This preview shows pages 1–11. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: HASH FUNCTIONS 1 / 62 What is a hash function? By a hash function we usually mean a map h : D { , 1 } n that is compressing, meaning  D  > 2 n . E.g. D = { , 1 } 2 64 is the set of all strings of length at most 2 64 . h n MD4 128 MD5 128 SHA1 160 RIPEMD 128 RIPEMD160 160 SHA256 256 Skein 256, 512, 1024 2 / 62 Collision resistance (CR) Definition: A collision for h : D { , 1 } n is a pair x 1 , x 2 D of points such that h ( x 1 ) = h ( x 2 ) but x 1 negationslash = x 2 . If  D  > 2 n then the pigeonhole principle tells us that there must exist a collision for h . 3 / 62 Collision resistance (CR) Definition: A collision for h : D { , 1 } n is a pair x 1 , x 2 D of points such that h ( x 1 ) = h ( x 2 ) but x 1 negationslash = x 2 . If  D  > 2 n then the pigeonhole principle tells us that there must exist a collision for h . 3 / 62 Collision resistance (CR) Definition: A collision for h : D { , 1 } n is a pair x 1 , x 2 D of points such that h ( x 1 ) = h ( x 2 ) but x 1 negationslash = x 2 . If  D  > 2 n then the pigeonhole principle tells us that there must exist a collision for h . Function h is collisionresistant if it is computationally infeasible to find a collision. 3 / 62 Function families We consider a family H : { , 1 } k D { , 1 } n of functions, meaning for each K we have a map h = H K : D { , 1 } n defined by h ( x ) = H ( K , x ) Usage: K $ { , 1 } k is made public, defining hash function h = H K . Note the key K is not secret. Both users and adversaries get it. 4 / 62 CR of function families Let H : { , 1 } k D { , 1 } n be a family of functions. A cradversary A for H Takes input a key K { , 1 } k Outputs a pair x 1 , x 2 D of points in the domain of H K A x 1 , x 2 A wins if x 1 , x 2 are a collision for H K , meaning x 1 negationslash = x 2 , and H K ( x 1 ) = H K ( x 2 ) Denote by Adv cr H ( A ) the probability that A wins. 5 / 62 CR of function families Let H : { , 1 } k D { , 1 } n be a family of functions and A a cradversary for H . Game CR H procedure Initialize K $ { , 1 } k Return K procedure Finalize( x 1 , x 2 ) Return ( x 1 negationslash = x 2 H K ( x 1 ) = H K ( x 2 )) Let Adv cr H ( A ) = Pr bracketleftBig CR A H true bracketrightBig . 6 / 62 The measure of success Let H : { , 1 } k D { , 1 } n be a family of functions and A a cr adversary. Then Adv cr H ( A ) = Pr bracketleftBig CR A H true bracketrightBig . is a number between 0 and 1. A large (close to 1) advantage means A is doing well H is not secure A small (close to 0) advantage means A is doing poorly H resists the attack A is mounting 7 / 62 CR security Adversary advantage depends on its strategy resources: Running time t Security: H is CR if Adv cr H ( A ) is small for ALL A that use practical amounts of resources....
View
Full
Document
 Winter '08
 daniele

Click to edit the document details