References: Chapter 11
Cryptographic Hash Function
Motivation
Problem:
Naive signing of long messages generates a signature of same length.
Three Problems
Computational overhead
Message overhead
Security limitations
Solution:
Instead of signing the whole message, sign only a digest (=hash)
Also secure, but much faster
Needed:
Hash Functions
Digital Signature with a Hash Function
xi
Notes:
zi = h( xi || zi-1 ) x has fixed length
z, y have fixed length
z, x do not have equal length in general
z
h(x) does not require a key.
sigkprz) h(x) is public.
y = sigkpr(z)
Basic Protocol for Digital Signatures with a Hash Function:
z = h(x)
s = sigKpr(z)
(x, s)
z' = h(x)
verKpub(s,z')=true/false
Principal inputoutput behavior of hash functions
Content of this Chapter
Confidentiality &
Integrity
Relations
Other Hash Function Uses
to create a one-way password file
Hash Algorithms
MD5 - family
SHA-1: output - 160 Bit; input - 512 bit chunks of message x; (NIST 93-
95) Also The Hash of DSS
operations - bitwise AND, OR, XOR, complement und cyclic shifts.
RIPE-MD 160: output - 160 Bit; input - 512 bit chunks of message x;
operations like in SHA-1, but two in parallel and combinations of them
after each round.
That is Merkle-Damgard Strucure if the compression
function is collision resistant
31/23
SHA-512 Round Function
SHA-512 Round Function
SHA-1: Internals of a Round
NIST issued a Federal Register Notice in November 2007 for candidate hash algorithms
for public comment
NIST received 64 entries from cryptographers around the world by October 31, 2008
NIST announced five third-round candidates, BLAKE, Grstl, JH, KECCAK & Skein, to
enter the final round of the competition
37
SHA-3 Hash Function
38
New Attacks on SHA-3
Asiacrypt 2012,
39
40
41
Further Informations: Hash-Funktionen