MAC and

SHA
Message Authentication
Code (MAC)
 is a technique that involves the use of a secret
key to generate a small block of data, known as a
message authentication code , that is appended
to the message.
 It used to verify data integrity and authenticity of
a message
 A MAC requires two inputs: a message and
a secret key known only to the originator of the
message and its intended recipient.
MAC (Continue….)

 This allows the recipient of the message to

verify the integrity of the message and
authenticate that the message's sender has
the shared secret key.
 If a sender doesn’t know the secret key, the hash
value would then be different, which would tell the
recipient that the message was not from the original
sender.
Diagram…..
What is SHA

 SHA stands for Secure Hash Algorithm

 It is based off the Merkle-Dangard hash function
 There are 3 versions of it with one coming in 2012
 SHA-0
 SHA-1
 SHA-2
 SHA-3
 SHA-1 and SHA-2 were designed by the National Security
Agency (NSA)
SHA-0

 SHA-0 is a 160-bit hash function

 Itwas briefly introduced in 1993 and
quickly was revoked
 Itwas revoked due to flaws in the
system
 Runs in 80 rounds
SHA-1(Secured Hash Algorithm)

Part of Hashing
Hashing is used to check Integrity of the given message
Limitations
Message input size<256 bits in length
Hash code received is of size 160 bits
Properties
 One Way Property Uniqueness

MESSAG
MESSAGE
E
MESSAG
E

H H H

HASH
H
DIFFERENT
CODE H HASH
CODES
H
STEPS INVOLVED IN SHA-1

 SHA process is divided into Folowing five Steps

1-Padding
2-Append Length
3-Division Of Message into Blocks Of 512 Bits
Initializing Chaining Variables(5 variables of 32 bits(5*32=160 bits )
5-Processing
i-Copy Variables To Registers(message of 512 bits)
ii-Division of 512 bits blocks into Blocks of 32 bits(16 blocks of 32
bits)
iii-Process or 4 rounds(eeach round is of 20 steps,total 80
iterations)
1-Padding

 Divide the given message into multiple of 512 bits

 This message( of 512 bits)but it should be 64 bits less then 512 bits
 E.g we have message of 1000 bits
 What would be multiple of 512 bits????
 512 bits
 1024 bits
 1536 bits
Padding

How many of extra bits would be padded?????

1024-1000=24 bits

But we have to make it 64 bits less

If we subtract 64 bits the answer will be a negative number
Now we will consider next multiple of 512 i.e 5136
1536-1000=536 bits
536 -64= 472 bits(padding bit for a given 1000 bits message)
 Padding
ORIGINAL (472bits=1st
MESSAGE
bit 1,remaining
0)

ORIGINAL PADDIN
MESSAGE
G
100 bits+472
bits=1472bits
 APPEND LENGTH

ORIGINAL MESSAGE PADDING APPEND LENGTH

1000+472=1472 bits
64 bits

1536 bits
STEP 3(Message Division into Blocks
of 512 bits)

ORIGINAL MESSAGE( )

Block 1(512 Block 2(512 Block

bits) bits) 3(512 bits)
STEP 4 (Initializing Chaining
Variable)
 We have 3 registers
 A 01 23 45 67
 B 89 AB CD EF
 C FE DC BA 98
 D 76 54 32 10
 E C3 D2 E1 F0
STEP 5 (PROCESS)

 1. TAKE 1 BLOCK OF 512 BITS FROM STEP NO. 3

 2. DIVIDE THIS CLOCK INTO SUB-BLOCKS OF 32 bits(16 sub- blocks)
 THE VALUES OF INITIAL VARIABLES WOULD BE PASSED THROUGH
SUB-REGISTERS
 THIS PROCESS WOULD BE PERFORMED IN 4 ROUNDS AND EACH
ROUND CONSISTS OF 20 ITERATIONS.
 CONSTANT K(t) WILL ITERATE 0 TO 9 TIMES WITH THE FIXED VALUE IN
EACH ROUND
 W(T) SUB-BLOCK OFF 32 BITS WILL BE PASSED THROUGH IT
SHA-1 Algorithm (one round)

• F is a nonlinear function that varies

• <<<n is a left bit rotation by n
places (n varies for each operion)t is
the expanded message word of
round t
• Kt is the round constant of round t
• ABCDE are 32-bit words in the state
• Boxes addition modulo 232
SHA-1

 SHA-1 is a modification of SHA-0 to correct those

flaws that it produced
 Produces a 160-bit message digest (MD) that is on
principle based on MD4.
 The MD is then inputted into a Digital Signature
Algorithm (DSA)
 Which generates/verifies the signature for the
message.
 Runs in 80 rounds.
Attacks on SHA-1

 Since SHA-1 is 160-bits

 Birthday attack can find a collision in 280 trials
 February 15, 2005 Wang, Yin, and Yu have found collisions in 2 69 trials

 Is SHA-1 broken?
 Not quite – The resources needed to break it is enormous
 Considered the same amount of time to factor 760-bit RSA modulus
 Only well-funded intelligence agencies can do it within a reasonable
amount of time
SHA-2

 SHA-2 consists of a set of 6 hash functions with the digests (hash

values) .
 SHA-224
 SHA-256
 SHA-284
 SHA-512
 SHA-512/224
 SHA-512/256
They all use different shift amounts, constants, and number of rounds
SHA-2 (continued)

 The number in each variant represents the bit values.

 SHA-2 provides better prevention against collision, meaning the same
input data always has a different hash value.
 SHA-2 uses from 64 to 80 rounds of cryptography operations, and it
is commonly used to validate and sign digital security certificates and
documents.
SHA-2 (continued)

 SHA-256 is one of the successor hash functions to SHA-1 (collectively

referred to as SHA-2), and is one of the strongest hash functions
available.
 SHA-256 is not much more complex to code than SHA-1, and has not
yet been compromised in any way.
 The 256-bit key makes it a good partner-function for AES.
SHA-256 Algorithm (One iteration)
Attacks on SHA-2

 There are two meet-in-the-middle pre image attacks

 The first one attacks SHA-256 41/64 rounds in 2 253.5 time with a space
complexity of 216 - SHA-512 46/80 rounds in 2511.5 time and space
complexity of 23

 The second one attacks SHA-256 42/64 in 2251.7 time and 212 space
complexity – SHA-512 42/80 in 2502 time and space 222
Comparison of the SHA functions
Version Output Input Block Max Word Rounds Collisions
(bits) (bits) Size Size/ size ?
(bits) Message
SHA-0 160 160 512 264-1 32 80 Yes

SHA-1 160 160 512 264-1 32 80 Yes (251)

SHA- 256/224 256 512 264-1 32 64 None

256/224
SHA- 512/384 512 1024 2128-1 64 80 None
512/384