This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: Chapter 6 Hash Functions A hash function usually means a function that compresses, meaning the output is shorter than the input. Often, such a function takes an input of arbitrary or almost arbitrary length to one whose length is a fixed number, like 160 bits. Hash functions are used in many parts of cryptography, and there are many different types of hash functions, with differing security properties. We will consider them in this chapter. 6.1 The hash function SHA1 The hash function known as SHA1 is a simple but strange function from strings of almost arbitrary length to strings of 160 bits. The function was finalized in 1995, when a FIPS (Federal Information Processing Standard) came out from the US National Institute of Standards that specified SHA1. Let { , 1 } <ℓ denote the set of all strings of length strictly less than ℓ . The function SHA1 : { , 1 } < 2 64 → { , 1 } 160 is shown in Fig. 6.1. (Since 2 64 is a very large length, we think of SHA1 as taking inputs of almost arbitrary length.) It begins by padding the message via the function shapad , and then iterates the compression function sha1 to get its output. The operations used in the algorithms of Fig. 6.1 are described in Fig. 6.2. (The first input in the call to SHF1 in code for SHA1 is a 128 bit string written as a sequence of four 32bit words, each word being consisting of 8 hexadecimal characters. The same convention holds for the initialization of the variable V in the code of SHF1 .) SHA1 is derived from a function called MD4 that was proposed by Ron Rivest in 1990, and the key ideas behind SHA1 are already in MD4 . Besides SHA1 , another wellknown “child” of MD4 is MD5 , which was likewise proposed by Rivest. The MD4 , MD5 , and SHA1 1 algorithms are all quite similar in structure. The first two produce a 128bit output, and work by “chaining” a compression function that goes from 512+128 bits to 128 bits, while SHA1 produces a 160 bit output and works by chaining a compression function from 512 + 160 bits to 160 bits. So what is SHA1 supposed to do? First and foremost, it is supposed to be the case that nobody can find distinct strings M and M ′ such that SHA1 ( M ) = SHA1 ( M ′ ). This property is called collision resistance . Stop for a moment and think about the collisionresistance requirement, for it is really quite amazing to think that such a thing could be possible. The function SHA1 maps strings of (almost) any length to strings of 160 bits. So even if you restricted the domain of SHA1 just to “short” strings—let us say strings of length 256 bits—then there must be an enormous number of pairs of 2 HASH FUNCTIONS algorithm SHA1 ( M ) //  M  < 2 64 V ← SHF1 ( 5A827999 bardbl 6ED9EBA1 bardbl 8F1BBCDC bardbl CA62C1D6 , M ) return V algorithm SHF1 ( K,M ) //  K  = 128 and  M  < 2 64 y ← shapad ( M ) Parse y as M 1 bardbl M 2 bardbl ··· bardbl M n where  M i  = 512 (1 ≤ i ≤ n ) V ← 67452301 bardbl EFCDAB89 bardbl 98BADCFE bardbl...
View
Full
Document
This note was uploaded on 08/31/2011 for the course CSE 207 taught by Professor Daniele during the Winter '08 term at UCSD.
 Winter '08
 daniele

Click to edit the document details