CNS M4L1 Hash
CNS M4L1 Hash
Network Security
CNS_M4L1_Hash Functions
Data Integrity and Source
Authentication
CNS: DrPS
Hash Functions
◼ A hash function maps a message of an arbitrary length to a m-
bit output
◼ output known as the fingerprint or the message digest
CNS: DrPS
Cryptographic hash function
◼ A Cryptographic hash function: is an algorithm for
which it is computationally infeasible to find either
◼ (a) a data object that maps to a pre-specified hash
result (the one-way property) or
◼ (b) two data objects that map to the same hash result
(the collision-free property).
◼ Because of these characteristics, hash functions are
often used to determine whether or not data has
changed.
CNS: DrPS
Applications of Cryptographic
Hash Functions:
(1) Message authentication,
(2) Digital Signature,
(3) One-way password file,
(4) Intrusion detection,
(5) Virus detection,
(6) Pseudorandom number generation.
CNS: DrPS
Attacks on Hash Functions
◼ 1) Birthday Attack: the probability that in a set of n randomly
chosen people, some pair of them will have the same birthday.
Applied to hash function attacks, this means you have a 50%
chance to break the collision resistance.
◼ 2) Brute-Force Attack: is to pick values of y at random and try
each value until a collision occurs.
◼ 3) Preimage and Second Preimage Attack: For a preimage or
second preimage attack, an adversary wishes to find a value y
such that H(y) is equal to a given hash value h.
◼ 4) Collision Attack: For a collision resistant attack, an adversary
wishes to find two messages or data blocks, x and y, that yield
the same hash function.
CNS: DrPS
Security Requirements for
Cryptographic Hash Functions
Given a function h:X →Y, then we say that h is:
◼ preimage resistant (one-way):
if given y Y it is computationally infeasible to find a value x X s.t. h(x)
=y
◼ 2-nd preimage resistant (weak collision resistant):
if given x X it is computationally infeasible to find a value x’ X, s.t.
x’x and h(x’) = h(x)
◼ collision resistant (strong collision resistant):
if it is computationally infeasible to find two distinct values x’,x X, s.t.
h(x’) = h(x)
|Y |
CNS:
CS526 Topic 5: Hash Functions and
Message Authentication DrPS
Merkle-Damgard Construction
for Hash Functions
• Message is divided into fixed-size blocks and padded
• Uses a compression function f, which takes a chaining variable (of
size of hash output) and a message block, and outputs the next
chaining variable
• Final chaining variable is the hash value
CNS: DrPS