Alan Kaminsky • Department of Computer Science • Rochester Institute of Technology • 4489 + 2354 = 6833

## Cryptographic One-Way Hash Functions

Prof. Alan Kaminsky
Rochester Institute of Technology -- Department of Computer Science

February 17, 2004

## One-Way Hash Functions

A one-way hash function maps an arbitrary-length input message M to a fixed-length output hash H(M) such that the following properties hold:

• One-way: Given a hash H(M), it is difficult to find the message M.

• Second preimage resistant: Given a message M1, it is difficult to find another message M2 such that H(M1) = H(M2).

• Collision resistant: It is difficult to find two messages M1 and M2 such that H(M1) = H(M2).

Examples of one-way hash functions:

 Hash Algorithm Output Hash Length (bits) Message Digest (MD4) -- insecure 128 MD5 128 Secure Hash Algorithm 1 (SHA-1) 160 SHA-256 256 SHA-384 384 SHA-512 512

## The Secure Hash Algorithm Family

Specification: "Secure Hash Standard," Federal Information Processing Standards Publication 180-2, August 1, 2002.
http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf

An example implementation of SHA-256 in the Computer Science Course Library:
Class edu.rit.crypto.hash.OneWayHash -- Source code
Class edu.rit.crypto.hash.SHA256Hash -- Source code

SHA-256 is a typical iterated hash function. The following diagrams show how it works.

### The Little Functions

σ0(X) = (X right-rotate 7) xor (X right-rotate 18) xor (X right-shift 3)

σ1(X) = (X right-rotate 17) xor (X right-rotate 19) xor (X right-shift 10)

Σ0(X) = (X right-rotate 2) xor (X right-rotate 13) xor (X right-rotate 22)

Σ1(X) = (X right-rotate 6) xor (X right-rotate 11) xor (X right-rotate 25)

Ch(X,Y,Z) = (X and Y) xor ((not X) and Z)

Maj(X,Y,Z) = (X and Y) xor (X and Z) xor (Y and Z)

## Double Hashing

To foil the length extension attack on an iterated hash function:

## Message Authentication Codes

A message authentication code (MAC) is like a one-way hash function, except you need a secret authentication key to compute the MAC:

You can build a MAC using a one-way hash function as a building block. Here is the Hash-MAC (HMAC) as defined in Internet RFC 2104 (http://www.ietf.org/rfc/rfc2104.txt):

## Digital Signatures

It is just as secure, and usually faster, to compute a digital signature on the hash of a message instead of the message itself:

## Encryption and Decryption

You can use a hash function in "counter mode" to generate a keystream to do encryption and decryption:

 Alan Kaminsky • Department of Computer Science • Rochester Institute of Technology • 4489 + 2354 = 6833