Scribd
Upload
37 views32 pages

CH - 12 Hash Functions

Chapter 12 discusses cryptographic hash functions, focusing on MD5 and SHA-512. MD5, developed by Ronald L. Rivest, generates a 128-bit message digest from arbitrary-length input, while SHA-512 produces a 512-bit digest and is based on the Merkle-Damgard scheme. The chapter outlines the steps involved in both algorithms, including padding and initialization processes.

Uploaded by

ouydyit
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
37 views32 pages

CH - 12 Hash Functions

Chapter 12 discusses cryptographic hash functions, focusing on MD5 and SHA-512. MD5, developed by Ronald L. Rivest, generates a 128-bit message digest from arbitrary-length input, while SHA-512 produces a 512-bit digest and is based on the Merkle-Damgard scheme. The chapter outlines the steps involved in both algorithms, including padding and initialization processes.

Uploaded by

ouydyit
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 32

Chapter 12

Cryptographic
Hash Functions

12.1
MD5

•MD5 was developed by Professor Ronald L. Rivest of


MIT.

•The MD5 algorithm] takes as input a message of


arbitrary length and produces as output a 128-bit
"fingerprint" or "message digest" of the input.

•The input is processed in 512 bit blocks.

•MD6 – the new version


•Published on 15/04/2009
•By Ronald L. Rivest
12.2
MD5 Algorithm Description Message

length

12.3
Steps:

 The following five steps are performed to


compute the message digest of the
message.
 Step 1. Append Padding Bits
 Step 2. Append Length
 Step 3. Initialize MD Buffer
 Step 4. Process Message in 16-Word
Blocks
 Step 5. Output

12.4
Step-1
 Append padding bits
 The message is padded so that the
length in bits is congruent to 448 mod
512
 i.e. Length = 448 mod 512
 Padding consists of a 1-bit followed by
necessary no of zeroes.

12.5
12.2.1 Continued
|M| + |P| + 64 =0 MOD 512
|P| = [-M -64] MOD 512

Example 12.3
What is the number of padding bits if the length of the original
message is 2590 bits?

Solution
We can calculate the number of padding bits as follows:

The padding consists of one 1 followed by 353 0’s.

12.6
Example 12.4
Do we need padding if the length of the original message is
already a multiple of 1024 bits?

Solution
Yes we do, because we need to add the length field. So padding is
needed to make the new block a multiple of 1024 bits.

12.7
STEP 3
 The main MD5 algorithm operates on a
128-bit state, divided into four 32-bit
words,
 denoted A, B, C and D.
 These are initialized to certain fixed
constants
 In little-endian format
 i.e. least significant byte first
 Ex: if A =87654321

The word A = 21436587

12.8
Step 4
 MD5 is a compression algorithm
 CV0 = IV
 CVq+1 = SUM32[CVq, RFI(Yq, RFH(Yq,RFG
(Yq, RFF(Yq, CVq))))]
 MD = CVL-1

12.9
12.10
MD5 operations:

12.11
12.1.2 Two Groups of Compression Functions

1. The compression function is made from scratch.


Message Digest (MD)

2. A symmetric-key block cipher serves as a compression


function.
Whirlpool

12.12
12-1 INTRODUCTION

A cryptographic hash function takes a message of


arbitrary length and creates a message digest of fixed
length. The ultimate goal of this chapter is to discuss
the details of the two most promising cryptographic
hash algorithms SHA-512 and Whirlpool.

Topics discussed in this section:


12.1.1 Iterated Hash Function
12.1.2 Two Groups of Compression Functions

12.13
12.1.1 Iterated Hash Function

Merkle-Damgard Scheme

12.14 Figure 12.1 Merkle-Damgard scheme


12.1.2 Continued

12.15
12-2 SHA-512

SHA-512 is the version of SHA with a 512-bit message


digest. This version, like the others in the SHA family
of algorithms, is based on the Merkle-Damgard
scheme.

Topics discussed in this section:


12.2.1 Introduction
12.2.2 Compression Function
12.2.3 Analysis
12.16
12.2.1 Introduction

Figure 12.6 Message digest creation SHA-512

12.17
12.2.1 Continued

Message Preparation
SHA-512 insists that the length of the original message
be less than 2128 bits.

Note
SHA-512 creates a 512-bit message digest out of a
message less than 2128.

12.18
12.2.1 Continued

Figure 12.7 Padding and length field in SHA-512

12.19
12.2.1 Continued

Example 12.5
What is the minimum and maximum number of padding bits that
can be added to a message?

Solution

a. The minimum length of padding is 0 and it happens when


(−M − 128) mod 1024 is 0. This means that |M| = −128 mod
1024 = 896 mod 1024 bits. In other words, the last block in the
original message is 896 bits. We add a 128-bit length field to
make the block complete.

12.20
12.2.1 Continued

Example 12.5 Continued

b) The maximum length of padding is 1023 and it happens when


(−|M| −128) = 1023 mod 1024.
This means that the length of the original message is
|M| = (−128 −1023) mod 1024 or the length is |M| = 897 mod 1024.

In this case, we cannot just add the length field because the length
of the last block exceeds one bit more than 1024. So we need to
add 897 bits to complete this block and create a second block
of 896 bits. Now the length can be added to make this block
complete.

12.21
12.2.1 Continued

Words

Figure 12.8 A message block and the digest as words

12.22
12.2.1 Continued

Word Expansion

Figure 12.9 Word expansion in SHA-512


12.23
12.2.1 Continued

Example 12.6

Show how W60 is made.

Solution
Each word in the range W16 to W79 is made from four
previously-made words. W60 is made as

12.24
12.2.1 Continued

Message Digest Initialization

12.25
12.2.2 Compression Function

Figure 12.10 Compression function in SHA-512

12.26
Figure 12.11 Structure of each round in SHA-512

12.27
12.2.2 Continued
Majority Function

Conditional Function

Rotate Functions

12.28
12.2.2 Continued

12.29
12.2.2 Continued

There are 80 constants, K0 to K79, each of 64 bits. Similar


These values are calculated from the first 80 prime
numbers (2, 3,…, 409). For example, the 80th prime is
409, with the cubic root (409)1/3 = 7.42291412044.
Converting this number to binary with only 64 bits in the
fraction part, we get

The fraction part: (6C44198C4A475817)16

12.30
12.2.2 Continued

Example 12.7
We apply the Majority function on buffers A, B, and C. If the
leftmost hexadecimal digits of these buffers are 0x7, 0xA, and 0xE,
respectively, what is the leftmost digit of the result?
Solution
The digits in binary are 0111, 1010, and 1110.
a. The first bits are 0, 1, and 1. The majority is 1.
b. The second bits are 1, 0, and 1. The majority is 1.
c. The third bits are 1, 1, and 1. The majority is 1.
d. The fourth bits are 1, 0, and 0. The majority is 0.

The result is 1110, or 0xE in hexadecimal.


12.31
12.2.2 Continued

Example 12.8
We apply the Conditional function on E, F, and G buffers. If the
leftmost hexadecimal digits of these buffers are 0x9, 0xA, and 0xF
respectively, what is the leftmost digit of the result?
Solution
The digits in binary are 1001, 1010, and 1111.
a. The first bits are 1, 1, and 1. The result is F1, which is 1.
b. The second bits are 0, 0, and 1. The result is G2, which is 1.
c. The third bits are 0, 1, and 1. The result is G3, which is 1.
d. The fourth bits are 1, 0, and 1. The result is F4, which is 0.

The result is 1110, or 0xE in hexadecimal.


12.32

You might also like