BCSE309L - Cryptography and Network Security

Module 4 - Secure Hash Algorithm

[SHA]

Dr. Somasundaram S K
Assistant Professor Senior Grade 2
School of Computer Science and
Engineering,
Vellore Institute of Technology,
Vellore – 632 014
Phone No: +91 9843665115
Mail ID: [email protected]
Location: PRP Block – 218D
Secure Hash Algorithm

• SHA-0 originally designed by NIST & NSA in 1993

• Was revised in 1995 as SHA-1

• Based on design of MD4 with key differences

• Produces 160-bit hash values or 40 digits hexadecimal number

• 2005 results on security of SHA-1 raised concerns on its use in

future applications
Revised Secure Hash Standard
• NIST issued revision FIPS 180-2 in 2002

• Adds 3 additional versions of SHA -2

• SHA-256, SHA-384, SHA-512

• Designed for compatibility with increased security provided by

the AES cipher

• Structure & detail is similar to SHA-1. Hence analysis should

be similar

• But security levels are rather higher

Comparison of SHA
Parameters
Overview of SHA-512
Input Message
Message Digest Generation Using
SHA-512 – Processing steps (1)
• Step 1 Append padding bits
• The message is padded so that its length is congruent to 896
mod 1024 [length ≡ 896(mod 1024)]
• Padding is always added, even if the message is already of the
desired length
• Thus, the number of padding bits is in the range of 1 to 1024

• The padding consists of a single 1 bit followed by the

necessary number of 0 bits
Padding Example
Message Digest Generation Using
SHA-512 – Processing steps (2)
• Step 2 - Append length
• A block of 128 bits is appended to the message. This block is treated as an
unsigned 128-bit integer (most significant byte first) and contains the
length of the original message in bits (before the padding)

• The outcome of the first two steps yields a message that is an

integer multiple of 1024 bits in length

• The expanded message is represented as the sequence of 1024-bit

blocks M1, M2, .., MN, so that the total length of the expanded
message is N * 1024 bits
Append length - Example

Pad the original length of the message for 128 bits at the
end
Message_Length = 24 bits
Hexadecimal value of 24 is 18
Message length represented in 128 bits in hexa decimal is
Exercise
• How many bits you will pad for input message length of
2348 bits?
 SHA-512
Logic

• The algorithm takes as

input a message with a
maximum length of less
than 2128 bits and
produces as output a
512-bit message digest
• The input is processed
in 1024-bit N blocks

Message Digest Generation using SHA-512

Message Digest Generation Using
SHA-512 – Processing steps (3)
• Step 3 Initialize hash buffer
• A 512-bit buffer is used to hold intermediate and final results of
the hash function
• The buffer can be represented as eight 64-bit registers (a, b, c,
d, e, f, g, h)
• These registers are initialized to the following 64-bit integers
(hexadecimal values):
a = 6A09E667F3BCC908 e = 510E527FADE682D1
b = BB67AE8584CAA73B f = 9B05688C2B3E6C1F
c = 3C6EF372FE94F82B g = 1F83D9ABFB41BD6B
d = A54FF53A5F1D36F1 h = 5BE0CD19137E2179
Message Digest Generation Using
SHA-512 – Processing steps (4)
• Step 4 Process message in 1024-bit (128-
byte) blocks
• Heart of the algorithm
• Processing message in 1024-bit blocks
• Consists of 80 rounds
• Updating a 512-bit buffer
• Using a 64-bit value wt derived from the current message
block
• And a round constant based on cube root of first 80 prime
Step 4.1: Message Scheduling
 Creation of 80-word Input Sequence for
SHA-512 Processing of Single Block

Introduces a great deal of redundancy and interdependence into the message blocks
that are compressed, which complicates the task of finding a different message block
that maps to the same compression function output
Creation of 80-word Input Sequence for
SHA-512 Processing of Single Block
• It remains to indicate how the 64-bit word values Wt are derived
from the 1024-bit message. The first 16 values of Wt are taken
directly from the 16 words of the current block. The remaining
values are defined as:
 SHA-512 Processing of a Single
1024-Bit Block

SHA-512 Constants

SHA-512 Processing of a Single 1024-Bit Block

Elementary SHA-512 Operation
(single round)
 SHA-512 Round
Function
• Each round is defined by the following set of equations:
Message Digest Generation Using
SHA-512 – Processing steps (5)
• Step 5 Output.
• After all N 1024-bit blocks have been processed, the output from the Nth stage
is the 512-bit message digest
• We can summarize the behavior of SHA-512 as follows:
H0 = IV
Hi = SUM64(Hi-1, abcdefghi)
MD = HN
where
• IV = initial value of the abcdefgh buffer, defined in step 3
• abcdefghi = the output of the last round of processing of the ith message block
• N = the number of blocks in the message (including padding
and length fields)
• SUM64 = addition modulo 264 performed separately on each word of
the pair of inputs
• MD = final message digest value
SHA-512 Logic -
Summary