CSE 4095 Digital Signatures and Hashing 8 1
![CSE 4095 Digital Signatures and Hashing 8 -1 CSE 4095 Digital Signatures and Hashing 8 -1](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-1.jpg)
![Outline v v v Will introduce Diffie-Hellman based encryption Digital Signatures (using ideas from Outline v v v Will introduce Diffie-Hellman based encryption Digital Signatures (using ideas from](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-2.jpg)
![Diffie-Hellman Key Exchange v First published public-key algorithm § “New Directions in Cryptography, ” Diffie-Hellman Key Exchange v First published public-key algorithm § “New Directions in Cryptography, ”](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-3.jpg)
![Diffie-Hellman protocol v Alice and Bob want to construct a private key over a Diffie-Hellman protocol v Alice and Bob want to construct a private key over a](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-4.jpg)
![Security of Diffie-Hellman Protocol v Discrete logarithm problem: Given g, p, and gx mod Security of Diffie-Hellman Protocol v Discrete logarithm problem: Given g, p, and gx mod](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-5.jpg)
![Person-in-the-middle attack ga Alice gc Eve gd Key 1 = gad Bob gb Key Person-in-the-middle attack ga Alice gc Eve gd Key 1 = gad Bob gb Key](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-6.jpg)
![El. Gamal v Invented in 1984 § T. Elgamal, “A public key cryptosystem and El. Gamal v Invented in 1984 § T. Elgamal, “A public key cryptosystem and](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-7.jpg)
![El. Gamal Encryption v Key generation: § Parameters: (safe) prime p and generator g El. Gamal Encryption v Key generation: § Parameters: (safe) prime p and generator g](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-8.jpg)
![El. Gamal example v Key generation: § p=19, g=10 § Private key: x=5 § El. Gamal example v Key generation: § p=19, g=10 § Private key: x=5 §](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-9.jpg)
![About El. Gamal v Security relies on the discrete log problem and not on About El. Gamal v Security relies on the discrete log problem and not on](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-10.jpg)
![Digital Signatures v v In a public key encryption we were providing confidentiality, hiding Digital Signatures v v In a public key encryption we were providing confidentiality, hiding](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-11.jpg)
![Exercise: Signature security v Consider possible security goals and adversary powers for a signature Exercise: Signature security v Consider possible security goals and adversary powers for a signature](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-12.jpg)
![Signature Security v Possible goals: § Recover key § Create new signature for same Signature Security v Possible goals: § Recover key § Create new signature for same](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-13.jpg)
![Constructing Digital Signatures v v v Possible to create a digital signature from the Constructing Digital Signatures v v v Possible to create a digital signature from the](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-14.jpg)
![Diffie-Hellman based Signature Signing Input m, secret key sk. A=x (random value) v Sample Diffie-Hellman based Signature Signing Input m, secret key sk. A=x (random value) v Sample](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-15.jpg)
![Current trends in asymmetric crypto v v v v Both RSA and Diffie-Hellman are Current trends in asymmetric crypto v v v v Both RSA and Diffie-Hellman are](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-16.jpg)
![Hash Functions v v Used to compress length of data Many different applications that Hash Functions v v Used to compress length of data Many different applications that](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-17.jpg)
![Definitions of security v Also known as message digest v Preimage resistant (one-way property): Definitions of security v Also known as message digest v Preimage resistant (one-way property):](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-18.jpg)
![Relationship of properties Strong collision resistance v Weak collision resistance One way Each implication Relationship of properties Strong collision resistance v Weak collision resistance One way Each implication](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-19.jpg)
![Brute force attacks v Why attack to strong collision is much easier? 8 -23 Brute force attacks v Why attack to strong collision is much easier? 8 -23](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-20.jpg)
![Birthday “paradox” v How many people does it take so that the probability that Birthday “paradox” v How many people does it take so that the probability that](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-21.jpg)
![Length of hash function output v Due to birthday attack, the length of hash Length of hash function output v Due to birthday attack, the length of hash](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-22.jpg)
![Construction: iterated hash function 8 -26 Construction: iterated hash function 8 -26](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-23.jpg)
![Iterated hash function v v Partition message into L fixed-size b-bit blocks Compression function Iterated hash function v v Partition message into L fixed-size b-bit blocks Compression function](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-24.jpg)
![Merkle-Damgård construction k Given: compression function F: {0, 1}n x {0, 1}b {0, 1} Merkle-Damgård construction k Given: compression function F: {0, 1}n x {0, 1}b {0, 1}](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-25.jpg)
![Commonly used hash functions v MD 5 v SHA family § SHA-0, SHA-1, SHA-2, Commonly used hash functions v MD 5 v SHA family § SHA-0, SHA-1, SHA-2,](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-26.jpg)
![Compression Function of SHA 2 v v v Have 8 intermediate registers a, …, Compression Function of SHA 2 v v v Have 8 intermediate registers a, …,](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-27.jpg)
![Attacks: MD 5 v MD 4: 128 bits, 1990. Broken v MD 5: 128 Attacks: MD 5 v MD 4: 128 bits, 1990. Broken v MD 5: 128](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-28.jpg)
![Attack: the SHA Family v SHA-0: v made a standard by NIST in 1993 Attack: the SHA Family v SHA-0: v made a standard by NIST in 1993](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-29.jpg)
![SHA-2 v SHA-224, SHA-256, SHA-384, SHA-512 § Outputs 224, 256, 384, and 512 bits, SHA-2 v SHA-224, SHA-256, SHA-384, SHA-512 § Outputs 224, 256, 384, and 512 bits,](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-30.jpg)
![SHA-3 v v v 2007: Request for submissions of new hash functions 2008: Submissions SHA-3 v v v 2007: Request for submissions of new hash functions 2008: Submissions](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-31.jpg)
![Applications of hash functions v Password hashing v Many other applications § Message Integrity Applications of hash functions v Password hashing v Many other applications § Message Integrity](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-32.jpg)
![Review of crypto functionality v Symmetric Encryption: provides confidentiality in the setting where two Review of crypto functionality v Symmetric Encryption: provides confidentiality in the setting where two](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-33.jpg)
- Slides: 33
![CSE 4095 Digital Signatures and Hashing 8 1 CSE 4095 Digital Signatures and Hashing 8 -1](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-1.jpg)
CSE 4095 Digital Signatures and Hashing 8 -1
![Outline v v v Will introduce DiffieHellman based encryption Digital Signatures using ideas from Outline v v v Will introduce Diffie-Hellman based encryption Digital Signatures (using ideas from](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-2.jpg)
Outline v v v Will introduce Diffie-Hellman based encryption Digital Signatures (using ideas from Diffie. Hellman) Hash Functions 8 -2
![DiffieHellman Key Exchange v First published publickey algorithm New Directions in Cryptography Diffie-Hellman Key Exchange v First published public-key algorithm § “New Directions in Cryptography, ”](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-3.jpg)
Diffie-Hellman Key Exchange v First published public-key algorithm § “New Directions in Cryptography, ” 1976 v. A number of commercial products employ this key exchange technique v Purpose: key establishment v Effectiveness: depends on the difficulty of computing discrete logarithms § Given gx mod p hard to determine x 8 -3
![DiffieHellman protocol v Alice and Bob want to construct a private key over a Diffie-Hellman protocol v Alice and Bob want to construct a private key over a](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-4.jpg)
Diffie-Hellman protocol v Alice and Bob want to construct a private key over a public channel. Both agree on a public prime p and generator g modulo p. Alice x, gx gx Bob gy y, gy Both parties compute: gxy mod p Alice does (gy)x mod p Bob does (gx)y mod p 8 -4
![Security of DiffieHellman Protocol v Discrete logarithm problem Given g p and gx mod Security of Diffie-Hellman Protocol v Discrete logarithm problem: Given g, p, and gx mod](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-5.jpg)
Security of Diffie-Hellman Protocol v Discrete logarithm problem: Given g, p, and gx mod p, find x v Diffie-Hellman problem: Given g, p, gx mod p, and gy mod p, find gxy mod p v One way to solve DHP is to solve DLP § Other ways? Not very likely (so far) v Solving DLP seems to be hard for large p 8 -5
![Personinthemiddle attack ga Alice gc Eve gd Key 1 gad Bob gb Key Person-in-the-middle attack ga Alice gc Eve gd Key 1 = gad Bob gb Key](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-6.jpg)
Person-in-the-middle attack ga Alice gc Eve gd Key 1 = gad Bob gb Key 2 = gcb Eve gets to listen to everything. Diffie-Hellman isn’t secure unless you know identity of other party 8 -7
![El Gamal v Invented in 1984 T Elgamal A public key cryptosystem and El. Gamal v Invented in 1984 § T. Elgamal, “A public key cryptosystem and](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-7.jpg)
El. Gamal v Invented in 1984 § T. Elgamal, “A public key cryptosystem and a signature scheme based on discrete logarithms”, Proc. of Crypto, 1984 v Used in digital signature standard (DSS), S/MIME email standard 8 -9
![El Gamal Encryption v Key generation Parameters safe prime p and generator g El. Gamal Encryption v Key generation: § Parameters: (safe) prime p and generator g](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-8.jpg)
El. Gamal Encryption v Key generation: § Parameters: (safe) prime p and generator g § Private key: x § Public key: p, g, y = gx mod p v Encryption (using public key): § § v Can think of Generate random k this as the r = gk mod p (k and r are ephemeral key pair) sender creating a Diffies = yk · m mod p Hellman pair Ciphertext c = (r, s) Decryption: m = s · r −x mod p, s= yk m= rx m r−x = g −kx = y−k mod p 8 -11
![El Gamal example v Key generation p19 g10 Private key x5 El. Gamal example v Key generation: § p=19, g=10 § Private key: x=5 §](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-9.jpg)
El. Gamal example v Key generation: § p=19, g=10 § Private key: x=5 § Public key: p, g, y = 10 5 mod 19=3 v Encryption (using public key) message m=17: § § v Generate random k, suppose k=6 r = gk mod p =106 mod 19=11 s = yk · m mod p =36 *17 mod 19 = 7*17 mod 19=5 Ciphertext c = (11, 5) Decryption: § m = s · r−x mod p = 5*(115 mod 19)-1 mod 19=5*7 -1 mod 19 =5*11 mod 19=17 8 -12
![About El Gamal v Security relies on the discrete log problem and not on About El. Gamal v Security relies on the discrete log problem and not on](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-10.jpg)
About El. Gamal v Security relies on the discrete log problem and not on factoring § Find private key using public key § Discover one time key k v v Ciphertext twice as long as the plaintext Secure random number generator required for k § Non-deterministic encryption: the same plaintext will always result in different ciphertexts 8 -13
![Digital Signatures v v In a public key encryption we were providing confidentiality hiding Digital Signatures v v In a public key encryption we were providing confidentiality, hiding](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-11.jpg)
Digital Signatures v v In a public key encryption we were providing confidentiality, hiding a message from an observer The goal of a digital signature is primarily to provide integrity, be sure that no one has altered a message Alice’s sk signing K A key plaintext signing plaintext, algorithm signature Alice’s vk verification Akey plaintext, verification plaintext signature algorithm 8 -14
![Exercise Signature security v Consider possible security goals and adversary powers for a signature Exercise: Signature security v Consider possible security goals and adversary powers for a signature](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-12.jpg)
Exercise: Signature security v Consider possible security goals and adversary powers for a signature scheme (similar to our exercise for encryption) 8 -15
![Signature Security v Possible goals Recover key Create new signature for same Signature Security v Possible goals: § Recover key § Create new signature for same](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-13.jpg)
Signature Security v Possible goals: § Recover key § Create new signature for same message § Create signature for random message § Create signature for chosen message Known as chosen message unforgeability under chosen message attack (EU-CMA) v Possible capabilities: § See public key § See a single signature § See multiple signatures for random messages § See multiple signatures for chosen messages § See signatures for adaptively chosen messages 8 -16
![Constructing Digital Signatures v v v Possible to create a digital signature from the Constructing Digital Signatures v v v Possible to create a digital signature from the](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-14.jpg)
Constructing Digital Signatures v v v Possible to create a digital signature from the factoring and discrete logarithm assumptions Don’t assume that swapping encryption and decryption will give you a digital signature algorithm Often requires use of a cryptographic hash function (later this class) 8 -17
![DiffieHellman based Signature Signing Input m secret key sk Ax random value v Sample Diffie-Hellman based Signature Signing Input m, secret key sk. A=x (random value) v Sample](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-15.jpg)
Diffie-Hellman based Signature Signing Input m, secret key sk. A=x (random value) v Sample random value k v Compute r = gk mod p v Compute s = (H(m) - sk. A*r)/k mod p v Output (r, s) Verification: Input m, r, s, pk. A =gx v Check if g. H(m) = pk. Ar*rs mod p =gxr*gks = gxr*gk(H(m) - sk. A*r)/k= = gxr*g(H(m) - x*r)=g. H(m) 8 -18
![Current trends in asymmetric crypto v v v v Both RSA and DiffieHellman are Current trends in asymmetric crypto v v v v Both RSA and Diffie-Hellman are](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-16.jpg)
Current trends in asymmetric crypto v v v v Both RSA and Diffie-Hellman are showing their 40 year age Cryptanalytic attacks are getting better Increasing key size frequently is difficult (for usability reasons) Quantum computers can efficiently break both schemes Still primary mechanisms on the internet Timing and side-channels are major problems Researchers are designing new systems that are resistant to quantum computer attacks 8 -19
![Hash Functions v v Used to compress length of data Many different applications that Hash Functions v v Used to compress length of data Many different applications that](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-17.jpg)
Hash Functions v v Used to compress length of data Many different applications that require different properties Denoted H: {0, 1}*-> {0, 1}256 (may have different length output 80, 128, 512) Should be easy to compute 8 -20
![Definitions of security v Also known as message digest v Preimage resistant oneway property Definitions of security v Also known as message digest v Preimage resistant (one-way property):](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-18.jpg)
Definitions of security v Also known as message digest v Preimage resistant (one-way property): given H(m), but not m, it is find an m. Second preimage resistant (weak collision resistant): Given m 1, it is difficult to find m 2 s. t. H(m 2)=H(m 1). (Strong) Collision resistant: Computationally infeasible to find m 1, m 2, s. t. H(m 1)=H(m 2) v v 8 -21
![Relationship of properties Strong collision resistance v Weak collision resistance One way Each implication Relationship of properties Strong collision resistance v Weak collision resistance One way Each implication](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-19.jpg)
Relationship of properties Strong collision resistance v Weak collision resistance One way Each implication is proper (unless the input size is small), there are: weak collision resistant functions that aren’t strong One-way resistant functions that aren’t weak 8 -22
![Brute force attacks v Why attack to strong collision is much easier 8 23 Brute force attacks v Why attack to strong collision is much easier? 8 -23](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-20.jpg)
Brute force attacks v Why attack to strong collision is much easier? 8 -23
![Birthday paradox v How many people does it take so that the probability that Birthday “paradox” v How many people does it take so that the probability that](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-21.jpg)
Birthday “paradox” v How many people does it take so that the probability that two of them share the same birthday is larger than 50%? 0, 6 0, 5 0, 4 0, 3 0, 2 0, 1 0 Same birthday as me Birthday problem 0 20 40 § 23 v Same • birthday as me? For hash function with n-bit output, it suffices to test 1. 2 x 2 n/2 inputs to find a collision. 8 -24
![Length of hash function output v Due to birthday attack the length of hash Length of hash function output v Due to birthday attack, the length of hash](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-22.jpg)
Length of hash function output v Due to birthday attack, the length of hash outputs in general should double the key length of block ciphers § SHA-256, SHA-384, SHA-512 to match the new key lengths (128, 192, 256) in AES 8 -25
![Construction iterated hash function 8 26 Construction: iterated hash function 8 -26](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-23.jpg)
Construction: iterated hash function 8 -26
![Iterated hash function v v Partition message into L fixedsize bbit blocks Compression function Iterated hash function v v Partition message into L fixed-size b-bit blocks Compression function](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-24.jpg)
Iterated hash function v v Partition message into L fixed-size b-bit blocks Compression function f: take two inputs § Chaining variable (n bits) from previous step § b-bit block, b > n (compression) § Can be constructed from block ciphers, must be collision resistant v Motivation § If the compression function is collision resistant, then so is the iterated hash function § Designing secure hash function reduces to designing collision-resistant compression function that takes fixed-size input 8 -27
![MerkleDamgård construction k Given compression function F 0 1n x 0 1b 0 1 Merkle-Damgård construction k Given: compression function F: {0, 1}n x {0, 1}b {0, 1}](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-25.jpg)
Merkle-Damgård construction k Given: compression function F: {0, 1}n x {0, 1}b {0, 1} n; n-bit constant IV Input: message M 1. Break M into b-bit blocks, M 1, …, Mk; add padding if necessary 2. Let Mk+1 be encoding of |M| 3. Let h 0=IV 8 -28 4. Let h =F(h , M ), i=1, …, k+1, output h
![Commonly used hash functions v MD 5 v SHA family SHA0 SHA1 SHA2 Commonly used hash functions v MD 5 v SHA family § SHA-0, SHA-1, SHA-2,](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-26.jpg)
Commonly used hash functions v MD 5 v SHA family § SHA-0, SHA-1, SHA-2, and v SHA-3 (different construction paradigm) v Whirlpool v Tiger v RIPEMD-128, 160, 256, 320 § Improved version of RIPEMD 8 -29
![Compression Function of SHA 2 v v v Have 8 intermediate registers a Compression Function of SHA 2 v v v Have 8 intermediate registers a, …,](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-27.jpg)
Compression Function of SHA 2 v v v Have 8 intermediate registers a, …, h Kj are constants for the round and Wj are the message This function is computed 64 times (in SHA 256) 8 -30
![Attacks MD 5 v MD 4 128 bits 1990 Broken v MD 5 128 Attacks: MD 5 v MD 4: 128 bits, 1990. Broken v MD 5: 128](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-28.jpg)
Attacks: MD 5 v MD 4: 128 bits, 1990. Broken v MD 5: 128 bits, 1992. Wide Usage. v Flaw found in 1996, collision attacks in 2004 v Current best attacks: Xie-Feng (2009) in 220 v Preimage attacks : still hard ~ 2123. 4 (Sasaki-Aoki) 8 -31
![Attack the SHA Family v SHA0 v made a standard by NIST in 1993 Attack: the SHA Family v SHA-0: v made a standard by NIST in 1993](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-29.jpg)
Attack: the SHA Family v SHA-0: v made a standard by NIST in 1993 § based on Merkle-Damgard design. 160 bits § In 1998 collisions against SHA-0 were demonstrated in 261 steps SHA-1: US standard [NIST, FIPS PUB 180 -1] § 160 -bit message digest § Collisions were found in 269 steps Wang, Yin, Yu, Crypto 2005 § NIST requires federal agencies to move to SHA-2 after 2010 § SHA-1 was considered broken 8 -32
![SHA2 v SHA224 SHA256 SHA384 SHA512 Outputs 224 256 384 and 512 bits SHA-2 v SHA-224, SHA-256, SHA-384, SHA-512 § Outputs 224, 256, 384, and 512 bits,](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-30.jpg)
SHA-2 v SHA-224, SHA-256, SHA-384, SHA-512 § Outputs 224, 256, 384, and 512 bits, respectively § No real security concerns, yet v Similar design principle as SHA-1 (and MD 5) 8 -33
![SHA3 v v v 2007 Request for submissions of new hash functions 2008 Submissions SHA-3 v v v 2007: Request for submissions of new hash functions 2008: Submissions](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-31.jpg)
SHA-3 v v v 2007: Request for submissions of new hash functions 2008: Submissions deadline. Received 64 entries. Announced first-round selections of 51 candidates 2009: First SHA-3 candidate conference in Feb. Announced 14 Second Round Candidates in July 2010: After one year public review of the algorithms, the second SHA-3 candidate conference was held in Aug. Announced 5 thirdround candidates in Dec 2011: Public comment for final round 8 -34
![Applications of hash functions v Password hashing v Many other applications Message Integrity Applications of hash functions v Password hashing v Many other applications § Message Integrity](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-32.jpg)
Applications of hash functions v Password hashing v Many other applications § Message Integrity § § Digital signature Pseudo-random string generation/key derivation Commitment … v Message authentication codes (MAC) can be built out of hash functions provide “symmetric” signatures 8 -35
![Review of crypto functionality v Symmetric Encryption provides confidentiality in the setting where two Review of crypto functionality v Symmetric Encryption: provides confidentiality in the setting where two](https://slidetodoc.com/presentation_image_h2/fc424b004a9189dc30e632996e21ca10/image-33.jpg)
Review of crypto functionality v Symmetric Encryption: provides confidentiality in the setting where two parties share a cryptographic key § Needs to be construction from block cipher, mode of operation matters v v Message authentication code: provides integrity in the setting where two parties share a cryptographic key Public-key encryption: provides confidentiality where receiver’s identity is public Digital signature: provides integrity when sender’s identity is public Hash function: provides fixed length representation of data, hard to find collisions or preimages 8 -36
Modulus function c++
What is static hashing in dbms
Static and dynamic hashing in dbms
Vlan id 4095
Distinguish between extendible and linear hashing
Dsa
Battle ends and down goes
Spectral signatures
Compact multi-signatures for smaller blockchains
Exchange 2007 signatures
Uncitral model law on electronic transferable records
Intruders use virus signatures fabricate
Order of sharos
Uncitral model law on international commercial arbitration
Ocaml signatures
Natural selection
Encoding encryption and hashing
Probability theory in hashing and load balancing
טבלת גיבוב
Open and closed hashing
Password hashing and preprocessing
Password hashing and preprocessing
E-commerce: digital markets, digital goods
Metode hashing
Static hashing
Hashing
Double hashing
Linear probing
Linear hashing example
Hash multiplication method
Mid square hashing in data structure
Double hashing
Re-hashing
Hashing exercises