Fundamental Concepts

of Data Security
W5 - One-Way Hash Function

Le Hai Duong, PhD. ([email protected])

Overview

One-way hash function, also known as cryptographic hash

function, is an essential building block in cryptography.
● generates a number of a fixed size (called hash) from a
message of an arbitrary length.
● useful to many applications
○ password authentication,
○ integrity preservation,
○ to the blockchain technology and Bitcoin
Outline

● Concepts and properties of one-way hash function

● Applications of one-way hash functions
● Message Authentication Code (MAC)
● Blockchain and Bitcoins
● Hash collision attacks
Number guessing game

1. Lecturer and student, each picks 1 number

2. Students show their number
3. Lecturer shows his/her number
4. If the sum of all number is
a. ODD → students win
b. EVEN → lecturer wins
Concepts and
Properties
Cryptographic properties
hash function is any function that can be used to map data of an
arbitrary size to data of a fixed size, and needs to satisfy two important
properties:
👈 a hash function ???
Replay Number guessing game

1. Lecturer picks a number, calculate its hash value H(n), and

publish the hash to the class
2. Students picks their number and show them to the class
3. Lecturer reveals his/her number
4. Everyone calculate the hash H(n) to verify lecturer’s
number
5. If the hash is valid and it is
a. ODD → students win
b. EVEN → lecturer wins
1. What makes the protocol fair for the lecturer?
2. What makes the protocol fair for the lecturer?
3. A potential attack???
 Algorithms MD series

and Programs SHA series

…
The MD (Message Digest) series

● MD2 ← broken & obsolete

● MD4 ← broken & obsolete
● MD5 ← collision resistance property was broken in 2004,
but one-way property has not
→ not good for digital signature
● MD6 ← developed by Ron Rivest and his team, candidate
for SHA-3 but lost; not widely adopted yet
The SHA (Secure Hash Algorithm) Series

Secure Hash Algorithms are a family of cryptographic hash functions

published by the National Institute of Standards and Technology
(NIST).
● SHA-0 ← withdrawn shortly after publication due to an undisclosed
"significant flaw"
● SHA-1 ← 160-bit hash function was designed by the National Security
Agency (NSA); considered as a weak hash function since 2005, and
was recommended not to be used because collision-resistance
property broken
● SHA-2 ← designed by the NSA (SHA-256 and SHA-512)
● SHA-3 ← released by NIST on August 5, 2015 after chose Keccak as
SHA-3; different construction structure than the one used by SHA-1
and SHA-2 (also by MD5)
How Hash Algorithm Works

Merkle-Damgard construction

What distinguish the MD5, SHA- I, and SHA-2 hash functions are
their different compression functions, block sizes, and hash sizes.
One-Way Hash Commands
seed@VM:~/.../Lab2$ md5sum plaintext
6165796b89ff6ddeb242beafcf567dcf plaintext
seed@VM:~/.../Lab2$ sha256sum plaintext
b6ca1009cc6c8d7bfed77672fee88de5d9a9bde49faef5369249d2aa72f81b60
plaintext
seed@VM:~/.../Lab2$ echo -n "6165796b89ff6ddeb242beafcf567dcf" | wc
0 1 32
seed@VM:~/.../Lab2$ echo -n
"b6ca1009cc6c8d7bfed77672fee88de5d9a9bde49faef5369249d2aa72f81b60" |
wc
0 1 64
seed@VM:~/.../Lab2$ echo "64 * 4" | bc
256
seed@VM:~/.../Lab2$ openssl dgst --list
Supported digests:
-blake2b512 -blake2s256 -md4
-md5 -md5-sha1 -mdc2
-ripemd -ripemd160 -rmd160
-sha1 -sha224 -sha256
-sha3-224 -sha3-256 -sha3-384
-sha3-512 -sha384 -sha512
-sha512-224 -sha512-256 -shake128
-shake256 -sm3 -ssl3-md5
-ssl3-sha1 -whirlpool
seed@VM:~/.../Lab2$ openssl dgst -sha256 plaintext
SHA256(plaintext)= b6ca1009cc6c8d7bfed77672fee88de5d9a9bde49faef5369249d2aa72f81b60
seed@VM:~/.../Lab2$ sha256sum plaintext
b6ca1009cc6c8d7bfed77672fee88de5d9a9bde49faef5369249d2aa72f81b60 plaintext
seed@VM:~/.../Lab2$ openssl sha256 plaintext
SHA256(plaintext)= b6ca1009cc6c8d7bfed77672fee88de5d9a9bde49faef5369249d2aa72f81b60

seed@VM:~/.../Lab2$ md5sum plaintext

6165796b89ff6ddeb242beafcf567dcf plaintext
seed@VM:~/.../Lab2$ openssl md5 plaintext
MD5(plaintext)= 6165796b89ff6ddeb242beafcf567dcf
seed@VM:~/.../Lab2$ openssl dgst -md5 plaintext
MD5(plaintext)= 6165796b89ff6ddeb242beafcf567dcf
Check the hash

seed@VM:~/.../Lab2$ openssl dgst -md5 plaintext > plaintext.md5

seed@VM:~/.../Lab2$ openssl dgst -sha256 plaintext > plaintext.sha256
seed@VM:~/.../Lab2$ md5sum -c plaintext.md5
plaintext: OK
seed@VM:~/.../Lab2$ sha256sum -c plaintext.sha256
plaintext: OK

seed@VM:~/.../Lab2$ md5sum plaintext

6165796b89ff6ddeb242beafcf567dcf plaintext
seed@VM:~/.../Lab2$ echo -n "6165796b89ff6ddeb242beafcf567dcf
plaintext" | md5sum -c
plaintext: OK
Computing one-way hash in programs
Applications of
One-Way Hash
Functions
Integrity Verification
seed@VM:~/.../Lab2$ echo -n "Hello world" | sha256sum
64ec88ca00b268e5ba1a35678a1b5316d212f4f366b2477232534a8aeca37f3c -
seed@VM:~/.../Lab2$ echo -n "Hfllo world" | sha256sum
af978301c426a69e0acc5ab28667ac3139d8fdde07d1bf112a2c18c0f901c4b4 -

seed@VM:~/.../Lab2$ openssl dgst -sha256 plaintext > plaintext.sha256

seed@VM:~/.../Lab2$ sha256sum -c plaintext.sha256
plaintext: OK

seed@VM:~/.../Lab2$ sha256sum plaintext

b6ca1009cc6c8d7bfed77672fee88de5d9a9bde49faef5369249d2aa72f81b60
plaintext
seed@VM:~/.../Lab2$ echo -n
"b6ca1009cc6c8d7bfed77672fee88de5d9a9bde49faef5369249d2aa72f81b60
plaintext" | sha256sum -c
plaintext: OK
Thank you for downloading Ubuntu
Desktop | Ubuntu
👈
Committing a Secret Without Telling It

● Due to the collision-resistance property, once the hash is

published, there is no way to change the original message
without being detected.
● We can use these properties to commit a secret without
actually disclosing the secret.
Password Verification
seed@VM:~/.../Lab2$ sudo cat /etc/shadow | grep "\$6" | cut -f1,2 -d":"
seed:$6$n8DimvsbIgU0OxbD$YZ0h1EAS4bGKeUIMQvRhhYFvkrmMQZdr/hB.Ofe3KFZQTgFTcRg
oIoKZdO0rhDRxxaITL4b/scpdbTfk/nwFd0
os:$6$Rc5uIngj0wIl5dUD$D.NPgkkTQqohc4Xm1WELZmm0mCNPtTqsEan54Vr3W7IzNMOOgT/j9
k0J9X1Vg41pmFe89JMkqFWrNeSS4xpYf0

seed@VM:~/.../Lab2$ python
Python 2.7.18 (default, Mar 8 2021, 13:02:45)
[GCC 9.3.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import crypt
>>> print(crypt.crypt('dees', '$6$n8DimvsbIgU0OxbD$'))
$6$n8DimvsbIgU0OxbD$YZ0h1EAS4bGKeUIMQvRhhYFvkrmMQZdr/hB.Ofe3KFZQTgFTcRgoIoKZ
dO0rhDRxxaITL4b/scpdbTfk/nwFd0
Trusted Timestamping

Example: You wrote a 500-page novel and how do you

protect against plagiarism?
● Approach 1: Using a printed media
● Approach 2: using a trusted party
● Another approach: using blockchains
 Message
Authentication
Code (MAC)
Man-In-The-Middle (MITM) attack

attacker can intercept the data from the sender, make

changes, and send the modified data to receiver

How to prevent this type of attack???

Constructing MAC and Potential Attacks

Trial: Incorporate a secret key in one-way hash functions

is to mix the secret with the message, and then hash the
mixture
MAC(K, M) = H(K || M)
 length extension attack

MAC(K, M) = H(K || M)

attacker can compute valid

H(K || M || P || T)
without knowing key K
 Should not try to invent our
own algorithm to generate
hash-based MAC; instead, we
should use standard and
well-established algorithms.
The Keyed-Hash MAC (HMAC) Algorithm

Keyed-hash message authentication code (HMAC)

[Krawczyk et al., 1997) is widely used in various security
protocols, including IPSec and TLS protocols.
seed@VM:~/.../Lab2$ echo -n "My public speech" | openssl dgst -sha256
(stdin)= 4ae2ea6c10e853533599efb9f92923e80429e97b6d98e9252cd6cec649e73bf7

seed@VM:~/.../Lab2$ echo -n "My public speech" | openssl dgst -sha256 -hmac "secretkey"
(stdin)= 22d2d3563b66881361e69460d7400d5603f943262b4c072fa5f12af7a8c8efd6

seed@VM:~/.../Lab2$ echo -n "My public speech" | openssl dgst -sha256 -hmac "secret"
(stdin)= 0f52839c33df5ea643d2d574d90f618537373637539789cbb9089858ee744137
 Blockchain
and Bitcoins
Blockchain
● Blockchain was conceptualized in 2008 by an anonymous
person or group known as Satoshi Nakamoto
● It was implemented in 2009 as a core component of Bitcoin
● A blockchain is a continuously growing list of records, called
blocks, which are linked and secured using cryptography
● A blockchain is typically managed by ledgers in a peer-to-peer
network, not by any central party.
● Once a block is linked and accepted, it is extremely difficult to
modify any record inside the block, because that requires
alteration of all subsequent blocks on the majority of the
ledgers on the peer-to-peer network, i.e., it requires collusion
of the network majority.
● Due to these properties, blockchains are being used in many
applications. Bitcoin is probably the most successful
application of blockchains.
Hash Chain and Blockchain

Block: 0 | Blockchain Explorer

Make Chaining Difficult
Block: 704137 | Blockchain Explorer

H(N || M) → a hash with

xx-bit of leading zeros
Adding Incentives and Bitcoin
Hash Collision
Attacks
Security Impact of Collision Attacks

● Forging fake public-key certificates

● The integrity of programs
● collision attacks have been found against MD5 and SHA-1
Generating Two Different Files with the
Same MDS Hash
seed@VM:~/.../Lab2$ echo "Message prefix" > prefix.txt
seed@VM:~/.../Lab2$ md5collgen -p prefix.txt -o out1.bin out2.bin
MD5 collision generator v1.5
by Marc Stevens (http://www.win.tue.nl/hashclash/)

Using output filenames: 'out1.bin' and 'out2.bin'

Using prefixfile: 'prefix.txt'
Using initial value: 0630714724b14391dc74902f303d5b47

Generating first block: ..............................

Generating second block: S01..
Running time: 160.657 s
seed@VM:~/.../Lab2$ md5sum out1.bin
8d8632b8b2d9b7d388024213a59520fa out1.bin
seed@VM:~/.../Lab2$ md5sum out2.bin
8d8632b8b2d9b7d388024213a59520fa out2.bin
seed@VM:~/.../Lab2$ sha256sum out2.bin
219f39f382915a29f60ee84a208c21de31870b1d60da6d2215b4587baab47d47 out2.bin
seed@VM:~/.../Lab2$ sha256sum out1.bin
ee6cd3ae281e43cf3e6039c5f2c02bb4f6026badebbb82cc8c9c2bfb171ec246 out1.bin
seed@VM:~/.../Lab2$ echo "This is my extension" > suffix.txt
seed@VM:~/.../Lab2$ cat out1.bin suffix.txt > out1_long.bin
seed@VM:~/.../Lab2$ cat out2.bin suffix.txt > out2_long.bin
seed@VM:~/.../Lab2$ md5sum out1_long.bin
611e75a1c1f34a1704ae8dc69b689b1e out1_long.bin
seed@VM:~/.../Lab2$ md5sum out2_long.bin
611e75a1c1f34a1704ae8dc69b689b1e out2_long.bin