another Ron Rivest contribution arbitrarily long input message block size is

Another ron rivest contribution arbitrarily long

This preview shows page 43 - 52 out of 74 pages.

another Ron Rivest contribution arbitrarily long input message block size is 512 bits 128-bit hash value has been used extensively, but its importance is diminishing brute force attacks 2 64 is not considered secure complexity any more cryptanalytic attacks are reported
Image of page 43
Important Hash Functions SHA-1 Secure Hash Algorithm – 1 NIST standard FIPS PUB 180-1 input size < 2 64 bits hash value size 160 bits brute force attacks are not so probable 2 80 is not-a-bad complexity A Crypto 2005 paper explains an attack against strong collision with 2^69 complexity have raised concerns on its use in future applications Later several other attacks are reported (some of them are partial attaks) Eventually a practical attack is reported by the team at CWI Amsterdam and Google (approx. 2^63 complexity) Paper at - SHAttered.pdf Link
Image of page 44
Important Hash Functions However, NIST had already (in 2002) published FIPS 180-2 to standardize (SHA-2 family) SHA-256, SHA-384 and SHA-512 for compatible security with AES structure & detail is similar to SHA-1 but security levels are rather higher 224 bit (SHA-224) is later added in 2008 as FIPS 180-3 Note: All sizes are measured in bits. SHA-2
Image of page 45
Important Hash Functions SHA-3 In 2007, NIST announced a competition for the SHA-3, next generation NIST hash function Winning design was announced by NIST in October 2, 2012 The winner is Keccak by by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche Different design principles than other SHAs Called Sponge construction However, standardization process is delayed (standard has been published on August 5, 2015) There had been controversies (read the wikipedia page of SHA-3) I am not sure if it is going to replace SHA-2
Image of page 46
Digital Signatures Mechanism for non-repudiation Basic idea use private key on the message to generate a piece of information that can be generated only by yourself because you are the only person who knows your private key public key can be used to verify the signature so everybody can verify Generally signatures are created and verified over the hash of the message Why?
Image of page 47
Generic Digital Signature Model
Image of page 48
Digital Signature – RSA approach M: message to be signed H: Hash function E: RSA Private Key Operation PR a : Sender’s Private Key D: RSA Public Key Operation PU a : Sender’s Public Key E [PR a ,H(M)] Signature of A over M
Image of page 49
Digital Signature – DSA approach DSA: Digital Signature Algorithm NIST standard - FIPS 186 - current revision is 186-4 (2013) Key limit 512 – 1024 bits, only for signature, no encryption Starting186-3, increased up to 3072 based on discrete logarithm problem Message hash is not restored for verification (difference from RSA) M: message to be signed H: Hash function Sig: DSA Signing Operation PR a : Sender’s Private Key Ver: DSA Verification Operation PU a : Sender’s Public Key s, r Sender’s signature over M PU G : Global Public Key components s, r
Image of page 50
Collision resistant hash functions and digital signatures
Image of page 51
Image of page 52

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture