Alan Kaminsky Department of Computer Science Rochester Institute of Technology 4487 + 2349 = 6836
Home Page

Cryptographic One-Way Hash Functions

Prof. Alan Kaminsky
Rochester Institute of Technology -- Department of Computer Science

February 17, 2004

One-Way Hash Functions
The Secure Hash Algorithm Family
Double Hashing
Message Authentication Codes
Digital Signatures
Encryption and Decryption


One-Way Hash Functions

A one-way hash function maps an arbitrary-length input message M to a fixed-length output hash H(M) such that the following properties hold:

Examples of one-way hash functions:

Hash Algorithm Output Hash Length (bits)
Message Digest (MD4) -- insecure 128
MD5 128
Secure Hash Algorithm 1 (SHA-1) 160
SHA-256 256
SHA-384 384
SHA-512 512


The Secure Hash Algorithm Family

Specification: "Secure Hash Standard," Federal Information Processing Standards Publication 180-2, August 1, 2002.
http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf

An example implementation of SHA-256 in the Computer Science Course Library:
Class edu.rit.crypto.hash.OneWayHash -- Source code
Class edu.rit.crypto.hash.SHA256Hash -- Source code

SHA-256 is a typical iterated hash function. The following diagrams show how it works.
 
 

Top-Level Function


 
 

Iterated Hash Function Structure


 
 

Compression Function


 
 

Message Expansion Function


 
 

Round Function


 
 

The Little Functions

σ0(X) = (X right-rotate 7) xor (X right-rotate 18) xor (X right-shift 3)

σ1(X) = (X right-rotate 17) xor (X right-rotate 19) xor (X right-shift 10)

Σ0(X) = (X right-rotate 2) xor (X right-rotate 13) xor (X right-rotate 22)

Σ1(X) = (X right-rotate 6) xor (X right-rotate 11) xor (X right-rotate 25)

Ch(X,Y,Z) = (X and Y) xor ((not X) and Z)

Maj(X,Y,Z) = (X and Y) xor (X and Z) xor (Y and Z)
 
 


Double Hashing

To foil the length extension attack on an iterated hash function:


Message Authentication Codes

A message authentication code (MAC) is like a one-way hash function, except you need a secret authentication key to compute the MAC:


 
 

You can build a MAC using a one-way hash function as a building block. Here is the Hash-MAC (HMAC) as defined in Internet RFC 2104 (http://www.ietf.org/rfc/rfc2104.txt):


Digital Signatures

It is just as secure, and usually faster, to compute a digital signature on the hash of a message instead of the message itself:


Encryption and Decryption

You can use a hash function in "counter mode" to generate a keystream to do encryption and decryption:

Alan Kaminsky Department of Computer Science Rochester Institute of Technology 4487 + 2349 = 6836
Home Page
Copyright © 2004 Alan Kaminsky. All rights reserved. Last updated 17-Feb-2004. Please send comments to ark­@­cs.rit.edu.