s-hash

s-hash - HASH FUNCTIONS 1 / 62 What is a hash function? By...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: HASH FUNCTIONS 1 / 62 What is a hash function? By a hash function we usually mean a map h : D { , 1 } n that is compressing, meaning | D | > 2 n . E.g. D = { , 1 } 2 64 is the set of all strings of length at most 2 64 . h n MD4 128 MD5 128 SHA1 160 RIPEMD 128 RIPEMD-160 160 SHA-256 256 Skein 256, 512, 1024 2 / 62 Collision resistance (CR) Definition: A collision for h : D { , 1 } n is a pair x 1 , x 2 D of points such that h ( x 1 ) = h ( x 2 ) but x 1 negationslash = x 2 . If | D | > 2 n then the pigeonhole principle tells us that there must exist a collision for h . 3 / 62 Collision resistance (CR) Definition: A collision for h : D { , 1 } n is a pair x 1 , x 2 D of points such that h ( x 1 ) = h ( x 2 ) but x 1 negationslash = x 2 . If | D | > 2 n then the pigeonhole principle tells us that there must exist a collision for h . 3 / 62 Collision resistance (CR) Definition: A collision for h : D { , 1 } n is a pair x 1 , x 2 D of points such that h ( x 1 ) = h ( x 2 ) but x 1 negationslash = x 2 . If | D | > 2 n then the pigeonhole principle tells us that there must exist a collision for h . Function h is collision-resistant if it is computationally infeasible to find a collision. 3 / 62 Function families We consider a family H : { , 1 } k D { , 1 } n of functions, meaning for each K we have a map h = H K : D { , 1 } n defined by h ( x ) = H ( K , x ) Usage: K $ { , 1 } k is made public, defining hash function h = H K . Note the key K is not secret. Both users and adversaries get it. 4 / 62 CR of function families Let H : { , 1 } k D { , 1 } n be a family of functions. A cr-adversary A for H Takes input a key K { , 1 } k Outputs a pair x 1 , x 2 D of points in the domain of H K A x 1 , x 2 A wins if x 1 , x 2 are a collision for H K , meaning x 1 negationslash = x 2 , and H K ( x 1 ) = H K ( x 2 ) Denote by Adv cr H ( A ) the probability that A wins. 5 / 62 CR of function families Let H : { , 1 } k D { , 1 } n be a family of functions and A a cr-adversary for H . Game CR H procedure Initialize K $ { , 1 } k Return K procedure Finalize( x 1 , x 2 ) Return ( x 1 negationslash = x 2 H K ( x 1 ) = H K ( x 2 )) Let Adv cr H ( A ) = Pr bracketleftBig CR A H true bracketrightBig . 6 / 62 The measure of success Let H : { , 1 } k D { , 1 } n be a family of functions and A a cr adversary. Then Adv cr H ( A ) = Pr bracketleftBig CR A H true bracketrightBig . is a number between 0 and 1. A large (close to 1) advantage means A is doing well H is not secure A small (close to 0) advantage means A is doing poorly H resists the attack A is mounting 7 / 62 CR security Adversary advantage depends on its strategy resources: Running time t Security: H is CR if Adv cr H ( A ) is small for ALL A that use practical amounts of resources....
View Full Document

Page1 / 78

s-hash - HASH FUNCTIONS 1 / 62 What is a hash function? By...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online