3.hash-MAC

3.hash-MAC - Cryptographic Hash Functions and Message...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Cryptographic Hash Functions and Message Authentication Codes Reading: Chapter 4 of Katz & Lindell
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
A function mapping from a domain to a smaller range (thus not injective). Applic ations: Fast lookup (hash tables) Error detection/correctio n Cryptography: c rp yt o Hash function i i i Others Different applications require different graphi kinds of c hash hash functio funct s ns ion . i
Background image of page 2
** : , | | | |. E.g., :{0,1} {0,1} , , {0,1} , . In the last case, is also called a . For c Hash f compression func unct tio ons n r i: Cryptographic hash function n n kl hX Y X Y hh Z hk l h •→ > →> () yptographic applications, ( ) is intended to be a fingerprint or digest of . A classical application is to store as (username, password) username, (pa to protect the sec ss recy of the word) hm m h password. For this application, what property is required of ? h
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Pre-image: if ( ) , is a pre-image of . Each hash value typically has multiple pre-images. Collision: a pair of ( , ), , s.t. ( ) ( ). A hash func tion is s Security requirements hm y m y mm m m h = ′′ = aid to be: if given a hash value , it is computationally infeasible Pre-image resistant: Second pre-image resi to find a pre-image of . if given a message , it is stan i t nfe : y y m i i Collision resist asible to find a second pre-image of ( ). if it is infeasible to find a co a llision. nt: yh m = i
Background image of page 4
Pre-image resistance and second pre-image resistance can be defined in a similar fashion. Loosely speaking, Collision resistant Second pre-image resistant Remarks cryptogra phic hash function Pre-image resistant A is a hash function that is collisi Definit on resistant. ion:
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
In practice, a fixed hash function is used. However, there is a technical difficulty in defining collision-resistance for a hash func fixed ti Not easy to formally define collision-resistance h * ev on ery . Try this "definition": A hash function :{0,1} {0,1} is if for polynomial-time algorithm , Pr[ successfully produc collisi es a co on-res llisio is n tant for ] ( ) n h h h A Ah n e g l n * , , ,, . Problem with this definition: For , {0,1} , , let denote the algorithm that prints ( , ). Each is a polynomial-time algorithm. For any , t s. . mm m m m A A hA A ′′ ∈≠ i i outputs a collision with probability 1. m
Background image of page 6
{} *( ) Instead of a hash function, we define a family of hash functions : , where :{0,1} {0,1} , to be collision-resistant i single Collision-resistant hash functions ln sn s hs I h ∈→ f for all polynomial-time algorithms , there exists a negligible function such that Pr (1 ) produces a collision for : ( ). is a set of indexes. For instance, {0, s n nn h A negl Ah s I n e g l n II ⎡⎤ ←≤ ⎣⎦ = 1} . ( ) is a fixed polynomial. For instance, ( ) . n n =
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Pr (1 ) produces a collision Pr (1 ) produces a collision for : = Pr[ ] = the probability that is able to produce a expecte collisi for d on fo Remarks s n s n sn sI h n s h Ah s I s A ⎡⎤ ⎣⎦ r a randomly picked hash function .
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 41

3.hash-MAC - Cryptographic Hash Functions and Message...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online