{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

# lec6 - Hash functions What is a hash function Arbitrary...

This preview shows pages 1–13. Sign up to view the full content.

Hash functions

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
What is a hash function? Arbitrary length input, Fxed length output efFcient one-wayness, 2nd preimage resistance, collision resistance What else?
Probability Recall that MD5 outputs 128-bit bitstrings. What is the probability that MD5(“a”)=0cc175b9c0f1b6a831c399e269772661 ? Answer: 1 (I tested it yesterday.)

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
A random function? A hash function is a deterministic function, usually with a published succinct algorithm. As soon as Ron Rivest Fnalized his design, everything is determined and there’s nothing really random about it!
Heuristically random? But we still regard hash functions more or less ‘random’. The intuition is like: A hash function ‘mixes up’ the input too throughly, so for any x, unless you explicitly compute H(x), you have no idea about any bit of H(x) any better than pure guess

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Heuristically random? We want more or less: Even if x & x’ are different in 1 bit, H(x) & H(x’) should be independent (input is thoroughly mixed) The best way to learn anything about H(x) is to compute H(x) directly Knowing other H(y) doesn’t help
How to design a hash function Phase 1: Design a ‘compression function’ Which compresses only a single block of Fxed size to a previous state variable Phase 2: ‘Combine’ the action of the compression function to process messages of arbitrary lengths Similar to the case of encryption schemes

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Merkle-Damgård scheme The most popular and straightforward method for combining compression functions
Merkle-Damgård scheme h(s, x): the compression function s: ‘state’ variable in {0,1} n x: ‘message block’ variable in {0,1} m s 0 =IV, s i =h(s i-1 , x i ) H(x 1 ||x 2 ||. ..||x n )=h(h(. ..h(IV,x 1 ),x 2 )...,x n )=s n

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Merkle-Damgård strengthening In the previous version, messages should be of length divisible by m, the block size a padding scheme is needed: x||p for some string p so that m | len(x||p) Merkle-Damgård strengthening: encode the message length len(x) into the padding string p
Strengthened Merkle-Damgård

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
Collision resistance If the compression function is collision resistant, then strengthened Merkle- Damgård hash function is also collision resistant Collision of compression function: f(s, x)=f(s’, x’) but (s, x) (s’, x’)
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

### Page1 / 52

lec6 - Hash functions What is a hash function Arbitrary...

This preview shows document pages 1 - 13. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online