100%(1)1 out of 1 people found this document helpful
This preview shows page 43 - 52 out of 74 pages.
another Ron Rivest contribution–arbitrarily long input message•block size is 512 bits–128-bit hash valuehas been used extensively, but its importance is diminishing–brute force attacks•264is not considered secure complexity any more–cryptanalytic attacks are reported
Important Hash FunctionsSHA-1–Secure Hash Algorithm – 1–NIST standard•FIPS PUB 180-1–input size < 264bits–hash value size 160 bits•brute force attacks are not so probable–280is not-a-bad complexity–A Crypto 2005 paper explains an attack against strong collision with 2^69 complexity •have raised concerns on its use in future applications–Later several other attacks are reported (some of them are partial attaks)–Eventually a practical attack is reported by the team at CWI Amsterdam and Google (approx. 2^63 complexity)•Paper at -SHAttered.pdf•Link
Important Hash FunctionsHowever, NIST had already (in 2002) published FIPS 180-2 to standardize (SHA-2 family)–SHA-256, SHA-384 and SHA-512–for compatible security with AES–structure & detail is similar to SHA-1–but security levels are rather higher–224 bit (SHA-224) is later added in 2008 as FIPS 180-3Note: All sizes are measured in bits.SHA-2
Important Hash FunctionsSHA-3–In 2007, NIST announced a competition for the SHA-3, next generation NIST hash function–Winning design was announced by NIST in October 2, 2012–The winner is Keccakby by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche–Different design principles than other SHAs •Called Spongeconstruction–However, standardization process is delayed (standard has been published on August 5, 2015)–There had been controversies (read the wikipedia page of SHA-3)–I am not sure if it is going to replace SHA-2
Digital SignaturesMechanism for non-repudiationBasic idea–use private key on the message to generate a piece of information that can be generated only by yourself•because you are the only person who knows your private key–public key can be used to verify the signature•so everybody can verifyGenerally signatures are created and verified over the hash of the message–Why?
Generic Digital Signature Model
Digital Signature – RSA approachM: message to be signedH: Hash functionE: RSA Private Key OperationPRa: Sender’s Private KeyD: RSA Public Key OperationPUa: Sender’s Public KeyE [PRa,H(M)] Signature of A over M
Digital Signature – DSA approachDSA: Digital Signature Algorithm–NIST standard - FIPS 186 - current revision is 186-4 (2013)–Key limit 512 – 1024 bits, only for signature, no encryption•Starting186-3, increased up to 3072–based on discrete logarithm problem–Message hash is not restored for verification (difference from RSA)M: message to be signedH: Hash functionSig: DSA Signing OperationPRa: Sender’s Private KeyVer: DSA Verification OperationPUa: Sender’s Public Keys, r Sender’s signature over MPUG: Global Public Key componentss, r
Collision resistant hash functions and digital signatures