MODULE 4 - SIC

Hash functions – Security requirements, Secure Hash Algorithm (SHA-512). Message

Authentication Code (MAC) – Requirements, Uses, Hash-based MAC (HMAC), Cipher-based
MAC (CMAC). Digital signatures – Attacks, Forgeries, Requirements, Direct vs Arbitrated
digital signatures, RSA digital signature, ElGamal digital signature, Digital Signature Standard
(DSS).

PART 1:
Hash functions –
● Security requirements,
● Secure Hash Algorithm (SHA-512).

Hash functions:
● A hash function H accepts a variable-length block of data M as input and
produces a fixed-size hash value h = H(M).
● A “good” hash function has the property of applying the function to a large
set of inputs will produce outputs that are evenly distributed and random
● The principal object of a hash function is data integrity.
● A change to any bit or bits in M results, with high probability, in a change to
the hash code.
● The kind of hash function needed for security applications is referred to as
cryptographic hash function.

Downloaded from Ktunotes.in

 Applications of Cryptographic Hash Functions:
1. Message Authentication
2. Digital Signatures
3. one-way password file
4. intrusion detection and virus detection
5. Pseudorandom function (PRF) or a pseudorandom number generator
(PRNG).

Requirements And Security

● For a hash value h = H(x), we say that x is the preimage of h.
● That is, x is a data block whose hash function, using the function H, is h.
● Because H is a many-to-one mapping, for any given hash value h, there will
in general be multiple preimages.

Downloaded from Ktunotes.in

Security Requirements for Cryptographic Hash Functions:

Q. Describe the working of SHA-512 with diagrams

Secure Hash Algorithm (SHA-512)

● SHA was developed by the National Institute of Standards and Technology
(NIST) and published as a federal information processing standard (FIPS
180) in 1993.
● SHA is based on the hash function MD4, and its design closely models
MD4.
● When weaknesses were discovered in SHA, now known as SHA-0, a revised
version was issued as FIPS 180-1 and is referred to as SHA-1

● SHA-1 produces a hash value of 160 bits.

Downloaded from Ktunotes.in

 ● FIPS 180-2, that defined three new versions of SHA, with hash value lengths
of 256, 384, and 512 bits, known as SHA-256, SHA-384, and SHA-512,
● These hash algorithms are known as SHA-2.
SHA-512 Logic
● The algorithm takes as input a message with a maximum length of less than
2128 bits
● And produces as output a 512-bit message digest.
● The input is processed in 1024-bit blocks

● The processing consists of the following steps.

1. Step 1: Append padding bits.

● The message is padded so that its length is congruent to 896 modulo
1024 [length K 896(mod 1024)].
● Padding is always added, even if the message is already of the desired
length.
● Thus, the number of padding bits is in the range of 1 to 1024.
● The padding consists of a single 1 bit followed by the necessary
number of 0 bits.

Downloaded from Ktunotes.in

2. Step 2: Append length
● A block of 128 bits is appended to the message.
● This block is treated as an unsigned 128-bit integer (most significant
byte first) and contains the length of the original message (before the
padding).
● The outcome of the first two steps yields a message that is an integer
multiple of 1024 bits in length.
● the expanded message is represented as the sequence of 1024-bit
blocks M1, M2, c, MN, so that the total length of the expanded
message is N * 1024 bits.
3. Step 3: Initialize hash buffer.
● A 512-bit buffer is used to hold intermediate and final results of the
hash function.
● The buffer can be represented as eight 64-bit registers (a, b, c, d, e, f,
g, h).
● These registers are initialized to the 64-bit integers (hexadecimal
values)

● These values are stored in big-endian format, which is the most

significant byte of a word in the low-address (leftmost) byte position
4. Step 4: Process message in 1024-bit (128-word) blocks.
● The heart of the algorithm is a module that consists of 80 rounds;
● Each round takes as input the 512-bit buffer value, abcdefgh, and
updates the contents of the buffer.
● At input to the first round, the buffer has the value of the intermediate
hash value, Hi-1.
● The output of the eightieth round is added to the input to the first
round (Hi-1) to produce Hi

Downloaded from Ktunotes.in

5. Step 5 Output.
● After all N 1024-bit blocks have been processed, the output from the
Nth stage is the 512-bit message digest.

Downloaded from Ktunotes.in

PART 2:
Message Authentication Code (MAC)
● Requirements,
● Uses,
● Hash-based MAC (HMAC),
● Cipher-based MAC (CMAC).

Downloaded from Ktunotes.in

Message Authentication Code (MAC)

● MAC algorithm is a symmetric key cryptographic technique to provide

message authentication. For establishing MAC process, the sender and
receiver share a symmetric key K.

● Authentication technique involves the use of a secret key to generate a small

fixed-size block of data, known as a cryptographic checksum or MAC, that is
appended to the message.
● This technique assumes that two communicating parties, say A and B, share a
common secret key K.
● When A has a message to send to B, it calculates the MAC as a function of the
message and the key:

● The message plus MAC are transmitted to the intended recipient.

● The recipient performs the same calculation on the received message, using the
same secret key, to generate a new MAC.
● The received MAC is compared to the calculated MAC.

● A MAC function is similar to encryption.

● One difference is that the MAC algorithm need not be reversible, as it must be for
decryption.
● In general, the MAC function is a many-to-one function.

Downloaded from Ktunotes.in

Requirements for Message Authentication Codes

● A MAC, also known as a cryptographic checksum, is generated by a function C

of the form
T = MAC(K, M)
● where M is a variable-length message,
● K is a secret key shared only by sender and receiver,
● and MAC(K, M) is the fixed-length authenticator, sometimes called a tag
❖ The tag is appended to the message at the source at a time when the message
is assumed or known to be correct.
❖ The receiver authenticates that message by recomputing the tag.
❖ Assume that an opponent knows the MAC function but does not know K. Then
the MAC function should satisfy the following requirements.

● In the first requirement an opponent is able to construct a new message to

match a given tag, even though the opponent does not know and does not
learn the key.
●

Downloaded from Ktunotes.in

 ● The second requirement deals with the need to thwart a brute-force attack based
on chosen plaintext.
● If we assume that the opponent does not know K but does have access to the
MAC function and can present messages for MAC generation, then the
opponent could try various messages until finding one that matches a given tag.
● If the MAC function exhibits uniform distribution, then a brute-force method would
require, on average, 2(n-1) attempts before finding a message that fits a given
tag.

● The final requirement dictates that the authentication algorithm should not be
weaker with respect to certain parts or bits of the message than others.
● If this were not the case, then an opponent who had M and MAC(K, M) could
attempt variations on M at the known “weak spots” with a likelihood of early
success at producing a new message that matched the old tags.

12.5 MACs Based on Hash Functions: HMAC

● HMAC Design Objectives
● HMAC Algorithm
● Security of HMAC

MAC s Based on Hash Functions: HMAC

● HMAC has been issued as RFC 2104, has been chosen as the
mandatory-to-implement MAC for IP security, and is used in other Internet
protocols, such as SSL.
HMAC Design Objectives

RFC 2104 lists the following design objectives for HMAC.

● To use, without modifications, available hash functions. In particular, to use hash
functions that perform well in software and for which code is freely and widely
available.

Downloaded from Ktunotes.in

 ● To allow for easy replaceability of the embedded hash function in case faster or
more secure hash functions are found or required.
● To preserve the original performance of the hash function without incurring a
significant degradation.
● To use and handle keys in a simple way.
● To have a well understood cryptographic analysis of the strength of the
authentication mechanism based on reasonable assumptions about the
embedded hash function.

12.6 MACs Based on Block Ciphers: DAA and CMAC

● Data Authentication Algorithm
● Cipher-Based Message Authentication Code (CMAC)

PART 3:
Digital signatures –
● Attacks,
● Forgeries,
● Requirements,
● Direct vs Arbitrated digital signatures,
● RSA digital signature,
● ElGamal digital signature,
● Digital Signature Standard (DSS).

🌟🌟🌟

Downloaded from Ktunotes.in

Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in
Downloaded from Ktunotes.in