BCSE309L – Cryptography and Network

Security
M ODULE - 4

2
Hash Function

3
 Hash Function
• A cryptographic hash function is a mathematical function
used in cryptography.
• Typical hash functions take inputs of variable lengths to
return outputs of a fixed length.
• A hash function H accepts a variable-length block of data M
as input and produces a fixed-size hash value
h = H(M)
• A “good” hash function has the property that the results of
applying the function to a large set of inputs will produce
outputs that are evenly distributed and apparently random.
• The kind of hash function needed for security applications is
referred to as a cryptographic hash function.
4
Hash Function

5
 Hash Function
Applications:
– Message authentication
– Digital signature
Message authentication
• It is a mechanism or service used to verify the integrity of a
message.
• It assures that data received are exactly as sent (i.e., there is no
modification, insertion, deletion, or replay).
• In many cases, there is a requirement that the authentication
mechanism assures that purported identity of the sender is valid.
• When a hash function is used to provide message authentication,
the hash function value is often referred to as a message digest
6
 Hash Function

• The sender computes a hash value as a function of the

bits in the message and transmits both the hash value
and the message.
• The receiver performs the same hash calculation on
the message bits and compares this value with the
incoming hash value.
• If there is a mismatch, the receiver knows that the
message (or possibly the hash value) has been altered.

7
Hash Function

8
 Hash Function
• The general use of hashing is password checking.

• When the user enters the password, the hash of the

password is produced and compared with the hash in
the database.

• If both the hashes are equal then the user is enabled to

login else the user required to enter the password
again.
 Hash Function
• The hash value must be transmitted in a secure fashion.

• That is, the hash value must be protected so that if an

adversary alters or replaces the message, it is not feasible for
adversary to also alter the hash value to fool the receiver.

10
 Hash Function
• Alice transmits a data block and attaches a hash value.
• Darth intercepts the message, alters or replaces the data block, calculates and
attaches a new hash value.
• Bob receives the altered data with the new hash value and does not detect the
change.
• To prevent this attack, the hash value generated by Alice must be protected

11
 Hash Function
• Ways in which a hash code can be used to provide message
authentication
– The message plus concatenated hash code is encrypted using
symmetric encryption. Because only A and B share the secret
key, the message must have come from A and has not been
altered.
– The hash code provides the structure or redundancy required to
achieve authentication. Because encryption is applied to the
entire message plus hash code, confidentiality is also provided

(a) 12
 Hash Function
• Ways in which a hash code can be used to provide message
authentication
– Only the hash code is encrypted, using symmetric encryption.
This reduces the processing burden for those applications that
do not require confidentiality.

(b)
13
 Hash Function
• Ways in which a hash code can be used to provide message
authentication
– It is possible to use a hash function but no encryption for message
authentication.
– The technique assumes that the two communicating parties share a
common secret value S. A computes the hash value over the
concatenation of M and S and appends the resulting hash value to M.
Because B possesses S, it can re-compute the hash value to verify.
Because the secret value itself is not sent, an opponent cannot modify
an intercepted message and cannot generate a false message.

(c) 14
 Hash Function
• Ways in which a hash code can be used to provide message
authentication
– Confidentiality can be added to the approach of method (c) by
encrypting the entire message plus the hash code

(d)

15
When confidentiality is
not required, method (b)
has an advantage over
methods (a) and (d)

16
 Hash Function

• More commonly, message authentication is achieved

using a message authentication code (MAC), also
known as a keyed hash function

17
 Message Authentication Requirements
1. Disclosure: Release of message contents to any person or process not
possessing the appropriate cryptographic key.
2. Traffic analysis: Discovery of the pattern of traffic between parties.
In a connection-oriented application, the frequency and duration of
connections could be determined. In either a connection-oriented or
connectionless environment, the number and length of messages
between parties could be determined.
3. Masquerade: Insertion of messages into the network from a
fraudulent source.
4. Content modification: Changes to the contents of a message,
including insertion,
deletion, transposition, and modification.
5. Sequence modification: Any modification to a sequence of messages
between parties, including insertion, deletion, and reordering.
 Message Authentication Requirements
• A message digest guarantees the integrity of a message.
• It guarantees that the message has not been changed.
• Message authentication is provided in two ways
– Modification Detection Code (MDC)
– Message Authentication Code (MAC)
• Modification Detection Code (MDC)
• It is a message digest that can prove the integrity of the message: that
message has not been changed.

19
 Message Authentication Requirements

6. Timing modification: Delay or replay of messages. In a

connection-oriented application, an entire session or sequence
of messages could be a replay of some previous valid session,
or individual messages in the sequence could be delayed or
replayed. In a connectionless application, an individual
message (e.g., datagram) could be delayed or replayed.
7. Source repudiation: Denial of transmission of message by
source.
8. Destination repudiation: Denial of receipt of message by
destination

20
Message Authentication Code

21
 Message Authentication Code
• MAC = C(K, M)
• where
– M = input message
– C = MAC function
– K = shared secret key
– MAC = message authentication code
• The message plus MAC are transmitted to the intended recipient.
• The recipient performs the same calculation on the received message, using
the same secret key, to generate a new MAC.
• The received MAC is compared to the calculated MAC.
• If we assume that only the receiver and the sender know the identity of the
secret key, and if the received MAC matches the calculated MAC, then it
will accept otherwise, it will reject.

22
 Message Authentication Code
• Typically, MACs are used between two parties that share a
secret key to authenticate information exchanged between
those parties.
• A MAC function takes as input a secret key and a data block and
produces a hash value, referred to as the MAC, which is
associated with the protected message.
• If the integrity of the message needs to be checked, the MAC
function can be applied to the message and the result compared
with the associated MAC value.
• An attacker who alters the message will be unable to alter the
associated MAC value without knowledge of the secret key.
• Note that the verifying party also knows who the sending party is
because no one else knows the secret key.
23
 Hash Function
• Digital Signature
– It is similar to the message authentication application.
– The operation of the digital signature is similar to that of the
MAC.
– In the case of the digital signature, the hash value of a message
is encrypted with a user’s private key.
– Anyone who knows the user’s public key can verify the
integrity of the message that is associated with the digital
signature.
– In this case, an attacker who wishes to alter the message would
need to know the user’s private key.

24
 Hash Function
How a hash code is used to provide a digital signature
• The hash code is encrypted, using public-key encryption with the
sender’s private key.

25
 Hash Function
How a hash code is used to provide a digital signature
• If confidentiality as well as a digital signature is desired, then the
message plus the private-key-encrypted hash code can be encrypted
using a symmetric secret key.

26
 Requirements for Hash Functions

Hash value h = H(x)

Where
x  Preimage of h.
 data block whose hash value, using the function H,
is h.

• H is a many-to-one mapping, for any given hash value h,

there will in general be multiple preimages.
– For a single ‘h’, there may be many ‘x’
– A collision occurs if we have x ≠ y and H(x) = H(y).
27
 Requirements for Hash Functions
• Let us consider how many preimages are there for a given hash
value, which is a measure of the number of potential collisions
for a given hash value.
• Suppose the length of the hash code is n bits,
• Function H takes as input messages or data blocks of length b bits
with b > n.
– Then, the total number of possible messages is 2b
– Total number of possible hash values is 2n
– On average, each hash value corresponds to 2b-n preimages.
– If H tends to uniformly distribute hash values then, in fact,
each hash value will have close to 2b-n preimages

28
 Requirements for Hash Functions
Security Requirements for Cryptographic Hash Functions

29
 Requirements and Security of Hash Function

• Hash function can be used to a block of information of any size.

• H(x) is relatively simply to calculate for any given x, creating
both hardware and software implementation practical.
• For any given value, h, it is computationally impossible to find
x such that H(x) = h. This is defined as one-way property.
• For any given block x, it is computationally impossible to find
x’ such that H(x) = H(x’). This property is defined as weak
collision resistance.
• It is computationally impossible to find some pair (x, y) such
that H(x) = H(y). This property is called a strong collision
resistance.
(Two distinct input which hash to same output - Impossible)