CP5603

Research Report

SUBMITTED TO: SUBMIITED

BY:

DR: PAUL DARWEN LOVEJEET KAUR

Jc472458

CRYPTOGRAPHIC

HASH FUNCTION

SUMMARY

This

report is about cryptographic hash functions. Cryptographic

hash functions are a basic technology used in many encryption methods. A cryptographic

hash function is a type of security mechanism that produces a hash value,

message digest or checksum value for a specific data object. Data oriented

companies can use any type of cryptographic hash functions.

There

are many types of cryptographic hash functions. We can basically divide it into

two categories:

· Older

cryptographic hash functions

·

Newer

cryptographic hash functions

Older

cryptographic hash functions include popular ones like MD5 and SHA-1.

MD5 is a

popular Hash Function producing a 128-bit hash value and used by numerous

individuals around the globe.

SHA-1 works

similar to MD5 and produces a 160-bit message digest.

Newer cryptographic hash functions are

supposed to be better, like BLAKE2, SHA-3, and Tiger.

BLAKE2 is a cryptographic hash function faster than MD5, SHA-1, SHA-2, and SHA-3, yet is at least as

secure as the latest standard SHA-3. BLAKE2 has been adopted by many

projects due to its high speed, security, and simplicity.

SHA-3 is designed to provide a random mapping from a

string of binary data to a fixed-size “message digest” and achieve certain

security properties.

Tiger is designed to run on

64-bit platforms. The size of a Tiger hash value is 192 bits.

As a result, I think data-oriented companies should use

Newer cryptographic hash functions because these are better than older ones and

have new improvements and features.

HASH

FUNCTION

A hash work takes a gathering

of characters (called a key) and maps it to an estimation of a specific length

(called a hash esteem or hash). The hash esteem is illustrative of the first

series of characters which is ordinarily littler than the first.

Hashing is improved the

situation ordering and finding things in databases since it is simpler to

locate the shorter hash an incentive than the more drawn out string. Hashing is

likewise utilized as a part of encryption.

This term is otherwise called

a hashing calculation or message process work.

Hash function takes

an input of arbitrary or almost arbitrary length to one whose length is a fixed

number like 160 bits. These are

used in many parts of cryptography and there are many different types of hash functions, with differing

security properties.

Design

of hash function

Hash tables are one of the most useful data

structures ever invented. Unfortunately, they are also one of the most misused.

Code built using hash tables often falls far short of achievable performance.

There are two reasons for this:

· Clients choose poor hash functions that do not

act like random number generators, invalidating the simple uniform hashing

assumption.

· Hash table abstractions do not adequately

specify what is required of the hash function or make it difficult to provide a

good hash function.

CRYPTOGRAPHIC

HASH FUNCTION

A cryptographic hash function

takes an information (or ‘message’) and returns a fixed-size alphanumeric string. The string is known as

the ‘hash esteem’, ‘message process’, ‘advanced unique mark’, ‘process’ or

‘checksum’.

It should have three

fundamental properties:

1.

It is simple to ascertain a hash for any given

information.

2. It is

computationally hard to figure an alphanumeric content that has a given hash.

3. It is

improbable that two unique messages will have a similar hash.

A cryptographic hash

function is a kind of algorithm that can be run on a piece of data, like an

individual file or a password, to produce a value

called a checksum. Its main use is to verify the

authenticity of a piece of data.

Early

History and Definitions

Cryptographic hash functions

map input strings of arbitrary (or very large) length to short fixed length

output strings. In their 1976 seminal paper on public key cryptography, Diffie

and Hellman identified the need for a one-way hash function as a building block

of a digital signature scheme. The first definitions, analysis and

constructions for cryptographic hash functions can be found in the work of

Rabin, Yuval, and Merkle of the late 1970s. Rabin proposed a design with a

64-bit result based on the block cipher DES, Yuval showed how to find

collisions for an n-bit hash function in time 2n/2 with the birthday paradox,

and Merkle’s work introduced the requirements of collision resistance, second

preimage resistance, and preimage resistance. In 1987, Damg?ard formalized the

definition of collision resistance, and two years later Naor and Yung defined a

variant of seoncd preimage resistant functions called Universal One-Way Hash

Functions (UOWHFs). In 2004 Rogaway and Shrimpton formally studied the relations between

collision resistance and several flavors of preimage resistance and second

preimage resistance. Hash functions should also destroy the algebraic structure

of the signature scheme; typical examples are the Fiat-Shamir heuristic and

Coppersmith’s attack on the hash function in X.509 Annex D that was intended

for use with RSA (this attack breaks the signature scheme by constructing

message pairs (x, x0 ) for which h(x) = 256 · h(x )). This development resulted

in the requirement that hash functions need an ‘ideal’ behavior which would

allow them to instantiate the theoretical concept of random oracles.

Constructions of MAC algorithms based on hash functions (such as HMAC) have

resulted in the requirement that the hash function can be used to construct

pseudo-random functions, which has a.o. been studied by Bellare et al.

TYPES

OF CRYPTOGRAPHIC HASH FUNCTION

There

are many types of cryptographic hash functions. Some of them are older but

popular as well like MD5 and SHA-1 and Some are newer ones that supposed to be

better like BLAK2, SHA-3 and Tiger. These types are discussed in detail in

following paragraphs.

Older

cryptographic hash functions

MD5

MD5 is a popular Hash Function

producing a 128-bit hash value and used by numerous

individuals around the globe. It is Created by Professor Ronald L. Rivest of

MIT in 1991. It

is an updated version of MD4. MD5 (message digest algorithm) is one-way function that produce a

“fingerprint”. essentially, they map something with a lot of bits

down to just a few bits (128 in the case of MD5) in such a way that collisions

are as rare as possible. MD5 was designed especially to run on 32-bit processors

It has two purposes:

1. Confirm

the honesty of a document after a predefined timeframe

2. Create

Hash esteems for a specific bit of information ( Ex: document) and store them,

for later cross checking if the record has been adjusted or not.

Examples of framework which contains a record called

“SAMPLE.TXT”

filename

hash value

C:SAMPLE.TXT

BC8FEFECA210FC0C0F3EBC1614A37889

MD5 takes as information a

message of subjective length and creates as yield a 128-piece “unique

mark” or “message process”. It is computationally infeasible to

deliver any message having a given prespecified target message process. The MD5

calculation was planned for advanced mark applications, where a vast record

must be “packed” in a safe way before being marked with a private

(mystery) key under an open key cryptosystem, for example, RSA. Be that as it

may, commonsense assaults on the impact protection of MD5 exist 1, and it

ought to along these lines not be utilized with advanced marks or some other

application requiring crash protection.

MD5 Algorithm

MD5 consists of 64 of these operations, grouped in four

rounds of 16 operations. F is used in each round which is nonlinear function.

Mi denotes the message input of 32 bit, and Ki which is different for each

operation and is 32-bit constant. s is a left bit rotation by s.The main

algorithm MD5 is divided into A, B, C and D which operates on 128 bit where

each carry 32 bits.These are constants which are initialized into,

A = 0x67452301 B =

0xEFCDAB89 C = 0x98BADCFE D = 0x10325376

The processing consists of four same stages and each stage

is composed of similar 16 operations. The figure denotes one such kind of

operation. F (B,C,D)=(B AND C) OR (NOT B AND D) G (B,C,D)= (B AND D) OR ( C AND

NOT D) H (B,C,D)= B XOR C XOR D I (B,C,D)= C XOR (B OR NOT D)

The output is called

a hash value, a fingerprint or a message digest.

Good point:

· It is useful because we

can compare and store small hashes much more easily than the entire original

sequences.

· It can be utilized to check something without

fundamentally giving ceaselessly the first data. For example, Unix stores

hashes of passwords rather than the passwords themselves.

· MD5 is very collision

resistant.

· It provides fast

computation.

· It provides one-way

hash.

· It is popular globally.

Bad point:

· It has known security

flaws and vulnerabilities.

· It is less secure than

the SHA-1 algorithm MD5.

· MD5 use Davies-Meyer construction with certain block

ciphers that do not see much use on

their own.

SHA-1

It

works similar to MD5 and produces a 160-bit message digest. It is the most

widely used algorithm for integrity. The main reason for its popularity among

existing algorithms is its time efficiency and its robustness. It was no longer

used for most cryptographic uses after 2010 attack by Marc Stevens, which can

produce hash collisions with a complexity of 261 operations. It was designed by the United

States National Security Agency, and is a U.S. Federal Information

Processing Standard. SHA1 is widely considered

the successor to MD5. SHA stands for “Secure Hash Algorithm”

SHA-1 Algorithm

Here A, B, C, D

and E denotes the 32-bit words in one iteration of SHA-1 function. F varies and

d it is a nonlinear function. N varies for each rotation and denotes a left

side rotation. Wt. is the expanded message word of round t. Kt denotes the

addition modulo and is a constant. H0, h1, h2, h3, and h4 denotes 32 bit

divisions of SHA Algorithm. h0

=0x67452301 h1= 0Xefcdab89 h2=0x98BADCFE

h3=0x10325476 h4=0XC3D2E1F0 Based on F function message it consist of

similar 80 operations. Modular addition and left rotation.

A=h0, B=h1, C=h2, D=h3, E=h4

From iteration 16 to 79

wi= (wi-3 xor wi-8 xor wi-14

xor wi-16) leftrotate1

The possible F functions: F(B,C,D)=(B

AND C) OR (NOT B AND D) G(B,C,D)=B XOR C

XOR D H(B,C,D)=(B AND C) OR (B AND D) OR

(C AND D) 5 I(B,C,D)=B XOR C XOR

D

SHA1 requires 80 processing constant

words defined as:

K(t) = 0x5A827999 , (0 <= t <= 19) K(t) = 0x6ED9EBA1, (20 <= t <= 39) K(t) = 0x8F1BBCDC ,(40 <= t <= 59) K(t) = 0xCA62C1D6, (60 <= t <= 79) Advantages of SHA-1 · It has longer hash value compared with MD5 · It is collision resistant - Is in widespread use · It provides one-way hashing · It is cryptographic hash functions with different support of bit rate. · SHA-1 is widely used in a number of applications. · It has gained big success in ensuring that data remains unchanged. Disadvantages of SHA-1 · It has slower computation comparing to MD5. · It is known security vulnerabilities. · SHA-1 also use Davies-Meyer construction with certain block ciphers that do not see much use on their own. · SHA-1 is slower than MD5 Newer cryptographic hash functions BLAKE2 The BLAKE2 cryptographic hash function was designed by Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn, and Christian Winnerlein. BLAKE2 is an improved version of the SHA-3. BLAKE2 comes in two basic flavors: o BLAKE2b (or just BLAKE2) is optimized for 64-bit platforms and produces digests of any size between 1 and 64 bytes. o BLAKE2s is optimized for 8- to 32-bit platforms and produces digests of any size between 1 and 32 bytes. The BLAKE2 hash function may be used by digital signature algorithms and message authentication and integrity protection mechanisms in applications such as Public Key Infrastructure (PKI), secure communication protocols, cloud storage, intrusion detection, forensic suites, and version control systems. BLAKE2 includes the 4-way parallel BLAKE2bp and 8-way parallel BLAKE2sp designed for increased performance on multicore or SIMD CPUs. BLAKE2 offers these algorithms tuned to your specific requirements, such as keyed hashing (that is, MAC or PRF), hashing with a salt, updatable or incremental tree-hashing, or any combination thereof. BLAKE2 also includes the BLAKE2x variants, which can produce digests of arbitrary length. BLAKE2 shines on 64-bit CPUs: on an Intel Core i5-6600 (Skylake microarchitecture, 3310MHz), BLAKE2b can process 1 gibibyte per second, or a speed rate of 3.08 cycles per byte. Good point: · BLAKE2 has been adopted by many projects due to its security and simplicity. · It provides high speed. BLAKE2 does not require a special "HMAC" (Hashed Message Authentication Code) construction for keyed message authentication as it has a built-in keying mechanism. · Faster than MD5 on 64-bit Intel platforms· 32% less RAM required than BLAKE· Minimal padding, which is faster and simpler to implement· Direct support, with no overhead, of– Parallelism for many-times faster hashing on multicore or SIMD CPUs– Tree hashing for incremental update or verification of large files– Prefix-MAC for authentication that is simpler and faster than HMAC– Personalization for defining a unique hash function for each application Bad point: · Resistance to Joux's multicollisions similar to that of SHA-2 · Fixed-points found in less time than for an ideal function (but not efficiently). SHA-3 A cryptographic hash algorithm (alternatively, hash "function") is designed to provide a random mapping from a string of binary data to a fixed-size "message digest" and achieve certain security properties. Hash algorithms can be used for digital signatures, message authentication codes, key derivation functions, pseudo random functions, and many other security applications. The Federal Information Processing Standard (FIPS 180-4), Secure Hash Standard, specifies seven cryptographic hash algorithms for Federal use, and is widely adopted by the information technology industry as well. SHA-3 stands for Secure Hash AlgorithmSHA-3 (Secure Hash Algorithm 3) is a cryptographic hash function based on the sponge construction. SHA-3 is a part of Keccak cryptographic function family. The Keccak algorithm was created by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche in 2006. Won a SHA-3 standard competition in 2012 and became a NIST (National Institute of Standards and Technology) standard in 2015.SHA-3 was designed to be very efficient in hardware but is relatively slow in software. SHA-3 takes about double the time compared to SHA-2 to run in software and about a quarter of the time to run in hardware.The goal of the SHA-3 competition was to specify "a new hash algorithm to augment and revise" FIPS 180-2, the standard that specified SHA-1 and SHA-2. The SHA-3 competition was organized by the United States National Institute of Standards and Technology (NIST). The process of SHA-3 standardization by NIST was completed in August 2015 and includes four hash functions with output lengths of 224, 256, 384 and 512 bits. In all these cases, the width is 1600 (i.e., the underlying permutation is Keccak-f1600) and the capacity is twice the output length. The capacity works as a security parameter, so that security is increased with higher capacities, but there is a security-efficiency trade-off and speed may be increased by using lower capacities. Strong points · SHA3 will be deployed into a world full of SHA2 implementaPons · It uses a sponge function construction. · It is a positive fact that SHA-3 has not the same structure as SHA-2. That means that a new attack could not threaten both algorithms at the same time. Weak points · SHA-3 takes double the time to run in software, if you want the same password handling time on your server you would need to do half the number of iterations. But attackers can use a hardware implementation for password cracking. Due to this attacker can crack SHA-3 hashed passswords eight times faster than SHA-2 hashed passwords - 2 times faster because we need to halve the number of hash iterations and 4 times faster because of SHA-3 hardware being faster than SHA-2 hardware. · SHA-3 is designed to be a good hash-function, not a good password-hashing-scheme (PHS), whereas bcrypt is designed to be a PHS and was analyzed in this direction as well. · Bcrypt is slower and requires some memory (4 kiB IIRC), so one spends 100ms to check a valid password whereas an attacker needs days / years to crack it because he's slowed down and can't use GPUs efficiently. Tiger Tiger is also a cryptographic hash function, designed to run on 64-bit platforms. Different versions of Tiger (Tiger-128, Tiger-160, and Tiger-192) allow for different hash sizes. Distinctive initialization values are not defined with Tiger. The fixed amount of rounds used to create a hash with a Tiger function is 24.Tiger is a cryptographic hash function with a 192-bit hash value. It was proposed by Anderson and Biham in 1996. Tiger with the full 192 bits of output in use may be called Tiger/192, and we recommend its use in all new applications. When replacing other functions in existing applications, we suggest two shorter variants: 1. Tiger/160: the hash value is the first 160 bits of the result of Tiger/192, and is used for compatibility with SHA and SHA-1; 2. Tiger/128: the hash value is the first 128 bits of the result of Tiger/192, and is used for compatibility with MD4, MD5, RIPE-MD, the Snefru variants and some hash functions based on block ciphers. Tiger is a cryptographic iterated hash function that processes 512-bit blocks and produces a 192-bit hash value. It was proposed by Anderson and Biham in 1996. Recent results in the cryptanalysis of Tiger show weaknesses in round-reduced variants of the hash function. At FSE 2006, Kelsey and Lucks presented a collision attack on 16 and 17 (out of 24) rounds of Tiger. The attack has a complexity of about 244 evaluations of the compression function. Furthermore, they present a pseudo-near-collision for a variant of Tiger reduced to 20 rounds with a complexity of about 248. These results were later improved by Mendel et al. in 3. They show that a collision can be found for Tiger reduced to 19 rounds with a complexity of about 262 evaluations of the compression function. Furthermore, they present a pseudo-near-collision for Tiger reduced to 22 rounds with a complexity of about 244. However, so far no attack is known for the full Tiger hash function. It is Simply transform messages or texts to a string of fixed numbers. usually for the purpose of security or data management. And "one way" means that it is almost impossible to extract the text from the original string. Working of Tiger 512bit message block is divided into eight 64bit word X0, X1,X2,X3,X4,X5,X6,X7. Computations in one round consists of three passes and between each of them there is a key schedule. feed-forward stage in which the new values of A B and C are combined with their initial values to give to the next message block. A = 0123456789ABCDEF B = FEDCBA9876543210 C = F096A5B4C3B2E187 C = C XOR X A = A - even(C) B = B + odd(C) B = B * mult Even(C) = T1 c0 XOR T2 c2 XOR T3 c4 XOR T4 c6Odd(C) = T4 c1 XOR T3 c3 XOR T2 c5 XOR T1 c7 Advantages · The main advantage is data structures table is speed. · They can predict the maximum number of entries in early · It is compatible with existing protocols. · Tiger designed to be very fast on modern computers. · Tiger has no usage restrictions nor patents. It can be used freely, with the reference implementation, with other implementations or with a modification to the reference implementation (as long as it still implements Tiger). Disadvantages · More difficult than other types, such as binary search trees · Take a long time and not effective when it is a very small number of entries. · Less efficient for some string processing applications, such as spell check of other known methods of tire. Conclusion In my opinion, data-oriented company should use newer cryptographic hash functions such as BLAKE2, SHA-3, and Tiger because these are really better than the older generation. Newer cryptographic hash functions have more features than old ones. They are improved version of previous cryptographic hash functions. For example, from overall analysis it can be seen that BLAKE2 which is newer cryptographic hash function is much better than older ones. So, it is used by many projects because of its features like security, simplicity and high speed. References Eastlake, Motorola, Jones. "RFC 3174 - US Secure Hash Algorithm 1 (SHA1)", September 2001. URL:http://www.faqs.org/rfcs/rfc3174.html Wikipedia. "SHA-1", March 2002. URL: http://www.wikipedia.org/wiki/SHA-1 Professor Guevara Noubir, Fundamentals of Cryptography: Algorithms, and Security Services. Jerry li, MD5 Message Digest Algorithm. San Jose University, Computer Science department Andrew S. Tanenbaum, Pearson Publication, Fourth edition, Computer Networks. MD5 is faster than SHA-1.Journal Of Omnifarious-Myth. 6 Ross J. Anderson and Eli Biham. TIGER: A Fast New Hash Function. In Dieter Gollmann, editor, FSE, volume 1039 of Lecture Notes in Computer Science, pages 89–97. Springer, 1996. Norbert Pramstaller, Christian Rechberger, and Vincent Rijmen. Exploiting Coding Theory for Collision Attacks on SHA-1. In Nigel P. Smart, editor, IMA Int. Conf., volume 3796 of Lecture Notes in Computer Science, pages 78–95. Springer, 2005. Donghoon Chang, Mridul Nandi, and Moti Yung. Indifferentiability of the Hash Algorithm BLAKE. Cryptology ePrint Archive, Report 2011/623, 2011. http://eprint.iacr.org/ 2011/623. Samuel Neves and Jean-Philippe Aumasson. BLAKE and 256-bit advanced vector extensions. In The Third SHA-3 Candidate Conference, March 2012. Marc Stevens, Alexander Sotirov, Jacob Appelbaum, Arjen K. Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger. Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In Shai Halevi, editor, CRYPTO, volume 5677 of LNCS. Springer, 2009. G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche. Keccak specifications. SHA-3 Algorithm Submission, October 2008. Available: http://keccak.noekeon.org/Keccak-specifications. pdf (2008/11/07).