CSE446 Lecture 3
CSE446 Lecture 3
ID || x Y
ID || x + 1
H(.)
ID || x + 2
ID || x + 3
Family of hash functions
• MD5 (Message Digest 5) -> Currently considered broken!
• Secure Hashing Algorithm 1 (SHA-1) -> Currently considered
broken!
• Secure Hashing Algorithm 2/3 (SHA-2/3) -> safe to use, SHA-3
preferrable
SHA-256 (SHA-2)
Break the message in the multiples of 512 bits, pad 0s in the last block to make it a 512 bit block
Merkle-Damgard
Construction
https://www.mdpi.com/entropy/entropy-21-00577/article_deploy/html/images/entropy-21-00577-g001-550.jpg
1.2 Hash Pointers and Data Structures
In this section, we’re going to discuss hash pointers and their applications.
Hash pointer structure that turns out to be useful in many of the systems that we will tal
simply a pointer to where some information is stored together with a crypt
• A hash pointerinformation.
is Whereas a regular pointer gives you a way to retrieve the info
• a pointer to also givessome
where you a way to verify that
information isthe information hasn’t changed.
stored
• together with a cryptographic hash of
the information
• We can use a hash pointer
• to get the info back, and
• to verify that it hasn’t changed
Figure 1.4 Hash pointer. A hash pointer is a pointer to where data is stored
cryptographic hash of the value of that data at some fixed point in time.
Linked list with hash pointer
Figure 1.5 Block chain. A block chain is a linked list that is built with hash pointers instead of pointers.
Temper-evident log
Linked list with hash pointer
Figure 1.6 Tamper‐evident log. If an adversary modifies data anywhere in the block chain, it will result
in the hash pointer in the following block being incorrect. If we store the head of the list, then even if
the adversary modifies all of the pointers to be consistent with the modified data, the head pointer
Linked list with hash pointer
Blockchain!
Figure 1.6 Tamper‐evident log. If an adversary modifies data anywhere in the block chain, it will result
in the hash pointer in the following block being incorrect. If we store the head of the list, then even if
the adversary modifies all of the pointers to be consistent with the modified data, the head pointer
Merkle tree
• A Merkle Tree (due to Ralph Merkle) is a data structure using
cryptographic hashes, basically a binary tree with hash pointers
• It is used as an efficient and secure way to verify large data
structures
• It especially provides an efficient way to
• prove that a certain data block is contained in a Merkle Tree (Proof of
Membership) in O(log n) time/space
• prove that a certain data block is not contained in a sorted Merkle
Tree (Proof of Non Membership) in O(log n) time/space
Merkle tree
Figure 1.7 Merkle tree. In a Merkle tree, data blocks are grouped in pairs and the hash of each of
Merkle tree (proof of membership)
https://drek4537l1klr.cloudfront.net/wong/v-9/Figures/proof_of_membership.png
Bloom filter
• A Bloom filter is a probabilistic data structure which allows to test if an element
Bloom filters
is a member of a set
A Bloom filter is a probabilistic data structure which allows to test if an element is a member of a set.
• How would
How wouldyou check
you check if anif an element
element is a memberisof a member of a set?
a set?
Traditional approach: e ∈ S?
Apple;Apricot;Avocado;Banana;Blackberry;
Blueberry;Coconut;Cranberry;Cucumber;D
Set S: amson;Dragonfruit;Grape;Raisin;Grapefruit
;Lemon;Lime;Lychee;Mango;Melon;Cantal
oupe;Honeydew;Watermelon;Miracle fruit
Element e: Lime
What to do?
02 Cryptographic Basics - Gallersdörfer, U., Holl, P., & Matthes, F. (2020). "Blockchain-based Systems Engineering". Lecture Slides. TU Munich. CC BY-SA 4.0 21
Bloom filter
• A Bloom filter
Bloomisfilters
a probabilistic
(cont.) data structure which allows to test if 𝑒 ∈ 𝑆
• It is setAup asfilter
Bloom a bit array data structure which allows to test if an element e is a member of a set S. It is
is a probabilistic
set up as a bit array.
• A query to the filter either returns
A query to the filter either returns
• True (“e• possibly in set S”)
True (“e possibly in set S”)
• False (“e definitely
• False not
(“e definitely not in set
in set S”) S”)
0 1 2 3 4 5 6 7 8 9 A B C D E F h1= MD5{0}
h2= SHA-1{0}
h3= SHA-2{0}
n=16 baskets
1Out of simplicity, we only consider the first character of the resulting hash.
Bloom Filters were introduced in Bitcoin in 2012 with the BIP 37.We will learn about BIPs later.
Further information about Bloom Filters: Gervais, Arthur, et al. "On the privacy provisions of bloom filters in lightweight bitcoin clients." Proceedings of the 30th Annual Computer Security Applications Conference. ACM, 2014.
02 Cryptographic Basics - Gallersdörfer, U., Holl, P., & Matthes, F. (2020). "Blockchain-based Systems Engineering". Lecture Slides. TU Munich. CC BY-SA 4.0 22
Bloom filter: phase 0
Bloom filter internals: Phase 0
Set Information Hashing results
Set S: empty
h1=
h2=
h1= MD5{0}
h3=
Element e: empty h2= SHA-1{0}
h3= SHA-2{0}
Explicit State
0 1 2 3 4 5 6 7 8 9 A B C D E F
Set S: apple
h1= 1F3870BE274F6…
h2= D0BE2DC421BE…
h1= MD5{0}
h3= 3A7BD3E2360A…
Element e: apple h2= SHA-1{0}
h3= SHA-2{0}
Explicit State
0 1 2 3 4 5 6 7 8 9 A B C D E F
02 Cryptographic Basics - Gallersdörfer, U., Holl, P., & Matthes, F. (2020). "Blockchain-based Systems Engineering". Lecture Slides. TU Munich. CC BY-SA 4.0 24
Bloom filter: phase 1
Bloom filter internals: Phase 1
Set Information Hashing results
Explicit State
0 1 2 3 4 5 6 7 8 9 A B C D E F
02 Cryptographic Basics - Gallersdörfer, U., Holl, P., & Matthes, F. (2020). "Blockchain-based Systems Engineering". Lecture Slides. TU Munich. CC BY-SA 4.0 25
Bloom filter: phase 1
Bloom filter internals: Phase 1
Set Information Hashing results
Explicit State
0 1 2 3 4 5 6 7 8 9 A B C D E F
02 Cryptographic Basics - Gallersdörfer, U., Holl, P., & Matthes, F. (2020). "Blockchain-based Systems Engineering". Lecture Slides. TU Munich. CC BY-SA 4.0 26
Bloom filter: phase 2
Bloom filter internals: Phase 2
Set Information Hashing results
Explicit State
0 1 2 3 4 5 6 7 8 9 A B C D E F
02 Cryptographic Basics - Gallersdörfer, U., Holl, P., & Matthes, F. (2020). "Blockchain-based Systems Engineering". Lecture Slides. TU Munich. CC BY-SA 4.0 27
Bloom filter: phase 2
Bloom filter internals: Phase 2
Set Information Hashing results
Explicit State
0 1 2 3 4 5 6 7 8 9 A B C D E F
02 Cryptographic Basics - Gallersdörfer, U., Holl, P., & Matthes, F. (2020). "Blockchain-based Systems Engineering". Lecture Slides. TU Munich. CC BY-SA 4.0 28
Bloom filter: phase 2
Bloom filter internals: Phase 2
Set Information Hashing results
Explicit State
0 1 2 3 4 5 6 7 8 9 A B C D E F
False positive generations occur in Bloom filters. The probability of their occurrence depends on
the number of buckets n and the number of hash functions h.
02 Cryptographic Basics - Gallersdörfer, U., Holl, P., & Matthes, F. (2020). "Blockchain-based Systems Engineering". Lecture Slides. TU Munich. CC BY-SA 4.0 29
Bloom
Solved: filter
Recommend articles in a news page the user has not seen.
What to do?
02 Cryptographic Basics - Gallersdörfer, U., Holl, P., & Matthes, F. (2020). "Blockchain-based Systems Engineering". Lecture Slides. TU Munich. CC BY-SA 4.0 30
Symmetric encryption
3.1 / SYMMETRIC CIPHER MODEL 87
Secret key shared by Secret key shared by
sender and recipient sender and recipient
K K
Transmitted
X ciphertext
Y = E(K, X ) X = D(K, Y )
Plaintext Plaintext
Encryption algorithm Decryption algorithm
input output
(e.g., AES) (reverse of encryption
algorithm)
Figure 3.1 Simplified Model of Symmetric Encryption
The main issue is key-management!
■ Ciphertext: This is the scrambled message produced as output. It depends on
the plaintext and the secret key. For a given message, two different keys will
produce two different ciphertexts. The ciphertext is an apparently random
Symmetric encryption
88 CHAPTER 3 / CLASSICAL ENCRYPTION TECHNIQUES
X
Cryptanalyst
K
Secure channel
Key
source
4. Se 3. Encrypt doc/text
n d the using public key
encr
ypte
d text
5. Decrypt the text
using the private key
Public key cryptography: encryption 9.1 / PRINCIPLES OF PUBLIC-KEY CRYPTOSYSTEMS 287
Bobs's
public-key
ring
Joy
Ted
Mike Alice
Transmitted X=
X ciphertext D[PRa, Y]
Y = E[PUa, X]
Plaintext Plaintext
Encryption algorithm Decryption algorithm
input output
(e.g., RSA)
Alice's
public key
Public key cryptography: digital signature
• Digital signatures are based on asymmetric cryptography
algorithms like RSA or ECC
• We need two properties of (analogue) signatures to hold in
the digital world:
• Only an entity is able to create a signature of its own, but
everyone can verify it
• This signature is tied to data that gets signed. A signature
cannot be used for different data
Digital signature: definition
• Three algorithms:
• (sk, pk) := generateKeys(keysize)
• sk is the secret key and is used to sign messages. pk is the public key and is given to
everyone. With the pk, they can verify the signature
• sig := sign(sk, message)
• The sign method takes the message and the secret key, sk, as input and returns a signature
for message under sk
• isValid := verify(pk, message, sig)
• The verify method takes a message, a signature, and a public key as input
• It will return true if the signature was generated out of the message and the secret key,
otherwise false
• Such that verify(pk, message, sign(sk, message)) == true and signatures are
unforgeable
Digital signature: definition
generateKeys
Bob 2. Share public key Alice
verify
Hashing Hashing
Identity 2 Identity 2
Hashing Hashing
Identity 3 Identity 3
ANY QUESTION?