CRYPTOGRAPHY AND NETWORK SECURITY – UNIT IV

UNIT – IV

CRYPTOGRAPHIC HASH FUNCTIONS & DIGITAL SIGNATURES

WHAT IS A HASH FUNCTION? WHAT ARE VARIOUS APPLICATIONS OF HASH FUNCTIONS?
EXPLAIN.
A hash function maps a variable length message into a fixed length hash value. This value is
also called as message digest.

APPLICATIONS OF CRYPTOGRAPHIC HASH FUNCTIONS:

Cryptographic hash functions are used in a variety of security applications and Internet
protocols. The following are the applications of hash functions.
1. Message Authentication: Message authentication is a service which is used to
verify the integrity of the message. It assures that the data received are exactly as
sent. When a hash function provides message authentication, the hash function
value is called as message digest.
a. In this the message is concatenated with hash code and is encrypted using
symmetric encryption.
b. In this only the hash code is encrypted. It reduces the processing burden.
c. In this the hash code is concatenated but not encrypted. This is used only for
message authentication. It assumes that the two communicating parties can
share a secret value S. A computes the hash value over the concatenation of M
and S and appends the result to M, because B possess S, it can recomputed the
hash value to verity. Because the secret value itself is not sent, an opponent
cannot modify an intercepted message and cannot generate a false message.
d. Confidentiality can be added to the approach of method (c) by encrypting the
entire message plus the hash code.

::1::
 CRYPTOGRAPHY AND NETWORK SECURITY – UNIT IV

Digital signatures: The operations of digital signature are similar to MAC. In this case the
hash value of the message is encrypted with the user’s private key. Anyone who knows the
user’s public key can verity the integrity of the message that is associated with the digital
signature. In this case the attacker who wishes to alter the message would need to know the
user’s private key.

::2::
 CRYPTOGRAPHY AND NETWORK SECURITY – UNIT IV

a. The hash code is encrypted using public key encryption with the sender’s private
key. It provides authentication because only the sender could have to produce
the encrypted hash code.
b. If confidentiality as well as authentication is needed then the message plus the
private key encrypted hash code can been encrypted using a symmetric secret
key.

2. Other applications: Hash functions are commonly used to create a one-way

password file. In this a hash of a password file is stored by an OS rather than the
password itself. So the actual password is not retrieved by a hacker who fain access
to the password file.

EXPLAIN ABOUT SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC HASH FUNCTIONS.

REQUIREMENT DESCRIPTION

::3::
 CRYPTOGRAPHY AND NETWORK SECURITY – UNIT IV

Variable input size H can be applied to a block of data of any size

Fixed output size H produced a fixed-length output
Efficiency H(x) is relatively easy to computer for any given x,
making both hardware and software implementations
practical
Preimage resistant For any given hash value h, it is computationally
infeasible to find y such that H(y)= h
Second Preimage resistant For any given block x, it is computationally infeasible to
find y # x with H(y) = H(x)
Collision resistant It is computationally infeasible to find any pair (x, y)
such that H(x) = H(y)
Pseudo-randomness Output of H meets standard tests for pseudo-
randomness.

EXPLAIN ABOUT SECURE HASH ALGORITHM. (SHA-512)

This is also known as SHA. SHA was developed by National Institute of Standards and
Technology and published as a Federal Information Processing Standard (FIPS) in 1993. The
initial version of SHA is known as SHA-0. The revised version of SHA-0 is SHA-1. SHA-1
produces a hash value of 160 bits. NIST adds 3 additional versions of SHA i.e. SHA-256,
SHA- 384 and SHA-512. These are designed for compatibility with increased security
provided by the AES cipher. All versions structure and detail is similar to SHA-1 but security
levels are rather higher.

Algorithm:

::4::
 CRYPTOGRAPHY AND NETWORK SECURITY – UNIT IV

This algorithm takes an input message with a maximum length of less than 2 128 bits and
produces 512-bit message digest. The input will be divided into 1024-bit blocks for
processing of message to produce the digest. The steps are as follows;

STEP 1:
Append padding bits: Message is padded with a 1 and as many 0’s as necessary to bring
the message length to 896 congruent modulo 1024.

STEP 2:
Append Length: A block of 128-bits is appended to the message, treated as an unsigned
128-bit integer and it contains the length of the original message. The output of these steps
produces a message of integer multiple of 1024 bits length.

STEP 3:
Initialize hash buffer: A 512-bit buffer is used to store intermediate and final results of the
hash function. The buffer is represented as eight 64-bit (a, b, c, d, e, f, g, h) registers.
These registers are initialized as follows and these values are stored in big-endian format.
STEP 4:
Process message in 1024-bit (128words) blocks: This message will be processed in 80
rounds.

::5::
 CRYPTOGRAPHY AND NETWORK SECURITY – UNIT IV

Each round takes the input from the buffer value and updates the contents of the
buffer.
 In first round the buffers has the value of intermediate hash value.
 Each round makes use of a 64-bit value Wt derived from the current 1024 bit block
being processed.
 In each round an additive constant Ki is used. The constants provide a randomized
set of 64-bit patterns. These constants are predefined.
 The output of the eighth round is added to the input of the first round to produce Hi.
STEP 5:
Output: After all Nx1024 blocks have been processed, the output from the Nth stage is the
512-bit message digest.

::6::
 CRYPTOGRAPHY AND NETWORK SECURITY – UNIT IV

Where,
IV = Initial value of the buffers
abcdefghi = the output of the last round of processing of the ith message block
N = the number of blocks in the message
SUM64 = addition modulo 264 performed separately on each word of the pair of inputs
MD = final message digest value
WHAT ARE VARIOUS REQUIREMENTS OF MESSAGE AUTHENTICATION?
Message authentication is a mechanism used to verify the integrity of a message. A message
authentication code (MAC) is an algorithm that requires the use of a secret key. A MAC takes
a variable length message and a secret key as input and produces an authentication code.
The receiver can generate MAC code by secret key is used to verify the integrity of the
message.

MAC Requirements: While communications across the network the following attacks may
be possible.
 Disclosure: It means the release of message contents to any person.
 Traffic Analysis: It means the discovery of traffic between parties. In connection
oriented application, the frequency and duration of connections could be determined.
In either connection oriented or connection less environment, the number and the
length of messages between parties could be determined.
 Masquerade: It means the messages can came from the fraudulent source. It also
includes fraudulent acknowledgement.
 Content Modification: It means the changes to the contents of the message.
 Sequence Modification: It means modification of sequence of messages between
parties.
 Timing Modification: It means delay or replay of messages.
 Source Repudiation: It means the denial of message by source.
 Destination Repudiation: It means the denial of message by destination.

MAC deals with the attacks like masquerade, content modification, sequence modification,
timing modification. Digital signature is an authentication technique that includes measures
to counter repudiation by the source.

EXPLAIN ABOUT MESSAGE AUTHENTICATION FUNCTIONS.

::7::
 CRYPTOGRAPHY AND NETWORK SECURITY – UNIT IV

Any message authentication or digital signature mechanism has two levels of functionality.
At lower level, a function produces a value to be used to authenticate the message by the
sender. At higher level this lower level value will be used to verify the authenticity of the
message by the receiver. The functions can be grouped into three classes. They are;

Hash Function:
Hash function will takes a variable length message as input and produces a fixed length hash
value, which serves as the authenticator. These are used for message authentication.
Message Encryption:
The cipher text of the entire message serves as its authenticator. It will provide measure of
authentication. Message encryption schemes will be symmetric and public key encryption
schemes.

Message Authentication Code:

MAC function will take a variable length message and secret key as input and produces a
fixed length hash value, which serves as the authenticator. This is also known as
Cryptographic checksum.
MAC = MAC(K, M)
Where,

::8::
 CRYPTOGRAPHY AND NETWORK SECURITY – UNIT IV

M = Input message
K = Secret key
MAC = Message authentication code

The MAC is transmitted to the intended recipient. The receiver performs the same calculation
on the received message, using the same secret key. It will generate a new MAC. This code
is compared with the old MAC. If both are equal then,
 The receiver is assured that the message has not been altered.
 The receiver is assured that the message has been from the alleged sender because
no one else knows the secret key to prepare the message.
 If the message includes a sequence number then the receiver can be assured of the
proper sequence because attacker cannot successfully alter the sequence number.

MAC is similar to encryption but the difference is MAC algorithm need not be reversible.
A. Figure (a) will provide message authentication but not confidentiality.
B. Figure (b) will provide message authentication and confidentiality and authentication
will be tied with plaintext.
C. Figure (c) will provide message authentication and confidentiality and authentication
will be tied with cipher text.

::9::
 CRYPTOGRAPHY AND NETWORK SECURITY – UNIT IV

Explain about MAC based Hash functions. (HMAC)

HMAC means MAC based on Hash Functions. In traditional approach MAC is based on the
use of a symmetric block cipher. In recent years MAC is derived from a cryptographic hash
function. Motivation for hash based MAC’s are as follows;
 Hash functions such as MD5 and SHA-1 are generally faster than DES
 Crypto hash function code is widely available

SHA is not relying on the secret key. HMAC incorporates secret key into an existing hash
algorithm.

HMAC Design objectives:

 Available hash functions will be used without any modification
 To preserve the original performance of hash function
 To use and handle keys in a simple way
 To have well understood cryptographic analysis of the strength of the authentication
mechanism based on reasonable assumptions about the embedded hash function.

HMAC can be expressed as;

Append zeros to the left and of of K to create a b-bit string K+.
1. XOR K+ WITH IPAD TO PRODUCE THE B-BIT BLOCK SI.
2. Append M to Si.
3. Apply H to the stream generated in step 3.
4. XOR with opad to produce the b-bit block .
5. Append the hash result from step 4 to .
6. Apply H to the stream generated in step 6 and output the result.

::10::
 CRYPTOGRAPHY AND NETWORK SECURITY – UNIT IV

WRITE ABOUT DIGITAL SIGNATURES.

A digital signature is an authentication mechanism that enables the sender to attach a code
that acts as a signature. The signature is formed by taking the hash of the message and
encrypting the message with the sender’s private key. This signature guarantees the
integrity of the sender. For this DSS (Digital Signature Standard) algorithm is used.

Message authentication protects sender and receiver who exchange messages from any third
party but is does not protect sender and receiver from each other.

Digital Signature Properties:

 It must verify the author, date and time of the signature
 It must authenticate the contents at the time of the signature
 It must be verifiable by third parties, to resolve disputes

Digital Signature Requirements:

On the basis of properties and for the purpose of denying the attacks, the following
requirements are needed for a digital signature.

::11::
 CRYPTOGRAPHY AND NETWORK SECURITY – UNIT IV

 The signature must be a bit pattern that depends on the message

 The signature must use some information unique to the sender to prevent forgery
and deny
 Must be easy to produce the digital signature
 Must be easy to recognize and verity the digital signature
 Must be computationally infeasible to forge a digital signature
 Must be practical to retain a copy of the digital signature in storage

EXPLAIN ABOUT VARIOUS DIGITAL SIGNATURE SCHEMES.

ELGAMAL DIGITAL SIGNATURE SCHEME:
This scheme requires a prime number and primitive root for that prime number. User
A generates key pair as follows;
 Choose a prime number p
 Choose a primate root for p i.e. ∞
 Generate a random integer XA such that 1< XA < q-1
 Compute YA = ∞ X
A mod q
 A’s private key is XA and public key is [q, ∞ ,YA]
For signing a message A first computes the has m = H(m) such that m is an integer
in the range 0<= m<= q-1. A then forms a digital signature as follows;
1. Choose a random integer K such that 1<=K<=q-1 and gcd(k,q-1)=1
2. Compute S1=ak mod q
3. Compute K-1 mod(q-1)
4. Compute S2=ak-1 (m-XA S1) mod (q -1)
5. The signature consists of the pair (S1, S2)

Any user B can verify the signature as follows.

1. Compute V1 = am mod q
2. Compute V2 = (Ya)S1 (S1)S2 mod q

The signature is valid if V1 = V2.

For example, let us start with the prime field GF(19); that is, q = 19. It has primitive roots {2,
3, 10, 13, 14, 15}, primitive root as 10.

Alice generates a key pair as follows:

1. Alice chooses XA =16
2. Then YA = ∞ X
A mod q = 1016 mod 19 = 4
::12::
 CRYPTOGRAPHY AND NETWORK SECURITY – UNIT IV

3. Alice’s private key is 16;Alice’s pubic key is [19,10,4]

Suppose Bob wants to sign a message with hash value m=14.

1. Bob choose K=5, which is relatively prime to q-1= 18
2. S1 = aKmod q = 105 mod 19 = 3
3. Compute K-1 mod(q-1) = 5-1 mod 18 = 11
4. Compute S2=ak-1 (m-XA S1) mod (q -1) = 11(14-(16)(3)) mod 18= -374 mod 18 = 4

Alice can verify the signature as follows;

1. Compute V1 = am mod q = 1014 mod 19 = 16
2. Compute V2 = (Ya)S1 (S1)S2 mod q = (4)3 (3)4 mod 19 = 5184 mod 19 = 16
So the signature is valid

::13::
 CRYPTOGRAPHY AND NETWORK SECURITY – UNIT IV

This scheme is based on discrete logarithms. In this signature generation is not depended
on the message and it can be done during the idle time of the processor. The generation of
key pair is as follows;

1. Choose primes p and q, such that q is a prime factor of p-1

2. Choose an integer a, such that aq= 1 mod p. The values a, p and q comprise a
global public key that can be common to a group of users.
3. Choose a random integer s with 0 < s < q. This will be used as private key.
4. Calculate v = a-1 mod p. This is used as public key.

A user with private key s and public key v generates a signature as follows;
1. Choose a random integer r with 0< r <q and compute x = ar mod p. This
computation is a preprocessing stage independent of the message M to be
signed.
2. Concatenate the message with and hash the result to compute the value e:
e= H(M || x)
3. Compute y = (r + se)mod q. The signature consists of the pair (e, y).

Any other user can verify the signature as follows;

1. Compute X’ =ayve mod p.
2. Verity that e = H(M||x’)

::14::
 CRYPTOGRAPHY AND NETWORK SECURITY – UNIT IV

EXPLAIN ABOUT DIGITAL SIGNATURE ALGORITHMS.

The DSA Approach
This algorithm provides only digital signature function.

(a) RSA Approach:

o The message to be signed is the input to the hash function. Hash function
generates hash code and then the hash code is encrypted with the private
key of the sender to form the signature. Then both the message and
signature is transmitted.
o The receiver takes the message and produces hash code and then decrypts
the signature received from the sender by using sender’s public key. If both
signatures are matched then the signature is valid and message is accepted
otherwise it is rejected.
(b) DSA Approach:
o The hash code is provided as input to a signature function along with a
random number generated for this particular signature. The signature
function depends on the sender’s private key and a set of parameters. The
resultant signature consists of two components labeled as s and r.
o At the receiver end the hash code of the incoming message is generated.
The hash code and the signature are inputs to a verification function. The
verification function depends on global public key as well as the sender’s
public key. The output of the verification function is the value that is equal
to the signature component r if the signature is valid.

Algorithm:
(a) Global Public Key Components:

::15::
 CRYPTOGRAPHY AND NETWORK SECURITY – UNIT IV

P - Prime number in between 512<= L <=1024 and L is multiple of 64 bits and

in between 512 and 1024 bits.
Q - Prime divisor of (p – 1)
G = h(p-1) / q, h is any integer with 1 < h <(p-1)
(b) User’s Private Key:
X random number with 0 < x < q
(c) User’s Public Key:
Y = gx mod p
(d) User’s Per Message Secret Number:
K random number with 0 < k < q
(e) Signing:
r = (gk mod p) mod q
s = [k-1 (H(M) + xr)] mod q
Signature = (r, s)
(f) Verifying:
W = (s’)-1 mod q
U1 = [H(M’)w] mod q
U2 = (r’) w mod q
V = [gu1yu2) mod p] mod q
TEST: v = r’

Digital Signature Algorithm: (DSA)

DSA is based on the difficulty of computing discrete logarithms.
1. Choose a random primer number q.
2. Choose another prime number p with a length in between 512 and 1024 bits such
that q divides (p-1).
3. Choose g = h(p-1)/r mod p, where h is in between 1 and (p-1) and g > 1.
4. Choose the private key x must be number from 1 to (q-1).
5. Calculate public key y = gx mod p.

::16::
 CRYPTOGRAPHY AND NETWORK SECURITY – UNIT IV

The signature of the message M consists of the pair of numbers r and s, which are the
functions of public key components (p, q, g) and the private key(x), the hash code H(M) and
an additional integer k.
 M, r’, s’ are the received versions of M, r, s respectively.
.

::17::