### Hash function

```

1.
2.
3.
CRYPTOGRAPHIC HASH FUNCTIONS
MESSAGE AUTHENTICATION CODES
DIGITAL SIGNATURES
2
Applications of Cryptographic Hash Functions
 Two Simple Hash Functions
 Requirements and Security
 Hash Functions Based on Cipher Block Chaining
 Secure Hash Algorithm (SHA)
 SHA-3

3
A hash function maps a variable-length message into a
fixed-length hash value, or message digest.
 Virtually all cryptographic hash functions involve the
iterative use of a compression function.
 The compression function used in secure hash algorithms
falls into one of two categories: a function specifically
designed for the hash function or an algorithm based on a
symmetric block cipher. SHA and Whirlpool are
examples of these two approaches, respectively.

4
A hash function H accepts a variable-length block of data
as input and produces a fixed-size hash value h=H(M). A
“good” hash function has the property that the results of
applying the function to a large set of inputs will produce
outputs that are evenly distributed and apparently random.
 A cryptographic hash function is an algorithm for which it
is computationally infeasible (because no attack is
significantly more efficient than brute force) to find either
(a) a data object that maps to a pre-specified hash result
(the one-way property) or (b) two data objects that map to
the same hash result (the collision-free property).

5
6
Message Authentication

The message plus concatenated hash code is encrypted
using symmetric encryption. Because only A and B share
the secret key, the message must have come from A and
has not been altered. The hash code provides the structure
or redundancy required to achieve authentication. Because
encryption is applied to the entire message plus hash
code, confidentiality is also provided
7

Only the hash code is encrypted, using symmetric
encryption. This reduces the processing burden for those
applications that do not require confidentiality.
8

It is possible to use a hash function but no encryption for
message authentication. The technique assumes that the two
communicating parties share a common secret value S. A
computes the hash value over the concatenation of M and S
and appends the resulting hash value to M. Because B
possesses S, it can recompute the hash value to verify. Because
the secret value itself is not sent, an opponent cannot modify an
intercepted message and cannot generate a false message.
9
 Confidentiality
can be added to the approach of
method (c) by encrypting the entire message plus
the hash code.
10
11
12
Message Authentication Requirements
 Message Authentication Functions
 Requirements for Message Authentication Codes
 Security of MACs
 MACs Based on Hash Functions: HMAC
 MACs Based on Block Ciphers: DAA and CMAC
 Authenticated Encryption: CCM and GCM
 Pseudorandom Number Generation Using Hash Functions
and Macs

13
Message authentication is a mechanism or service used to
verify the integrity of a message. Message authentication
assures that data received are exactly as sent by (i.e.,
contain no modification, insertion, deletion, or replay)
and that the purported identity of the sender is valid.
 Symmetric encryption provides authentication among
those who share the secret key.

14
A message authentication code (MAC) is an algorithm
that requires the use of a secret key. A MAC takes a
variable-length message and a secret key as input and
produces an authentication code. A recipient in possession
of the secret key can generate an authentication code to
verify the integrity of the message.
 One means of forming a MAC is to combine a
cryptographic hash function in some fashion with a secret
key.
 Another approach to constructing a MAC is to use a
symmetric block cipher in such a way that it produces a
fixed-length output for a variable-length input.
15

1.
2.
3.
4.
Disclosure: Release of message contents to any person
or process not possessing the appropriate cryptographic
key.
Traffic analysis: Discovery of the pattern of traffic
between parties…
Masquerade: Insertion of messages into the network
from a fraudulent source …
Content modification: Changes to the contents of a
message, including insertion, deletion, transposition, and
modification.
16
5.
6.
7.
8.
Sequence modification: Any modification to a sequence
of messages between parties, including insertion,
deletion, and reordering.
Timing modification: Delay or replay of messages.
Source repudiation: Denial of transmission of message
by source.
Destination repudiation: Denial of receipt of message
by destination.
17
Hash function: A function that maps a message of any
length into a fixed-length hash value, which serves as the
authenticator.
 Message encryption: The ciphertext of the entire
message serves as its authenticator.
 Message authentication code (MAC): A function of the
message and a secret key that produces a fixed-length
value that serves as the authenticator.

18
19
20
21
22
Brute-Force Attacks
 Cryptanalysis

23
24
25
26
27
28
29
Digital Signatures
 ElGamal Digital Signature Scheme
 Schnorr Digital Signature Scheme
 Digital Signature Standard

30
A digital signature is an authentication mechanism that
enables the creator of a message to attach a code that acts
as a signature. Typically the signature is formed by taking
the hash of the message and encrypting the message with
the creator’s private key. The signature guarantees the
source and integrity of the message.
 The digital signature standard (DSS) is an NIST standard
that uses the secure hash algorithm (SHA).

31
32
33
34
35
36
37
38
39
40
```