4. Hash Functions Contents. 4. Hash Functions Message Digest
|
|
- Ezra York
- 5 years ago
- Views:
Transcription
1 Contents 1 / 34 Message Digest Application of Message Digest Message Digest 2 (MD2) Message Digest 4 (MD4) Message Digest 5 (MD5) Secure Hash Standard (SHS) purpose: should should prevent prevent from from falsification Message Digest A Cryptographic hash algorithm - also known as message digest or one-way transformation - is a mathematical transformation. Transformation: message m of arbitrary length fixed length number h(m) It has the following properties: For any message m, it is easy to compute h(m) Given h(m), there is no way to find a message m that hashes to h(m) It is computationally impossible to find two different m and m that hash to the same number h(m) It is necessary for the transformation that the output must not be predictable: If 1000 inputs are selected at random, any particular bit in the 1000 resulting outputs should be 1 about half the time. Each output should have about 50% of 1 bits (with high probability). If two inputs differ only by one bit then the outputs should look like completely independently chosen random numbers. Messages hash values Many Many messages have have the the same same hash hash value value m very complicated easy 2 / 34 h(m) 1
2 Message Digest It should look like someone flipped coins to determine, for each possible input, what the output should be Problem: It is still possible that two outputs have the same value although the inputs were different. The Birthday Problem: (forget about the leap yeas, i.e. Februrary 29) For one person, there are n = 365 distinct birthdays The probability p 1 of different birthdays is n/n For two people, there are 364 (i.e. n-1) different ways that the second could have a birthday without matching the first n ( n 1) n 1 p2 = p2 = n n n n 1 n... p3 = n n! n 1 n 2 K n r + The probability of different birthdays for r people: pr = pr = r 1 r n ( n r)! n The probability of a match is 1 - p r On the average, a match will occur after n steps p r ½ r ½ for for r 23 r p [in [in the the birthday problem] 23 = K K 314 p 50 = / 34 2 n ( )( ) ( 1) Application of a Message Digest If the message digest has k bits, i.e. 2 k different message digests, it would take 2 k/2 messages, chosen at random, to create two outputs with identical values k 128 because it is considered infeasible to search 2 64 messages (current state of the art). 4 / 34 [Rule of the game: If somebody is able (or maybe by pure luck) to create two different messages with the same 128 bit MD, then the whole algorithm for MD construction is considered null and void!!!] HISTORY: With RSA it is possible to digitally sign a message (signature encrypt a message with the private key). But: computing a signature for a long message with RSA is slow. Idea: sign message digest rather than original message The drive for message digest algorithms started with public key cryptography (after the invention of RSA). MD is even used when the message is transmitted in clear just to ensure integrity. 2
3 Application of a Message Digest: Authentication Authentication using a message digest : Alice and Bob share a secret K AB ; Alice wants to know, if Bob is still alive. Alice sends a challenge r A (a random number) Bob concatenates the secret K AB with r A and takes a message digest of that: MD(K AB r A ) Bob sends MD(K AB r A ) to Alice and Alice checks the result (apply the same procedure) 5 / 34 Alice Bob r A MD(K AB r A ) MD(K AB r B ) r B m Application of a Message Digest: Message Integrity Code Use Message Digest to generate a Message Integrity Code (MIC): Only the appropriate sender (say Alice) is able to compute the appropriate MIC for a message m. Obviously, MD(m) is not a MIC for m, since anyone can compute MD(m). Compute a MIC with a shared secret key K AB (same trick as for authentication). 6 / Enemy: m* Alice m, MD(m K AB ) Bob ok or error The MIC (can only be computed if K AB is known, i.e. can only be computed and checked for correctness by Alice and by Bob) Enemy: m*, MD(m*?), i.e. he doesn t know K AB, thus MD(..) is probably nonsense. 3
4 Application of a Message Digest: Encryption Use Message Digest for encryption: Problem: Message digest algorithms are not reversible. Idea: Generate (pseudo) random numbers using Message Digest and use Vernam Cipher (XOR message and random bit stream). Partition the the message into into Alice and Bob need a shared secret K AB chunks m 1, 1, m 2, 2, whose b 1 = MD(K AB IV) c 1 = m 1 b whose length length is is identical 1 to to the the MD MD length, length, e.g. e.g. b 2 = MD(K AB b 1 ) c 2 = m 2 b bits bits b 3 = MD(K AB b 2 ) c 3 = m 3 b b n = MD(K AB b n-1 ) c n = m n b n Alice and Bob can compute b i in advance and need a different IV (Initial Vector) for further encryption, since it is not secure to use the same bit stream twice. 7 / 34 Application of Message Digest: Encryption Problem: If you are able to guess the plaintext, you can XOR the guessed text with the ciphertext and then transmit any false message you like. Solution: mix the plaintext into the bit stream generation. b 1 = MD(K AB IV ) c 1 = m 1 b 1 b 2 = MD(K AB c 1 ) c 2 = m 2 b 2 b 3 = MD(K AB c 2 ) c 3 = m 3 b b n = MD(K AB c n-1 ) c n = m n b n Price to be paid: If a transmission error occurs, the rest of the message will be garbled. 8 / 34 if if m 1, 1,...,..., m n is n is guessed guessed and and if if cc 1, 1,...,..., cc n is n is received, then then the the attacker attacker can can compute b i = i cc i i m i i and and he he can can transmit transmit m 1 *, 1 *,...,..., m n * n by by means means of of cc 1 * 1 = m 1 * 1 b cc n * n = m n * n b n n 4
5 Application of Message Digest Task: Convert a secret key algorithm into a message digest algorithm for arbitrary messages. constant Given: A secret key algorithm with key length k bits and message block length key Chunk 1 m 1 encrypt b bits (e.g. DES: k=56 and b=64). Algorithm: b 1 Split message m into k-bit chunks key m 1, m 2,... Chunk 2 m encrypt 2 Use m 1 as a key to encrypt constant b2 Use m 2 to encrypt the previous result... Use the final b-bit result as message digest message digest Problem: 64 bit message digest is too short (see birthday problem). Generate the second 64-bit quantity using the chunks m 1, m 2,... in reverse order. (This is one of many possible alternatives.) 9 / 34 Application of a Message Digest 10 / 34 Unix uses a secret key algorithm (modified DES algorithm) to compute the hash of a password. The modification is done by a 12-bit number known as salt. Only the hash of the password and the salt are stored. When user types a password, UNIX computes the hash (using the salt) and compares the result with the stored quantity. Algorithm: Generate a 12-bit number. Convert the password into a secret key: pack the 7-bit ASCII associated with This This is is the the secret secret key key without without 8 parity parity bits. bits. each of the 8 characters of the password into a 56-bit quantity (UNIX passwords can be longer than 8 characters, but the remaining bytes are ignored). Use this key with the modified DES algorithm to encrypt 0 (zero). The result of the encryption of zero + the 12 Bit number is stored as the users hashed password. 5
6 Message Digest 2 (MD2) The need for message digest algorithms started with public key cryptography (RSA was invented). Computing a signature on a long message with RSA was to slow (not practical). Need for a cryptographically secure message digest function Ron Rivest developed MD, MD2, MD3, MD4, MD5 Later: SHS (Secure Hash Standard) MD was proprietary and was never published, MD3 was superseeded by MD4 MD2 is documented in RFC 1319, MD4 in RFC 1320, and MD5 in RFC 1321 MD2 overview: The Input to MD is a message with an arbitrary number of bytes. The message is padded to be a multiple of 16 bytes. A 16-byte quantity called checksum is appended (see below). Final pass: The message is processed, 16 bytes at a time, each time producing an intermediate result for the message digest. Each intermediate value of the message digest depends on the previous intermediate value and the value of the message being processed. 11 / 34 MD2 Padding 12 / 34 There must always be padding (even if the length of the original message is a multiple of 16 bytes). If the length of message is a multiple of 16 bytes then add 16 bytes of padding. Else add the necessary number of bytes (1-15) to make the message a multiple of 16 bytes. The message M is a multiple of 16 bytes, say M = k*16 bytes. original message padding r Bytes (1 r 16) each containing r This This trick trick allows allows to to detect detect the the end end of of the the message multiple of 16 bytes bytes End of the message, beginning of padding 6
7 The checksum is a 16-byte quantity. MD2 Checksum Computation It is similar to a message digest, but not cryptographically secure. Algorithm: The checksum C is set to 0. Process message one byte at a time calculation requires k*16 steps. number number of of chunks chunks C n := C n π(c n-1 M n ), π is a substitution function (see substitution table), C = Checksum, M = Message. Byte n of the checksum depends on byte n of the message, byte n-1 of the checksum and the previous value of byte n of the checksum. The substitution of (C n-1 M n ) is specified by the MD2 π substitution table: For example the value 0 is mapped to 41 and the value 1 is mapped to 46, etc. 13 / 34 MD2 Checksum Computation padded message 14 / 34 checksum nth byte M n π substitution 16 byte checksum th (n-1 mod 16) byte c n := c n π(c n-1 M n ) th (n mod 16) byte final chechsum is appended to the message 7
8 MD2 π Substitution Table 15 / Byte structure: 13, 5 ^= = transformed to 99 ^= MD2: Final Pass Input: A message with 16-byte checksum. This This data data stream stream is is processed in in chunks chunks of of bytes bytes each each Algorithm: Initialize a 48-byte block X 0, X 1, X 2,,X 47. Set the first 16 bytes of X to '0', the second 16 bytes to the first 16 bytes of the message and the last 16 bytes to the XOR-combination of the first and second 16 byte parts. Compression function: For j=0 to 17 For k=0 to 47 t = π(x k ) XOR X k X k = t 18 passes for each of the 48 bytes pass pass number number is is used used in in the the computation i.e steps of calculation t = (t+j) mod 256 Set the second 16 bytes of X to the second 16 bytes of the message, and the third 16 bytes of X to the XOR of the first 16 bytes of X and the second 16 bytes of X. Do step (3). Repeat steps (4) and (3) with every 16 bytes of the message, in turn. Output: The first 16 bytes of X 16 / 34 8
9 MD2 Checksum Computation 17 / 34 Initial value = 0 MD intermediate 16 Byte Block Message block padded message with appended 16-byte checksum Byte "-1" 0 Byte 0 Byte n-1 Byte n Byte 47 + pass (0-17) for next message block π substitution Pass 0: 0: c for n from 0 thru 47 C n := C n p(c n-1,m n ) c -1 := -1 := 0 Pass i, i, i>1: cc -1 := -1 := Byte i i mod 256 discarded Final MD2 after checksum processed MD4 MD4 was designed to be 32-bit-word-oriented. MD4 can be computed faster on 32-bit CPUs than the byte-oriented MD2 MD4 Message Padding The message to be fed into MD4 must be a multiple of 512 bits (sixteen 32-bit words). The original message is padded by adding a '1' bit, followed by '0' bits. A 64-bit quantity representing the number of bits in the unpadded message, mod 2 64, is appended to the message. 18 / 34 Padding bits 64 bits original message original length in bits multiple of 512 bits if orig. message has 47 bits, then bits 9
10 MD4: Overview of MD4 computation 19 / 34 The message digest to be computed is a 128-bit quantity (four 32-bit words). The message is processed in 512-bit blocks (sixteen 32-bit words). Each stage of the message digest computation takes the current value and modifies it using the next block of the message. Each stage (512-bit block) constant d 0,d 1,d 2,d 3 padded message has three passes: interm. digest (m Pass 1, Pass 2, Pass 3. 0,m 1,...,m 15 ) constant (d 0,d 1,d 2,d 3 ) is initialized to d 0 = HEX d 1 =89abcdef HEX d 2 =fedcba98 HEX d 3 = HEX d 0,new d 3,new interm. digest interm. digest Message Digest m i,d i consist of 32 bits (i.e. one dword) each. Somebody found "weaknesses" in MD4 if only two passes were uesed. No weakness is known, when all three passes were used. Nevertheless: this observation led to the development of the even stronger algorithm MD5. MD4 Operations 20 / 34 x is the floor of the number x, i.e. the greatest integer not greater than x x is the bitwise complement of the 32-bit quantity x x y is the bitwise 'and' of the 32-bit quantities x and y x y is the bitwise 'or' of the 32-bit quantities x and y is the bitwise 'exclusive or' of the 32-bit quantities x and y x+y is the bitwise binary sum of the 32-bit quantities x and y, with the carry bit of the high order bit discarded x y is the 32-bit quantity produced by taking the 32 bits of x and shifting them one position to the left y times, each time taking the bit shifted off the left end and placing it as the rightmost bit (left rotate) Function for Pass 1: F(x,y,z) = (x y) (~x z) Function for Pass 2: G(x,y,z) = (x y) (x z) (y z) Function for Pass 3: H(x,y,z) = x y z if x=1 then y "door function" else if x=0 then z "selection function G = 1 x +y+z 2 "Threshold function" 10
11 MD4 Pass 1 F(x,y,z) = (x y) (~x z) is known as the selection function if n th bit of x=1 then select n th bit of y for the output if n th bit of x=0 then select n th bit of z for the output 21 / 34 For i=0 to 15 do 2-complement d (-i) 3 =(d (-i) 3 + F(d (1-i) 3, d (2-i) 3, d (3-i) 3 ) + m i ) S 1 (i 3) where S 1 (i) = 3+4i The first few steps of the pass: 2-complement i=5: ^= 1 S 1 (1) = 3+4 = 7 d 0 =(d 0 +F(d 1, d 2, d 3 )+m 0 ) 3 d 3 =(d 3 +F(d 0, d 1, d 2 )+m 1 ) 7 d 2 =(d 2 +F(d 3, d 0, d 1 )+m 2 ) 11 d 1 =(d 1 +F(d 2, d 3, d 0 )+m 3 ) 15 d 0 =(d 0 +F(d 1, d 2, d 3 )+m 4 ) 3 d (-4) 3: ; ; Example: i= i -i = (-i) 3 (1011) (0011) = 0011 d (2-4) 3 = d (-2) MD4 Pass 2 G(x, y, z) = (x y) (x z) (y z) is known as the majority function the output is a 1 if at least two of the three inputs are 1 22 / 34 For i=0 to 15 do d (-i) 3 = (d (-i) 3 +G (d (1-i ) 3,d (2 -i ) 3,d (3 -i ) 3 ) + m X(i) + 5a ) S 2 (i 3) X(i) = 4i-15 i/4 X(i) is the 4-bit number formed by exchanging the low order and high order pairs of bits in the 4-bit number i: i = = X(i) i S 2 (0) = 3, S 2 (1) = 5, S 2 (2) = 9, S 2 (3) = 13 and the constant is 2 30 sqrt(2) = 5a d 0 =(d 0 +G(d 1, d 2, d 3 ) + m 0 ) + 5a ) 3 d 3 =(d 3 +G(d 0, d 1, d 2 ) + m 4 ) + 5a ) 5 d 2 =(d 2 +G(d 3, d 0, d 1 ) + m 8 ) + 5a ) 9 d 1 =(d 1 +G(d 2, d 3, d 0 ) + m 12 ) + 5a ) 13 d 0 =(d 0 +G(d 1, d 2, d 3 ) + m 1 ) + 5a ) 3 11
12 MD4 Pass 3 23 / 34 H(x,y,z) = x y z For i=0 to 15 do d (-i) 3 = (d (-i) 3 + H(d (1-i ) 3, d (2-i) 3, d (3-i) 3 ) + m R(i) + 6ed9eba1 16 ) S 3 (i 3) R(i)= 8i-12 i/2-6 i/4-3 i/8 R(i) is the 4-bit number formed by reversing the order of the bits in the 4-bit number i S 3 (0) = 3, S 3 (1) = 9, S 3 (2) = 11, S 3 (3) = 15 constant is 2 30 sqrt(3) = 6ed9eba1 16 d 0 = (d 0 + H(d 1, d 2, d 3 ) + m 0 ) + 6ed9eba1 16 ) 3 d 3 = (d 3 + H(d 0, d 1, d 2 ) + m 4 ) + 6ed9eba1 16 ) 9 d 2 = (d 2 + H(d 3, d 0, d 1 ) + m 8 ) + 6ed9eba1 16 ) 11 d 1 = (d 1 + H(d 2, d 3, d 0 ) + m 12 ) + 6ed9eba1 16 ) 15 d 0 = (d 0 + H(d 1, d 2, d 3 ) + m 2 ) + 6ed9eba1 16 ) 3 MD5 24 / 34 MD5 is very similar to MD4 but was designed to be more conservative (i.e., less concerned with speed and more concerned with security). Padding in MD5 is identical to the padding in MD4. The major differences are: MD4 makes three passes over each 16-byte chunk of the message. MD5 makes four passes over each 16-byte chunk. The functions are slightly different, as are the number of bits in the shifts. MD4 has two constants, one constant is used for each message word in pass 2, and another constant used for all of the 16 message words in pass 3. No constant is used in pass 1. MD5 uses a different parameters T i for each message word on each pass. Since there are 4 passes, each of which covers 16 messages, there are bit constants used in MD5. T i based on the sine function: T i = 2 32 sin(i) 12
13 MD5 T 1 = d76aa478 T 17 = f61e2562 T 33 = fffa3942 T 49 = f T 2 = e8c7b756 T 18 = c040b340 T 34 = 8771f681 T 50 = 432a ff97 T 3 = db T 19 = 265e5a51 T 35 = 6d9d6122 T 51 = ab9423a7 T 4 = c1bdceee T 20 = e9b6c7aa T 36 = fde5380c T 52 = fc93a039 T 5 = f57c0faf T 21 = d62f105d T 37 = a4beea44 T 53 = 655b59c3 T 6 = 4787c62a T 22 = T 38 = 4bdecfa9 T 54 = 8f0ccc92 T 7 = a T 23 = d8a1e681 T 39 = f6bb4b60 T 55 = ffeff47d T 8 = fd T 24 = e7d3fbc8 T 40 = bebfbc70 T 56 = 85845dd1 T 9 = d8 T 25 = 21e1cde6 T 41 = 289b7ec6 T 57 = 6fa87e4f T 10 = 8b44f7af T 26 = c33707d6 T 42 = eaa127fa T 58 = fe2ce6e0 T 11 = ffff5bb1 T 27 = f4d50d87 T 43 = d4ef3085 T 59 = a T 12 = 895cd7be T 28 = 455a14ed T 44 = 04881d05 T 60 = 4e0811a1 T 13 = 6b T 29 = a9e3e905 T 45 = d9d4d039 T 61 = f7537e82 T 14 = fd T 30 = fcefa3f8 T 46 = e6db99e5 T 62 = bd3f235 T 15 = a679438e T 31 = 676f02d9 T 47 = 1fa27cf8 T 63 = 2ad7d2bb T 16 = 49b40821 T 32 = 8d2a4c8a T 48 = c4ac5665 T 64 = eb86d / 34 T i = 2 32 sin(i) MD5: Overview of the MD5 Computation 26 / 34 Like MD4, MD5 processes the message in 512-bit (sixteen 32-bit words) blocks. The message digest is a 128-bit quantity (four 32-bit words). Each stage of the message digest computation takes the current value and modifies it using the next block of the message Each stage (512-bit block) makes four passes. constant is initialized to d 0 = HEX d 1 =89abcdef HEX d 2 =fedcba98 HEX d 3 = HEX constant d 0, d 1, d 2, d 3 digest digest digest m 0, m 1,...,m 15 padded message Message Digest 13
14 MD5 Pass 1 F(x, y, z) = (x y) (~x z) is known as the selection function if n th bit of x=1 then select n th bit of y for the output if n th bit of x=0 then select n th bit of z for the output 27 / 34 i For i=0 to 15 do d (-i) 3 =d (1-i) 3 + (d (-i) 3 + F(d (1-i) 3, d (2-i) 3, d (3-i) 3 ) + m i + T i +1 ) S 1 (i 3) where S 1 (i) = 7+5i The first few steps of the pass: " " cycles over 7, 12, 17, 22 d 0 = d 1 + (d 0 +F(d 1, d 2, d 3 ) + m 0 +T 1 ) 7 d 3 = d 0 + (d 3 +F(d 0, d 1, d 2 ) + m 1 +T 2 ) 12 d 2 = d 3 + (d 2 +F(d 3, d 0, d 1 ) + m 2 +T 3 ) 17 d 1 = d 2 + (d 1 +F(d 2, d 3, d 0 ) + m 3 +T 4 ) 22 d 0 = d 1 + (d 0 +F(d 1, d 2, d 3 ) + m 4 +T 5 ) 7 MD5 Pass 2 G(x, y, z) = (x z) (y ~z) is different in MD5 the n th bit of z is used to select the n th bit in x or y G(0010, 1011, 1001) = / 34 For i=0 to 15 do d (-i) 3 = d (1-i) 3 +(d (-i) 3 +G(d (1-i) 3,d (2-i) 3, d (3-i) 3 ) + m (5i+1) 15 + T i+17 ) S 2 (i 3) S 2 (i) = i(i+7)/2 + 5 why not e.g. i (i+1)/2+14??? The first few steps of the pass: d 0 = d 1 + (d 0 + G(d 1, d 2, d 3 ) + m 1 + T 17 ) 5 d 3 = d 0 + (d 3 + G(d 0, d 1, d 2 ) + m 6 + T 18 ) 9 d 2 = d 3 + (d 2 + G(d 3, d 0, d 1 ) + m 11 + T 19 ) 14 d 1 = d 2 + (d 1 + G(d 2, d 3, d 0 ) + m 0 + T 20 ) 20 d 0 = d 1 + (d 0 + G(d 1, d 2, d 3 ) + m 5 + T 21 ) 5 14
15 MD5 Pass 3 H(x,y,z) = x y z (as in MD4) For i=0 to 15 do d (-i) 3 = d (1-i) 3 + (d (-i) 3 + H(d (1-i) 3, d (2-i) 3, d (3-i) 3 ) + m (3i+5) 15 + T i+33 ) S 3 (i 3) 29 / 34 S 3 (0) = 4, S 3 (1) = 11, S 3 (2) = 16, S 3 (3) = 23 The first few steps of the pass: d 0 = d 1 + (d 0 + H(d 1, d 2, d 3 ) + m 5 + T 33 ) 4 d 3 = d 0 + (d 3 + H(d 0, d 1, d 2 ) + m 8 + T 34 ) 11 d 2 = d 3 + (d 2 + H(d 3, d 0, d 1 ) + m 11 + T 35 ) 16 d 1 = d 2 + (d 1 + H(d 2, d 3, d 0 ) + m 14 + T 36 ) 23 d 0 = d 1 + (d 0 + H(d 1,d 2, d 3 ) + m 1 + T 37 ) 4 I(x, y, z) = y (x ~z) MD5 Pass 4 30 / 34 For i=0 to 15 do d (-i) 3 = d (1-i) 3 +(d (-i) 3 + I(d (1-i) 3,d (2-i) 3, d (3-i) 3 ) + m (7i) 15 + T i+49 ) S 4 (i 3) S 4 (i) = (i+3) (i+4)/2 The first few steps of the pass: d 0 = d 1 + (d 0 + I(d 1, d 2, d 3 ) + m 0 + T 49 ) 6 d 3 = d 0 + (d 3 + I(d 0, d 1, d 2 ) + m 7 + T 50 ) 10 d 2 = d 3 + (d 2 + I(d 3, d 0, d 1 ) + m 14 + T 51 ) 15 d 1 = d 2 + (d 1 + I(d 2, d 3, d 0 ) + m 5 + T 52 ) 21 d 0 = d 1 + (d 0 + I(d 1, d 2, d 3 ) + m 12 + T 53 ) 6... d 1 = d 2 + (d 1 + I(d 2, d 3, d 0 ) + m 9 + T 64 ) 21 Private Question: -Why four passes? -Why not five or or six, maybe ten? 15
16 gener ierte Daten SHS (Secure Hash Standard) 31 / 34 SSH was proposed by NIST (it is similar to MD5, but slightly slower). Message Digest It can handle messages of up to 2 64 bits, and it produces a 160-bit output (5*32-bit). Like MD4 and MD5, SHS operates in stages (in 512-bit blocks). The message digest is a 160-bit quantity (five 32-bit words). Each stage (512-bit block) encompasses five passes constant is initialized to A = , B = efcdab89 16, C = 98badcfe 16, D = and E = c3d2e1f0 16 Requires a buffer of eighty 32-bit words (5 x 512 bits): W 0, W 1,..., W 79 constant A, B, C, D, E digest A NEW,..., E NEW digest digest Message Digest NIST: National Institute for for Standards and Technology padded message 1 1 Bible Bible Megabit Megabit (2 ( ) 2 ) 2 = = Bibles Bibles SHS 32 / 34 1 in revised version W 79 W 0 a 0 generated data { 16 words of message... a 15 aa n := n := aa n-3 n-3 aa n-14 n-14 aa n-16 (n n-16 (n 16) 16) [original Version] aa n := n :=(a(a n-3 n-3 aa n-14 n-14 aa n-16 ) n-16 ) 1 (n (n 16) 16) [revised Version] complicated function f (see below) 160-Bit intermediate MD value A B C D E 30 A B C D E new intermediate MD (final MD) the n th word of the block is the XOR combination of the following words: n-3, n-8, n-14, n-16 (in the revised version of SHS the XOR of words is rotated left one bit) 16
17 SHS 33 / 34 For t=0 to 79, modify A, B, C, D, and E as follows: B t+1 = A t C t+1 = B t 30 D t+1 = C t E t+1 = D t A t+1 = E t + (A t 5 )+ W t + K t + f (t, B t, C t, D t ) K t is a constant, but it varies with the words processed: K t = 2 30 sqrt(2) = 5a (0 t 19) K t = 2 30 sqrt(3) = 6ed9eba1 16 (20 t 39) K t = 2 30 sqrt(5) = 8f1bbcdc 16 (40 t 59) K t = 2 30 sqrt(10) = ca62c16 16 (60 t 79) (A t+1,...,e t+1 ) = Funct(A t,...,e t ) W t, K t W t depends on the message; K t is a constant (for each quarter of the section) SHS 34 / 34 f(t, B, C, D) is a function that varies with the words it is applied to: f (t,b,c,d )= (B C ) ( ~B D ) (0 t 19) f (t,b,c,d )= B C D (20 t 39) f (t,b,c,d )= (B C ) (B D ) (C D) (40 t 59) f (t,b,c,d )= B C D (60 t 79) 17
Network Security: Hashes
1 Network Security: Hashes Henning Schulzrinne Columbia University, New York schulzrinne@cs.columbia.edu Columbia University, Fall 2000 cfl1999-2000, Henning Schulzrinne Last modified October 5, 2000 2
More informationHenning Schulzrinne Columbia University, New York Columbia University, Fall 2000
1 Network Security: Hashes Henning Schulzrinne Columbia University, New York schulzrinne@cs.columbia.edu Columbia University, Fall 2000 cfl1999-2000, Henning Schulzrinne Last modified October 5, 2000 Slide
More informationHash Functions. A hash function h takes as input a message of arbitrary length and produces as output a message digest of fixed length.
Hash Functions 1 Hash Functions A hash function h takes as input a message of arbitrary length and produces as output a message digest of fixed length. 0 1 1 0 1 0 0 1 Long Message Hash Function 1 1 1
More informationHashes and Message Digests Alex X. Liu & Haipeng Dai
Hashes and Message Digests Alex X. Liu & Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University Integrity vs. Secrecy Integrity: attacker cannot
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationIntroduction to Information Security
Introduction to Information Security Lecture 4: Hash Functions and MAC 2007. 6. Prof. Byoungcheon Lee sultan (at) joongbu. ac. kr Information and Communications University Contents 1. Introduction - Hash
More informationLeftovers from Lecture 3
Leftovers from Lecture 3 Implementing GF(2^k) Multiplication: Polynomial multiplication, and then remainder modulo the defining polynomial f(x): (1,1,0,1,1) *(0,1,0,1,1) = (1,1,0,0,1) For small size finite
More informationSymmetric Ciphers. Mahalingam Ramkumar (Sections 3.2, 3.3, 3.7 and 6.5)
Symmetric Ciphers Mahalingam Ramkumar (Sections 3.2, 3.3, 3.7 and 6.5) Symmetric Cryptography C = E(P,K) P = D(C,K) Requirements Given C, the only way to obtain P should be with the knowledge of K Any
More informationWeek 12: Hash Functions and MAC
Week 12: Hash Functions and MAC 1. Introduction Hash Functions vs. MAC 2 Hash Functions Any Message M Hash Function Generate a fixed length Fingerprint for an arbitrary length message. No Key involved.
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Appendix A: Symmetric Techniques Block Ciphers A block cipher f of block-size
More informationCryptographic Hashing
Innovation and Cryptoventures Cryptographic Hashing Campbell R. Harvey Duke University, NBER and Investment Strategy Advisor, Man Group, plc January 30, 2017 Campbell R. Harvey 2017 2 Overview Cryptographic
More informationProblem 1. k zero bits. n bits. Block Cipher. Block Cipher. Block Cipher. Block Cipher. removed
Problem 1 n bits k zero bits IV Block Block Block Block removed January 27, 2011 Practical Aspects of Modern Cryptography 2 Problem 1 IV Inverse Inverse Inverse Inverse Missing bits January 27, 2011 Practical
More informationChapter 8 Public-key Cryptography and Digital Signatures
Chapter 8 Public-key Cryptography and Digital Signatures v 1. Introduction to Public-key Cryptography 2. Example of Public-key Algorithm: Diffie- Hellman Key Exchange Scheme 3. RSA Encryption and Digital
More informationDefinition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University
Number Theory, Public Key Cryptography, RSA Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr The Euler Phi Function For a positive integer n, if 0
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationPublic Key Algorithms
Public Key Algorithms Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationFundamentals of Modern Cryptography
Fundamentals of Modern Cryptography BRUCE MOMJIAN This presentation explains the fundamentals of modern cryptographic methods. Creative Commons Attribution License http://momjian.us/presentations Last
More informationSIGNATURE SCHEMES & CRYPTOGRAPHIC HASH FUNCTIONS. CIS 400/628 Spring 2005 Introduction to Cryptography
SIGNATURE SCHEMES & CRYPTOGRAPHIC HASH FUNCTIONS CIS 400/628 Spring 2005 Introduction to Cryptography This is based on Chapter 8 of Trappe and Washington DIGITAL SIGNATURES message sig 1. How do we bind
More informationCryptographic Hashes. Yan Huang. Credits: David Evans, CS588
Cryptographic Hashes Yan Huang Credits: David Evans, CS588 Recap: CPA 1. k KeyGen(1 n ). b {0,1}. Give Enc(k, ) to A. 2. A chooses as many plaintexts as he wants, and receives the corresponding ciphertexts
More informationIntroduction. CSC/ECE 574 Computer and Network Security. Outline. Introductory Remarks Feistel Cipher DES AES
CSC/ECE 574 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms CSC/ECE 574 Dr. Peng Ning 1 Outline Introductory Remarks Feistel Cipher DES AES CSC/ECE 574 Dr. Peng Ning 2 Introduction
More informationPublic Key Cryptography
Public Key Cryptography Spotlight on Science J. Robert Buchanan Department of Mathematics 2011 What is Cryptography? cryptography: study of methods for sending messages in a form that only be understood
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationENEE 459-C Computer Security. Message authentication (continue from previous lecture)
ENEE 459-C Computer Security Message authentication (continue from previous lecture) Last lecture Hash function Cryptographic hash function Message authentication with hash function (attack?) with cryptographic
More informationb = 10 a, is the logarithm of b to the base 10. Changing the base to e we obtain natural logarithms, so a = ln b means that b = e a.
INTRODUCTION TO CRYPTOGRAPHY 5. Discrete Logarithms Recall the classical logarithm for real numbers: If we write b = 10 a, then a = log 10 b is the logarithm of b to the base 10. Changing the base to e
More informationExam Security January 19, :30 11:30
Exam Security January 19, 2016. 8:30 11:30 You can score a maximum of 100. Each question indicates how many it is worth. You are NOT allowed to use books or notes, or a (smart) phone. You may answer in
More informationRSA RSA public key cryptosystem
RSA 1 RSA As we have seen, the security of most cipher systems rests on the users keeping secret a special key, for anyone possessing the key can encrypt and/or decrypt the messages sent between them.
More informationPermutation Generators Based on Unbalanced Feistel Network: Analysis of the Conditions of Pseudorandomness 1
Permutation Generators Based on Unbalanced Feistel Network: Analysis of the Conditions of Pseudorandomness 1 Kwangsu Lee A Thesis for the Degree of Master of Science Division of Computer Science, Department
More informationPublic Key Algorithms
1 Public Key Algorithms ffl hash: irreversible transformation(message) ffl secret key: reversible transformation(block) encryption digital signatures authentication RSA yes yes yes El Gamal no yes no Zero-knowledge
More informationENEE 457: Computer Systems Security 09/19/16. Lecture 6 Message Authentication Codes and Hash Functions
ENEE 457: Computer Systems Security 09/19/16 Lecture 6 Message Authentication Codes and Hash Functions Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland,
More informationCRYPTOGRAPHY AND NUMBER THEORY
CRYPTOGRAPHY AND NUMBER THEORY XINYU SHI Abstract. In this paper, we will discuss a few examples of cryptographic systems, categorized into two different types: symmetric and asymmetric cryptography. We
More informationMESSAGE AUTHENTICATION CODES and PRF DOMAIN EXTENSION. Mihir Bellare UCSD 1
MESSAGE AUTHENTICATION CODES and PRF DOMAIN EXTENSION Mihir Bellare UCSD 1 Integrity and authenticity The goal is to ensure that M really originates with Alice and not someone else M has not been modified
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 15 October 20, 2014 CPSC 467, Lecture 15 1/37 Common Hash Functions SHA-2 MD5 Birthday Attack on Hash Functions Constructing New
More informationCryptographic Hash Functions
Cryptographic Hash Functions Çetin Kaya Koç koc@ece.orst.edu Electrical & Computer Engineering Oregon State University Corvallis, Oregon 97331 Technical Report December 9, 2002 Version 1.5 1 1 Introduction
More informationIntro to Public Key Cryptography Diffie & Hellman Key Exchange
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary - Math Part
More informationCIS 6930/4930 Computer and Network Security. Topic 4. Cryptographic Hash Functions
CIS 6930/4930 Computer and Network Security Topic 4. Cryptographic Hash Functions 1 The SHA-1 Hash Function 2 Secure Hash Algorithm (SHA) Developed by NIST, specified in the Secure Hash Standard, 1993
More informationComputer Science A Cryptography and Data Security. Claude Crépeau
Computer Science 308-547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308-647A)
More informationQuantum Cryptography. Marshall Roth March 9, 2007
Quantum Cryptography Marshall Roth March 9, 2007 Overview Current Cryptography Methods Quantum Solutions Quantum Cryptography Commercial Implementation Cryptography algorithms: Symmetric encrypting and
More informationHans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009. References. References
Hans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009 Die Unterlagen sind ausschliesslich zum persoenlichen Gebrauch der Vorlesungshoerer bestimmt. Die Herstellung von elektronischen
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 11 Hash Functions ver.
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 11 Hash Functions ver. October 29, 2009 These slides were prepared by
More informationCHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 11 April 2017, 8:30-12:30
CHALMERS GÖTEBORGS UNIVERSITET CRYPTOGRAPHY TDA35 (Chalmers) - DIT50 (GU) 11 April 017, 8:30-1:30 No extra material is allowed during the exam except for pens and a simple calculator (not smartphones).
More informationSolutions for week 1, Cryptography Course - TDA 352/DIT 250
Solutions for week, Cryptography Course - TDA 352/DIT 250 In this weekly exercise sheet: you will use some historical ciphers, the OTP, the definition of semantic security and some combinatorial problems.
More informationMessage Authentication Codes (MACs)
Message Authentication Codes (MACs) Tung Chou Technische Universiteit Eindhoven, The Netherlands October 8, 2015 1 / 22 About Me 2 / 22 About Me Tung Chou (Tony) 2 / 22 About Me Tung Chou (Tony) Ph.D.
More informationPERFECT SECRECY AND ADVERSARIAL INDISTINGUISHABILITY
PERFECT SECRECY AND ADVERSARIAL INDISTINGUISHABILITY BURTON ROSENBERG UNIVERSITY OF MIAMI Contents 1. Perfect Secrecy 1 1.1. A Perfectly Secret Cipher 2 1.2. Odds Ratio and Bias 3 1.3. Conditions for Perfect
More informationWeek 7 An Application to Cryptography
SECTION 9. EULER S GENERALIZATION OF FERMAT S THEOREM 55 Week 7 An Application to Cryptography Cryptography the study of the design and analysis of mathematical techniques that ensure secure communications
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #6 Sep 8 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #1 later today Still some have not signed up for class mailing list Perhaps
More informationLecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography
CS 7880 Graduate Cryptography September 10, 2015 Lecture 1: Perfect Secrecy and Statistical Authentication Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Definition of perfect secrecy One-time
More informationThe Advanced Encryption Standard
Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 48 The Advanced Encryption Standard Successor of DES DES considered insecure; 3DES considered too slow. NIST competition in 1997 15
More informationCosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks
1 Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks Michael Albert michael.albert@cs.otago.ac.nz 2 This week Arithmetic Knapsack cryptosystems Attacks on knapsacks Some
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationDiscrete Mathematics GCD, LCM, RSA Algorithm
Discrete Mathematics GCD, LCM, RSA Algorithm Abdul Hameed http://informationtechnology.pk/pucit abdul.hameed@pucit.edu.pk Lecture 16 Greatest Common Divisor 2 Greatest common divisor The greatest common
More informationLecture V : Public Key Cryptography
Lecture V : Public Key Cryptography Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Amir Rezapoor Computer Science Department, National Chiao Tung University 2 Outline Functional
More informationTheme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS
1 C Theme : Cryptography Instructor : Prof. C Pandu Rangan Speaker : Arun Moorthy 93115 CS 2 RSA Cryptosystem Outline of the Talk! Introduction to RSA! Working of the RSA system and associated terminology!
More informationGurgen Khachatrian Martun Karapetyan
34 International Journal Information Theories and Applications, Vol. 23, Number 1, (c) 2016 On a public key encryption algorithm based on Permutation Polynomials and performance analyses Gurgen Khachatrian
More informationECS 189A Final Cryptography Spring 2011
ECS 127: Cryptography Handout F UC Davis Phillip Rogaway June 9, 2011 ECS 189A Final Cryptography Spring 2011 Hints for success: Good luck on the exam. I don t think it s all that hard (I do believe I
More informationNumber theory (Chapter 4)
EECS 203 Spring 2016 Lecture 12 Page 1 of 8 Number theory (Chapter 4) Review Compute 6 11 mod 13 in an efficient way What is the prime factorization of 100? 138? What is gcd(100, 138)? What is lcm(100,138)?
More informationThe Hash Function JH 1
The Hash Function JH 1 16 January, 2011 Hongjun Wu 2,3 wuhongjun@gmail.com 1 The design of JH is tweaked in this report. The round number of JH is changed from 35.5 to 42. This new version may be referred
More informationSecret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design:
Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design: Secret Key Systems Encrypting a small block of text (say 64 bits) General considerations
More informationASYMMETRIC ENCRYPTION
ASYMMETRIC ENCRYPTION 1 / 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters involved. 2 / 1 Recall
More informationCHAPTER 6: OTHER CRYPTOSYSTEMS, PSEUDO-RANDOM NUMBER GENERATORS and HASH FUNCTIONS. Part VI
CHAPTER 6: OTHER CRYPTOSYSTEMS, PSEUDO-RANDOM NUMER GENERATORS and HASH FUNCTIONS Part VI Public-key cryptosystems, II. Other cryptosystems, security, PRG, hash functions A large number of interesting
More informationPublic Key Cryptography
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Public Key Cryptography EECE 412 1 What is it? Two keys Sender uses recipient s public key to encrypt Receiver uses his private key to decrypt
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationSlides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013
RSA Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 1, 2013 Recap Recap Number theory o What is a prime number? o What is prime factorization? o What is a GCD? o What does relatively prime
More informationIntroduction to Cryptography k. Lecture 5. Benny Pinkas k. Requirements. Data Integrity, Message Authentication
Common Usage of MACs for message authentication Introduction to Cryptography k Alice α m, MAC k (m) Isα= MAC k (m)? Bob k Lecture 5 Benny Pinkas k Alice m, MAC k (m) m,α Got you! α MAC k (m )! Bob k Eve
More informationAll-Or-Nothing Transforms Using Quasigroups
All-Or-Nothing Transforms Using Quasigroups Stelios I Marnas, Lefteris Angelis, and George L Bleris Department of Informatics, Aristotle University 54124 Thessaloniki, Greece Email: {marnas,lef,bleris}@csdauthgr
More informationLecture Notes. Advanced Discrete Structures COT S
Lecture Notes Advanced Discrete Structures COT 4115.001 S15 2015-01-27 Recap ADFGX Cipher Block Cipher Modes of Operation Hill Cipher Inverting a Matrix (mod n) Encryption: Hill Cipher Example Multiple
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 9: Encryption modes. AES
CS355: Cryptography Lecture 9: Encryption modes. AES Encryption modes: ECB } Message is broken into independent blocks of block_size bits; } Electronic Code Book (ECB): each block encrypted separately.
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #5 Sep 7 th 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Please sign up for class mailing list by end of today Quiz #1 will be on Thursday,
More informationQuestion: Total Points: Score:
University of California, Irvine COMPSCI 134: Elements of Cryptography and Computer and Network Security Midterm Exam (Fall 2016) Duration: 90 minutes November 2, 2016, 7pm-8:30pm Name (First, Last): Please
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 16 October 30, 2017 CPSC 467, Lecture 16 1/52 Properties of Hash Functions Hash functions do not always look random Relations among
More informationAttacks on hash functions. Birthday attacks and Multicollisions
Attacks on hash functions Birthday attacks and Multicollisions Birthday Attack Basics In a group of 23 people, the probability that there are at least two persons on the same day in the same month is greater
More informationImplementation of the RSA algorithm and its cryptanalysis. Abstract. Introduction
Implementation of the RSA algorithm and its cryptanalysis Chandra M. Kota and Cherif Aissi 1 University of Louisiana at Lafayette, College of Engineering Lafayette, LA 70504, USA Abstract Session IVB4
More informationSecurity Implications of Quantum Technologies
Security Implications of Quantum Technologies Jim Alves-Foss Center for Secure and Dependable Software Department of Computer Science University of Idaho Moscow, ID 83844-1010 email: jimaf@cs.uidaho.edu
More informationWinter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2
0368.3049.01 Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod Assignment #2 Published Sunday, February 17, 2008 and very slightly revised Feb. 18. Due Tues., March 4, in Rani Hod
More informationSecurity Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography
Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography Peter Schwabe October 21 and 28, 2011 So far we assumed that Alice and Bob both have some key, which nobody else has. How
More informationLecture Note 3 Date:
P.Lafourcade Lecture Note 3 Date: 28.09.2009 Security models 1st Semester 2007/2008 ROUAULT Boris GABIAM Amanda ARNEDO Pedro 1 Contents 1 Perfect Encryption 3 1.1 Notations....................................
More informationCryptography and Number Theory
Chapter 2 Cryptography and Number Theory 2.1 Cryptography and Modular Arithmetic 2.1.1 Introduction to Cryptography For thousands of years people have searched for ways to send messages in secret. For
More informationDan Boneh. Introduction. Course Overview
Online Cryptography Course Introduction Course Overview Welcome Course objectives: Learn how crypto primitives work Learn how to use them correctly and reason about security My recommendations: Take notes
More informationDTTF/NB479: Dszquphsbqiz Day 27
DTTF/NB479: Dszquphsbqiz Day 27 Announceents: Questions? This week: Discrete Logs, Diffie-Hellan, ElGaal Hash Functions and SHA-1 Birthday attacks Hash Functions Message (long) Cryptographic hash Function,
More informationNetwork Security Based on Quantum Cryptography Multi-qubit Hadamard Matrices
Global Journal of Computer Science and Technology Volume 11 Issue 12 Version 1.0 July Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals Inc. (USA) Online ISSN:
More informationStream ciphers I. Thomas Johansson. May 16, Dept. of EIT, Lund University, P.O. Box 118, Lund, Sweden
Dept. of EIT, Lund University, P.O. Box 118, 221 00 Lund, Sweden thomas@eit.lth.se May 16, 2011 Outline: Introduction to stream ciphers Distinguishers Basic constructions of distinguishers Various types
More informationChapter 2 : Perfectly-Secret Encryption
COMP547 Claude Crépeau INTRODUCTION TO MODERN CRYPTOGRAPHY _ Second Edition _ Jonathan Katz Yehuda Lindell Chapter 2 : Perfectly-Secret Encryption 1 2.1 Definitions and Basic Properties We refer to probability
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More information10 Public Key Cryptography : RSA
10 Public Key Cryptography : RSA 10.1 Introduction The idea behind a public-key system is that it might be possible to find a cryptosystem where it is computationally infeasible to determine d K even if
More informationH Definition - hash function. Cryptographic Hash Functions - Introduction. Cryptographic hash functions. Lars R. Knudsen.
Definition - hash function Cryptographic Hash Functions - Introduction Lars R. Knudsen April 21, 2008 Located in the southernmost part of Europe with an artic climate, Hotel Finse 1222 provides the perfect
More informationPublic-key Cryptography and elliptic curves
Public-key Cryptography and elliptic curves Dan Nichols nichols@math.umass.edu University of Massachusetts Oct. 14, 2015 Cryptography basics Cryptography is the study of secure communications. Here are
More informationHASH FUNCTIONS 1 /62
HASH FUNCTIONS 1 /62 What is a hash function? By a hash function we usually mean a map h : D {0,1} n that is compressing, meaning D > 2 n. E.g. D = {0,1} 264 is the set of all strings of length at most
More informationKlein s and PTW Attacks on WEP
TTM4137 Wireless Security Klein s and PTW Attacks on WEP Anton Stolbunov NTNU, Department of Telematics version 1, September 7, 2009 Abstract These notes should help for an in-depth understanding of the
More informationMulti-Map Orbit Hopping Chaotic Stream Cipher
Multi-Map Orbit Hopping Chaotic Stream Cipher Xiaowen Zhang 1, Li Shu 2, Ke Tang 1 Abstract In this paper we propose a multi-map orbit hopping chaotic stream cipher that utilizes the idea of spread spectrum
More informationSYMMETRIC ENCRYPTION. Mihir Bellare UCSD 1
SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = (K, E, D) consists of three algorithms: K and E may be randomized, but D must be deterministic. Mihir Bellare UCSD 2
More informationMathematical Foundations of Public-Key Cryptography
Mathematical Foundations of Public-Key Cryptography Adam C. Champion and Dong Xuan CSE 4471: Information Security Material based on (Stallings, 2006) and (Paar and Pelzl, 2010) Outline Review: Basic Mathematical
More informationA Pseudo-Random Encryption Mode
A Pseudo-Random Encryption Mode Moni Naor Omer Reingold Block ciphers are length-preserving private-key encryption schemes. I.e., the private key of a block-cipher determines a permutation on strings of
More informationFoundations of Network and Computer Security
Foundations of Network and Computer Security John Black Lecture #4 Sep 2 nd 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Please sign up for class mailing list Quiz #1 will be on Thursday, Sep 9 th
More informationAnalysis of SHA-1 in Encryption Mode
Analysis of SHA- in Encryption Mode [Published in D. Naccache, Ed., Topics in Cryptology CT-RSA 00, vol. 00 of Lecture Notes in Computer Science, pp. 70 83, Springer-Verlag, 00.] Helena Handschuh, Lars
More informationOne-way Hash Function Based on Neural Network
One-way Hash Function Based on Neural Network Shiguo Lian, Jinsheng Sun, Zhiquan Wang Department of Automation, Nanjing University of Science & echnology, Nanjing, 294, China, sg_lian@63.com Abstract A
More informationA block cipher enciphers each block with the same key.
Ciphers are classified as block or stream ciphers. All ciphers split long messages into blocks and encipher each block separately. Block sizes range from one bit to thousands of bits per block. A block
More informationEquivalences of Basic Cryptographic Functions
Chapter 6 Equivalences of Basic Cryptographic Functions In real world applications the basic cryptographic functions 1. Symmetric ciphers: (a) bitblock ciphers (b) bitstream ciphers 2. Asymmetric ciphers
More informationFinal Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.
Final Exam Math 10: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 0 April 2002 :0 11:00 a.m. Instructions: Please be as neat as possible (use a pencil), and show
More informationLogic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation
Quantum logic gates Logic gates Classical NOT gate Quantum NOT gate (X gate) A NOT A α 0 + β 1 X α 1 + β 0 A N O T A 0 1 1 0 Matrix form representation 0 1 X = 1 0 The only non-trivial single bit gate
More informationNumber Theory in Cryptography
Number Theory in Cryptography Introduction September 20, 2006 Universidad de los Andes 1 Guessing Numbers 2 Guessing Numbers (person x) (last 6 digits of phone number of x) 3 Guessing Numbers (person x)
More information