More Related Content
What's hot (20)
Similar to Public Key Encryption & Hash functions (20)
More from Dr.Florence Dayana (20)
Recently uploaded (20)
Public Key Encryption & Hash functions
- 1. NETWORK SECURITY Name of the Staff : M.FLORENCE DAYANA M.C.A.,M.Phil.,(Ph.D)., Head, Dept. of CA Bon Secours College For Women Thanjavur. Class : II MSc., CS Semester : III Unit : III Topic : Public key Encryption and Hash Functions 2/15/20191
- 2. public-key Encryption Public-key encryption is a cryptographic system that uses two keys -- a public key known to everyone and a private or secret key known only to the recipient of the message. Example: When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt it. An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the public key.
- 3. Public key encryption is a form of encryption that uses two keys. A public key, which everyone knows, and a private key, which only you know. To encrypt, the public key is applied to the target information, using a predefined operation (several times), to produce a pseudo-random number. To decrypt, the private key is applied to the pseudo-random number, using a different predefined operation (several times), to get the target information back. The algorithm relies on the fact that encryption is easy, and decryption is hard, making decryption impractical without the key. It was the first system to allow secure information transfer, without a shared Key.
- 4. Hash Functions • A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value • h = H(M) • Principal object is data integrity • Cryptographic hash function • An algorithm for which it is computationally infeasible to find either: (a) a data object that maps to a pre-specified hash result (the one-way property) (b) two data objects that map to the same hash result (the collision-free property)
- 8. Message Authentication Code (MAC) • Also known as a keyed hash function • Typically used between two parties that share a secret key to authenticate information exchanged between those parties Takes as input a secret key and a data block and produces a hash value (MAC) which is associated with the protected message •If the integrity of the message needs to be checked, the MAC function can be applied to the message and the result compared with the associated MAC value •An attacker who alters the message will be unable to alter the associated MAC value without knowledge of the secret key
- 9. Digital Signature • Operation is similar to that of the MAC • The hash value of a message is encrypted with a user’s private key • Anyone who knows the user’s public key can verify the integrity of the message • An attacker who wishes to alter the message would need to know the user’s private key • Implications of digital signatures go beyond just message authentication
- 11. Other Hash Function Uses Commonly used to create a one-way password file When a user enters a password, the hash of that password is compared to the stored hash value for verification This approach to password protection is used by most operating systems Can be used for intrusion and virus detection Store H(F) for each file on a system and secure the hash values One can later determine if a file has been modified by recomputing H(F) An intruder would need to change F without changing H(F) Can be used to construct a pseudorandom function (PRF) or a pseudorandom number generator (PRNG) A common application for a hash-based PRF is for the generation of symmetric keys
- 12. Two Simple Hash Functions • Consider two simple insecure hash functions that operate using the following general principles: • The input is viewed as a sequence of n-bit blocks • The input is processed one block at a time in an iterative fashion to produce an n-bit hash function • Bit-by-bit exclusive-OR (XOR) of every block • Ci = bi1 xor bi2 xor . . . xor bim • Produces a simple parity for each bit position and is known as a longitudinal redundancy check • Reasonably effective for random data as a data integrity check • Perform a one-bit circular shift on the hash value after each block is processed • Has the effect of randomizing the input more completely and overcoming any regularities that appear in the input
- 14. Requirements and Security • x is the preimage of h for a hash value h = H(x) • Is a data block whose hash function, using the function H, is h • Because H is a many-to- one mapping, for any given hash value h, there will in general be multiple preimages • Occurs if we have x ≠ y and H(x) = H(y) • Because we are using hash functions for data integrity, collisions are clearly undesirable
- 15. Table 11.1 Requirements for a Cryptographic Hash Function H (Table can be found on page 323 in textbook.)
- 17. * Resistance required if attacker is able to mount a chosen message attack Table 11.2 Hash Function Resistance Properties Required for Various Data Integrity Applications
- 18. Attacks on Hash Functions • Does not depend on the specific algorithm, only depends on bit length • In the case of a hash function, attack depends only on the bit length of the hash value • Method is to pick values at random and try each one until a collision occurs • An attack based on weaknesses in a particular cryptographic algorithm • Seek to exploit some property of the algorithm to perform some attack other than an exhaustive search
- 19. Birthday Attacks • For a collision resistant attack, an adversary wishes to find two messages or data blocks that yield the same hash function • The effort required is explained by a mathematical result referred to as the birthday paradox • How the birthday attack works: • The source (A) is prepared to sign a legitimate message x by appending the appropriate m-bit hash code and encrypting that hash code with A’s private key • Opponent generates 2m/2 variations x’ of x, all with essentially the same meaning, and stores the messages and their hash values • Opponent generates a fraudulent message y for which A’s signature is desired • Two sets of messages are compared to find a pair with the same hash • The opponent offers the valid variation to A for signature which can then be attached to the fraudulent variation for transmission to the intended recipient • Because the two variations have the same hash code, they will produce the same signature and the opponent is assured of success even though the encryption key is not known
- 21. Hash Functions Based on Cipher Block Chaining • Can use block ciphers as hash functions • Using H0=0 and zero-pad of final block • Compute: Hi = E(Mi Hi-1) • Use final block as the hash value • Similar to CBC but without a key • Resulting hash is too small (64-bit) • Both due to direct birthday attack • And “meet-in-the-middle” attack • Other variants also susceptible to attack
- 22. Secure Hash Algorithm (SHA) • SHA was originally designed by the National Institute of Standards and Technology (NIST) and published as a federal information processing standard (FIPS 180) in 1993 • Was revised in 1995 as SHA-1 • Based on the hash function MD4 and its design closely models MD4 • Produces 160-bit hash values • In 2002 NIST produced a revised version of the standard that defined three new versions of SHA with hash value lengths of 256, 384, and 512 • Collectively known as SHA-2
- 23. Note: All sizes are measured in bits. Table 11.3 Comparison of SHA Parameters
- 26. Table 11.4 SHA-512 Constants (Table can be found on page 333 in textbook)
- 29. (Figure can be found on page 337 in textbook) SHA-512 Logic
- 30. SHA-3 SHA-1 has not yet been "broken” • No one has demonstrated a technique for producing collisions in a practical amount of time • Considered to be insecure and has been phased out for SHA-2 SHA-2 shares the same structure and mathematical operations as its predecessors so this is a cause for concern • Because it will take years to find a suitable replacement for SHA-2 should it become vulnerable, NIST decided to begin the process of developing a new hash standard NIST announced in 2007 a competition for the SHA-3 next generation NIST hash function • Winning design was announced by NIST in October 2012 • SHA-3 is a cryptographic hash function that is intended to complement SHA-2 as the approved standard for a wide range of applications
- 31. The Sponge Construction • Underlying structure of SHA-3 is a scheme referred to by its designers as a sponge construction • Takes an input message and partitions it into fixed-size blocks • Each block is processed in turn with the output of each iteration fed into the next iteration, finally producing an output block • The sponge function is defined by three parameters: • f = the internal function used to process each input block • r = the size in bits of the input blocks, called the bitrate • pad = the padding algorithm
- 40. Summary • Applications of cryptographic hash functions • Message authentication • Digital signatures • Other applications • Requirements and security • Security requirements for cryptographic hash functions • Brute-force attacks • Cryptanalysis • Hash functions based on cipher block chaining • Secure hash algorithm (SHA) • SHA-512 logic • SHA-512 round function • SHA-3 • The sponge construction • The SHA-3 Iteration Function f