ppt

HASH ALGORITHMS
- Chapter 12
•
MD5
•
SHA
•
RIPEMD-160
•
HMAC
MD5
•
Message Digest
•
Compression
•
Elementary Operations
MESSAGE DIGEST GENERATION
MD5
M essage length
(K mod 2 64 )
Padding
(1 to 512 bits)
L ´ 512 bits = N ´ 32 bits
K bits
M essage
512 bits
512 bits
Y0
Y1
512
128
IV
512 bits
¥¥¥
512
128
H MD5
512 bits
¥¥¥
Yq
512
128
H MD5
CV1
100...0
H MD5
CVq
Y LÐ1
512
128
H MD5
CVLÐ1
128-bit
digest
Figur e 12.1 Message Digest Gener ation Using MD5
MD5 COMPRESSION FUNCTION
Yq
CV q
128
512
32
A
B
C
D
,
T[1...16],
X[i]
F
16 steps
A
B
C
D
G, T[17...32], X[r 2i]
16 steps
A
B
C
D
H, T[33...48], X[r 3i]
16 steps
A
+
B
C
I , T[49...64], X[r
16 steps
+
+
D
]
4i
+
128
Not e:
addit ion (+) i s mod 2 32
CV q+1
Fi gur e 12.2 M D5 Pr ocessing of a Single 512-bi t Bl ock
ELEMENTARY MD5 OPERATION
A
B
+
X[k]
+
T [i]
+
C
D
g
CL Ss
+
A
Fi gur e 12.3
B
C
D
El ementar y M D5 Oper ation (singl e step)
KEY ELEMENTS OF MD5
•
Table 9.1 – truth table
B C D || F G H I
-------------------------------------0 0 0 || 0 0 0 1
0 0 1 || 1 0 1 0
0 1 0 || 0 1 1 0
0 1 1 || 1 0 0 1
1 0 0 || 0 0 1 1
1 0 1 || 0 1 0 1
1 1 0 || 1 1 0 0
1 1 1 || 1 1 1 0
SECURE HASH ALGORITHM
SHA-1
•
Message Digest
• Compression
• Elementary Operations
SHA-1 COMPRESSION FUNCTION
Yq
CVq
160
512
32
A
B
C
D
E
f 1, K, W[0...19]
20 steps
A
B
C
D
E
f 2, K, W[20...39]
20 steps
A
B
C
D
E
f 3, K, W[40...59]
20 steps
A
B
C
D
E
f 4, K, W[60...79]
20 steps
+
+
+
+
+
160
Note: addition (+) i s mod 2
CV q+1
Fi gur e 12.5
SHA-1 Pr ocessing of a Singl e 512-bi t Bl ock
(SHA-1 Compr ession Function)
32
ELEMENTARY SHA OPERATION
A
B
C
D
+
ft
+
5
S
S30
A
E
B
C
D
+
Wt
+
Kt
E
Figur e 12.6 Elementar y SHA Oper ation (single step)
TRUTH TABLE for ft – SHA-1
B
C
D
||
f
f
f
f
0..19
20..39
40..59
60..79
----------------------------------------------------------------------------
0
0
0
0
1
1
1
1
0
0
1
1
0
0
1
1
0
1
0
1
0
1
0
1
|
|
|
|
|
|
|
|
0
1
0
1
0
0
1
1
0
1
1
0
1
0
0
1
0
0
0
1
0
1
1
1
0
1
1
0
1
0
0
1
CREATION OF 80-WORD I/P
512 bits
W 0 W 2 W 8 W 13
W t-16 W t-14 W t-8 W t-3
XOR
XOR
XOR
S1
S1
S1
W 63 W 65 W 71 W 76
Yq
W0
W1
¥¥¥
W 15
W 16
¥¥¥
Wt
¥¥¥
Figure 12.7 Creation of 80-word Input Sequence for SHA-1 Processing of Single Block
W 79
Comparison: MD5 vs SHA1
MD5 message digest – 128 bits
SHA-1 message digest – 160 bits
Find two messages with same digest:
64
MD5 – 2 operations
SHA-1 - 280 operations
NEW SHA ALGORITHMS
• SHA-256
• SHA-384
• SHA-512
message digest lengths: 256, 384, 512
to provide compatibility with AES
(see Tables 12.3 and 12.4)
RIPEMD - 160
•
Message Digest
• Compression
• Elementary Operations
RIPEMD – 160
COMPRESSION FUNCTION
CVq
Yq
Yq
f 5, K '1, X i
16 steps
f 1, K 1, X i
16 steps
A
B
C
D
E
A'
B
C
D
E
A'
B
C
D
E
A'
B
C
D
E
A'
B'
C'
D'
E'
B'
C'
D'
E'
B'
C'
D'
E'
' , X r 4p(i )
f 1, K 5
16 steps
f 5, K 5, X r 4(i )
16 steps
+
+
+
CV q+1
Fi gur e 12.8
E'
' , X r 3p(i )
f 2, K 4
16 steps
f 4, K 4, X r 3(i )
16 steps
A
D'
' , X r 2p(i )
f 3, K 3
16 steps
f 3, K 3, X r 2(i )
16 steps
A
C'
' , X r p(i )
f 4, K 2
16 steps
f 2, K 2, X r (i )
16 steps
A
B'
+
+
Note: addi tion (+) i s mod 2 32
RI PEM D-160 Pr ocessing of a Singl e 512-bi t Bl ock
(RI PEM D-160 Compr ession Function)
RIPEMD – 160
ELEMENTARY OPERATION
A
B
+
C
D
E
D
E
fj
+
Xi
+
Kj
r ol s(j)
r ol 10
+
A
B
C
Fi gur e 12.9 El ementar y RI PEM D-160 Oper ation (singl e step)
RIPEMD – 160 - data
Tables 12.5 – 12.9
HASH FUNCTIONS - comparisons
Table 12.8 - comparison
Table 12.9 - relative performance
HMAC – a MAC from a HASH
Why?
Hash functions (e.g. MD5, SHA-1)
execute faster than Sym. Key (e.g. DES)
HMAC combines HASH with Secret Key
to make a MAC
HMACK(M) = H[(K+ + opad)||H[K+ + ipad)||M]]
Security(H)  Security(HMAC)
HMAC STRUCTURE
K+
ipad
»
b bits
b bits
Y0
Y1
Si
IV
K+
n bits
b bits
¥
¥
¥
H ash
n bits
opad
H(Si || M)
»
b bits
pad to b bits
So
IV
n bits
H ash
n bits
HMAC K(M)
Fi gur e 12.10
HM AC Str uctur
e
YL Ð1
EFFICIENT IMPLEMENTATION of
HMAC
Pr ecomputed
K+
Computed per message
ipad
»
Si
b bits
b bits
Y0
Y1
b bits
¥ ¥
¥
b bits
IV
n bits
f
K
Hash
n bits
+
opad
H(Si || M)
»
pad to b bits
So
b bits
IV
f
n bits
f
n bits
HMAC K(M)
Fi gur e 12.11
Effici ent I mpl ementation of HM AC
YLÐ1

Download Report

ppt

Paperzz.com

Your Paperzz