number of JH is changed from 35.5 to 42. This new version may be referred
More informationCryptographic Hash Functions
Cryptographic Hash Functions Çetin Kaya Koç koc@ece.orst.edu Electrical & Computer Engineering Oregon State University Corvallis, Oregon 97331 Technical Report December 9, 2002 Version 1.5 1 1 Introduction
More informationLecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography
CS 7880 Graduate Cryptography September 10, 2015 Lecture 1: Perfect Secrecy and Statistical Authentication Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Definition of perfect secrecy One-time
More informationSPCS Cryptography Homework 13
1 1.1 PRP For this homework, use the ollowing PRP: E(k, m) : {0, 1} 3 {0, 1} 3 {0, 1} 3 000 001 010 011 100 101 110 111 m 000 011 001 111 010 000 101 110 100 001 101 110 010 000 111 100 001 011 010 001
More informationCryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1
Cryptography CS 555 Topic 25: Quantum Crpytography CS555 Topic 25 1 Outline and Readings Outline: What is Identity Based Encryption Quantum cryptography Readings: CS555 Topic 25 2 Identity Based Encryption
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #6 Sep 8 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #1 later today Still some have not signed up for class mailing list Perhaps
More information5199/IOC5063 Theory of Cryptology, 2014 Fall
5199/IOC5063 Theory of Cryptology, 2014 Fall Homework 2 Reference Solution 1. This is about the RSA common modulus problem. Consider that two users A and B use the same modulus n = 146171 for the RSA encryption.
More informationSecurity II: Cryptography exercises
Security II: Cryptography exercises Markus Kuhn Lent 2015 Part II Some of the exercises require the implementation of short programs. The model answers use Perl (see Part IB Unix Tools course), but you
More informationb = 10 a, is the logarithm of b to the base 10. Changing the base to e we obtain natural logarithms, so a = ln b means that b = e a.
INTRODUCTION TO CRYPTOGRAPHY 5. Discrete Logarithms Recall the classical logarithm for real numbers: If we write b = 10 a, then a = log 10 b is the logarithm of b to the base 10. Changing the base to e
More informationUniv.-Prof. Dr. rer. nat. Rudolf Mathar. Written Examination. Cryptography. Tuesday, August 29, 2017, 01:30 p.m.
Cryptography Univ.-Prof. Dr. rer. nat. Rudolf Mathar 1 2 3 4 15 15 15 15 60 Written Examination Cryptography Tuesday, August 29, 2017, 01:30 p.m. Name: Matr.-No.: Field of study: Please pay attention to
More informationIntroduction. CSC/ECE 574 Computer and Network Security. Outline. Introductory Remarks Feistel Cipher DES AES
CSC/ECE 574 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms CSC/ECE 574 Dr. Peng Ning 1 Outline Introductory Remarks Feistel Cipher DES AES CSC/ECE 574 Dr. Peng Ning 2 Introduction
More informationCHAPTER 6: OTHER CRYPTOSYSTEMS, PSEUDO-RANDOM NUMBER GENERATORS and HASH FUNCTIONS. Part VI
CHAPTER 6: OTHER CRYPTOSYSTEMS, PSEUDO-RANDOM NUMER GENERATORS and HASH FUNCTIONS Part VI Public-key cryptosystems, II. Other cryptosystems, security, PRG, hash functions A large number of interesting
More informationAttacks on hash functions. Birthday attacks and Multicollisions
Attacks on hash functions Birthday attacks and Multicollisions Birthday Attack Basics In a group of 23 people, the probability that there are at least two persons on the same day in the same month is greater
More informationQuantum Cryptography. Marshall Roth March 9, 2007
Quantum Cryptography Marshall Roth March 9, 2007 Overview Current Cryptography Methods Quantum Solutions Quantum Cryptography Commercial Implementation Cryptography algorithms: Symmetric encrypting and
More informationTHE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018
THE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018 CPSC 418/MATH 318 L01 October 17, 2018 Time: 50 minutes
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationMessage Authentication Codes (MACs)
Message Authentication Codes (MACs) Tung Chou Technische Universiteit Eindhoven, The Netherlands October 8, 2015 1 / 22 About Me 2 / 22 About Me Tung Chou (Tony) 2 / 22 About Me Tung Chou (Tony) Ph.D.
More informationNetwork Security Based on Quantum Cryptography Multi-qubit Hadamard Matrices
Global Journal of Computer Science and Technology Volume 11 Issue 12 Version 1.0 July Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals Inc. (USA) Online ISSN:
More informationSolutions for week 1, Cryptography Course - TDA 352/DIT 250
Solutions for week, Cryptography Course - TDA 352/DIT 250 In this weekly exercise sheet: you will use some historical ciphers, the OTP, the definition of semantic security and some combinatorial problems.
More informationL7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015
L7. Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang, 5 March 2015 1 Outline The basic foundation: multiplicative group modulo prime The basic Diffie-Hellman (DH) protocol The discrete logarithm
More informationPseudo-random Number Generation. Qiuliang Tang
Pseudo-random Number Generation Qiuliang Tang Random Numbers in Cryptography The keystream in the one-time pad The secret key in the DES encryption The prime numbers p, q in the RSA encryption The private
More informationH Definition - hash function. Cryptographic Hash Functions - Introduction. Cryptographic hash functions. Lars R. Knudsen.
Definition - hash function Cryptographic Hash Functions - Introduction Lars R. Knudsen April 21, 2008 Located in the southernmost part of Europe with an artic climate, Hotel Finse 1222 provides the perfect
More informationLecture 10: HMAC and Number Theory
CS 6903 Modern Cryptography April 15, 2010 Lecture 10: HMAC and Number Theory Instructor: Nitesh Saxena Scribes: Anand Bidla, Samiksha Saxena,Varun Sanghvi 1 HMAC A Hash-based Message Authentication Code
More informationSolution of Exercise Sheet 7
saarland Foundations of Cybersecurity (Winter 16/17) Prof. Dr. Michael Backes CISPA / Saarland University university computer science Solution of Exercise Sheet 7 1 Variants of Modes of Operation Let (K,
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationPerfectly-Secret Encryption
Perfectly-Secret Encryption CSE 5351: Introduction to Cryptography Reading assignment: Read Chapter 2 You may sip proofs, but are encouraged to read some of them. 1 Outline Definition of encryption schemes
More informationCryptographic Hashes. Yan Huang. Credits: David Evans, CS588
Cryptographic Hashes Yan Huang Credits: David Evans, CS588 Recap: CPA 1. k KeyGen(1 n ). b {0,1}. Give Enc(k, ) to A. 2. A chooses as many plaintexts as he wants, and receives the corresponding ciphertexts
More informationOrdinary Math in Everyday Life. Jesse Walker, Ph.D. Intel Corporation Intel Labs Security and Privacy Research
Ordinary Math in Everyday Life Jesse Walker, Ph.D. Intel Corporation Intel Labs Security and Privacy Research jesse.walker@intel.com 1 Academia v. Industry Academic math is like fine dining Industrial
More informationDTTF/NB479: Dszquphsbqiz Day 27
DTTF/NB479: Dszquphsbqiz Day 27 Announceents: Questions? This week: Discrete Logs, Diffie-Hellan, ElGaal Hash Functions and SHA-1 Birthday attacks Hash Functions Message (long) Cryptographic hash Function,
More informationLecture V : Public Key Cryptography
Lecture V : Public Key Cryptography Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Amir Rezapoor Computer Science Department, National Chiao Tung University 2 Outline Functional
More informationOverview. Public Key Algorithms II
Public Key Algorithms II Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State
More informationMESSAGE AUTHENTICATION CODES and PRF DOMAIN EXTENSION. Mihir Bellare UCSD 1
MESSAGE AUTHENTICATION CODES and PRF DOMAIN EXTENSION Mihir Bellare UCSD 1 Integrity and authenticity The goal is to ensure that M really originates with Alice and not someone else M has not been modified
More informationU.C. Berkeley CS276: Cryptography Luca Trevisan February 5, Notes for Lecture 6
U.C. Berkeley CS276: Cryptography Handout N6 Luca Trevisan February 5, 2009 Notes for Lecture 6 Scribed by Ian Haken, posted February 8, 2009 Summary The encryption scheme we saw last time, based on pseudorandom
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Previously on COS 433 Takeaway: Crypto is Hard Designing crypto is hard, even experts get it wrong Just because I don t know
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationHans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009. References. References
Hans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009 Die Unterlagen sind ausschliesslich zum persoenlichen Gebrauch der Vorlesungshoerer bestimmt. Die Herstellung von elektronischen
More informationSecurity Implications of Quantum Technologies
Security Implications of Quantum Technologies Jim Alves-Foss Center for Secure and Dependable Software Department of Computer Science University of Idaho Moscow, ID 83844-1010 email: jimaf@cs.uidaho.edu
More informationPublic Key Cryptography. All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other.
Public Key Cryptography All secret key algorithms & hash algorithms do the same thing but public key algorithms look very different from each other. The thing that is common among all of them is that each
More informationChapter 3 Cryptography
Chapter 3 Cryptography Introduction: Cryptography is an ancient art of keeping secrets. Cryptography ensures security of communication over insecure medium. Terms used in Cryptography: 1) Plain Text: The
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationLecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography
Lecture 19: (Diffie-Hellman Key Exchange & ElGamal Encryption) Recall In private-key cryptography the secret-key sk is always established ahead of time The secrecy of the private-key cryptography relies
More information3F1: Signals and Systems INFORMATION THEORY Examples Paper Solutions
Engineering Tripos Part IIA THIRD YEAR 3F: Signals and Systems INFORMATION THEORY Examples Paper Solutions. Let the joint probability mass function of two binary random variables X and Y be given in the
More informationhas the solution where M = Since c = w 2 mod n we have c w 2 (mod p) and c w 2 (mod q);
CHAPTER 6: OTHER CRYPTOSYSTEMS and ASIC CRYPTOGRAPHY PRIMITIVES A large number of interesting and important cryptosystems have already been designed. In this chapter we present several other of them in
More information1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2
Contents 1 Recommended Reading 1 2 Public Key/Private Key Cryptography 1 2.1 Overview............................................. 1 2.2 RSA Algorithm.......................................... 2 3 A Number
More informationAddition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?
Ch - Algorithms with numbers Addition Basic arithmetic Addition ultiplication Division odular arithmetic factoring is hard Primality testing 53+35=88 Cost? (n number of bits) O(n) ultiplication al-khwārizmī
More informationCSE 311 Lecture 11: Modular Arithmetic. Emina Torlak and Kevin Zatloukal
CSE 311 Lecture 11: Modular Arithmetic Emina Torlak and Kevin Zatloukal 1 Topics Sets and set operations A quick wrap-up of Lecture 10. Modular arithmetic basics Arithmetic over a finite domain (a.k.a
More informationORYX. ORYX not an acronym, but upper case Designed for use with cell phones. Standard developed by. Cipher design process not open
ORYX ORYX 1 ORYX ORYX not an acronym, but upper case Designed for use with cell phones o To protect confidentiality of voice/data o For data channel, not control channel o Control channel encrypted with
More informationPractice Assignment 2 Discussion 24/02/ /02/2018
German University in Cairo Faculty of MET (CSEN 1001 Computer and Network Security Course) Dr. Amr El Mougy 1 RSA 1.1 RSA Encryption Practice Assignment 2 Discussion 24/02/2018-29/02/2018 Perform encryption
More informationFull Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5
Full Attacks on HMAC/NMAC- and NMAC-MD5 Pierre-Alain Fouque, Gaëtan Leurent, Phong Nguyen Laboratoire d Informatique de l École Normale Supérieure CRYPTO 2007 1/26 WhatisaMACalgorithm? M Alice wants to
More informationSlides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013
RSA Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013 Recap Recap Number theory o What is a prime number? o What is prime factorization? o What is a GCD? o What does relatively prime
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationCryptography Lecture 4 Block ciphers, DES, breaking DES
Cryptography Lecture 4 Block ciphers, DES, breaking DES Breaking a cipher Eavesdropper recieves n cryptograms created from n plaintexts in sequence, using the same key Redundancy exists in the messages
More informationAttacks on RSA & Using Asymmetric Crypto
Attacks on RSA & Using Asymmetric Crypto Luke Anderson luke@lukeanderson.com.au 7 th April 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Breaking RSA 2.1 Chinese Remainder Theorem 2.2 Common
More informationA Pseudo-Random Encryption Mode
A Pseudo-Random Encryption Mode Moni Naor Omer Reingold Block ciphers are length-preserving private-key encryption schemes. I.e., the private key of a block-cipher determines a permutation on strings of
More information