Module 10 : Hash Function Digital Signatures

Lecture 1 : Cryptographic hash functions

 

 

Thus ln (2) ⇒ n( n-1) ≥ 2 ln (2)mn (approx.) Q.E.D

Thus to check the strong collision resistance property of a hash function h : M Z where the output is β bits, i.e., | Z | = 2 β we have to test an arbitrary subset of M with cardinality β/2 for collision. So to make this computation difficult for an hacker β is usually set to 160 bits.

It is however, a common misconception that "one-wayness" of a cryptographic hash function means irreversibility of processing of the hash state, and that it somehow contradicts the principles used to construct block ciphers. Such "irreversibility" in fact means presence of local collisions that could facilitate attacks. The hash function must be a permutation processing its state bijectively to be cryptographically secure. It must be irreversible regarding the data block just like any block cipher must be irreversible regarding the key (it should be impossible to find the key that can encrypt a block A into a block B faster than the brute-force). This makes iterated block ciphers and hash functions processing blocks of the same size as secret keys of those block ciphers virtually identical, except the roles of key and data blocks are swapped. All the attacks against the MDx and SHA families of hash functions exploit local collisions in the processing of the data block. The local collisions caused by the final addition operation can also be exploited by these attacks.

 

MDx Hash Function Family

The family of MDx hash function started from MD4 and subsequently extended to MD5 and MD7 . We first explain the principle of MD4 . MD4 converts a message block whose length is modulo 512 bit long to a message digest of 128 bits concatenating contents of 4 registers after 3 rounds. First given a bit string x of arbitrary length it converts it a message M whose length is modulo 512 bits. This is done as follows:

  1. d = (447-| x |) mod 512
  2. Let l denote the binary representation of | x | mod 264. | l |=64
  3. M = x || 1 || 0d|| l .

In the above algorithm | x | denote the length of the bit string x . Thus we see that | x || 1 || 0d | = 448 mod 512. Concatenating l we get | M | as a multiple of 512.