Fundamentals of Information

Security (IT5012)
UNIT - 4 : Hash Functions
 Contents
1. Hash Function and Use of Hash Function
2. The Birthday Problem
3. Non-Cryptographic Hashes
4. Tiger Hash
5. HMAC
 Hash Function
• In hash function H accepts a
variable length, block of input data
called as ‘M’ and produces the fixed
size hash value can be represented,
h = H(M)
 Hash Function
• When hash function provides security this is called cryptographic hash
function.
• Hash function protects the integrity of the message. If encryption process is
apply on message with hash function, it is also provide authentication and
confidentiality.
 Hash Function

• A hash function provides a property that hash function applied on variable

amount of data (M) and then it produces the fixed amount of output data.
 Hash Function
• If any bit or bits changes in the data, then whole hash function output data
will also change.
 Properties of Hash Function
• Compression: As per compression properties, output of the hash function is much
smaller than the size of input.
• Pre-image resistance(one-way): Pre-image resistance means difficult to find the
input from given hash function output.
• i.e., x=H(m). So if x is given, it is difficult to message m.
• Weak Collision Resistance: Given message m1, weak collision resistance means
that it is difficult to produce another message m2 such that H(m1)=H(m2).
• i.e, it means it is infeasible to find two different messages with the same hash
value.
 Properties of Hash Function
• Strong Collision Resistance: Strong collision resistance means that is
difficult to find any two different messages that hash to the same value.
• i.e., it means it is hard to find m1 & m2 such that same hash value H(m1) = H(m2).

• Strong and weak collision resistance are not the same : weak collision
resistance is bound to a particular input, where as, strong collision resistance
applies to any two arbitrary input.
 Characteristics of hash Function

1. It is quick to calculate hash value (h) for any given message. i.e., x = H(m).
2. Hash function (H) can be applied to variable length of data block.
3. A small change in a message should change the hash value.
4. Hash function has one-way property; it is impossible to generate message from
given hash value.
5. The hash function uses all the input data.
6. The hash function "uniformly" distributes the data across the entire set of possible
hash values.
7. The hash function generates very different hash values for similar message
 The Birthday Problem
• Suppose, In a room of 50 people, what is the probability that at least two
people share the same birthday?
OR
• How many people do you need so that the probability of having two people
share the same birthday is > 50% ?
• (This problem is based on probability of mathematics)
 The Birthday Problem
• There are only 365 days in a year.
• Each day of year has equal chance of being somebody’s birthday.
• A person x’s birthday falls on some day say 1st july. If no other people in the
room shares this birthday, then their birthday must be in other 364 days.
 The Birthday Problem
• For probability , p+q =1
• Here p = probability that two persons birthday fall on same day.
• Then q= probability that no person’s birthdays are the same.
• Thus probability that no person’s birthday is same as person
x= (364 /365)^n
• Probability that at least one person has same birthday as person
x = 1-((346/365)^n
 Non-Cryptographic Hashes
Method 1 :
• Suppose input data is, X = (X0 , X1, X2,……, X N-1)
• Where each X i is a byte, we can define hash function h(x) by h(x) = (X0 + X1
+ X2 + …… + X N-1) mod 256
• For example, swapping two bytes will always yield a collision, such as
h(10101010, 00001111) = h(00001111,10101010) = 10111001
 Non-Cryptographic Hashes
Method 2 :
• Consider the data X = (X0 , X1, X2,……, X N-1)
• Where each Xi is a byte. We can define a hash function h(X) by
h(X) = {nX0 +(n-1) X1 +(n-2) X2 + ……+2 X N-2+X N-1} mod 256
• h(10101010,00001111) != (00001111,10101010)
• Easy to construct collision
• For example : h(00000001,00001111)=h(00000000,00010001) = 00010001
 Non-Cryptographic Hashes
• Method 3 Cyclic redundancy check • To detect transmission errors – not
to detect intentional tampering with
the data.
 Tiger Hash
• Cryptographic hash function has two particular hash function :
• 1) MD5 :
• Message Diggest – 5
• Developed by Ron Rivest
• Fast and produces 128 bit message diggest
• 2) SHA-1
• Secure hash algorithm
• Modified version of MD5
• Length of o/p is 160 bit
 Tiger Hash
• Designed by Ross Anderson and Eli Biham – leading cryptographers.
• Design criteria :
• Secure
• Optimized for 64-bit processors
• Easy replacement for MD5 or SHA-1
• Tiger hash consists of 24 rounds, which can be viewed as three outer rounds,
each of which hash eight inner rounds.
 Tiger Hash
• Input to hash function is divided into 512 bit blocks(padded).
• Output is 192 bits (three 64-bit words).
• Intermediate rounds are all 192 bits.
• 4 S-boxes (substitution-box) is used, each maps 8 bits to 64 bits.
• A “key schedule” is used, since there is no key, is applied to the input block.
 Tiger Hash – Tiger Outer Round
• The input X is padded to a multiple of 512 bits and writtern as
X = (X0 , X1, X2,……, X N-1)
• Employs one outer round for each Xi
• Initial (a,b,c) constants
a = 0x0123456789ABCDEF
b = 0xFEDCBA9876543210
c = 0xF096A5B4C3B2E187
• The final (a,b,c) output from one round is the initial triple for the subsequent round
and the final (a,b,c) from the final round is the 192 bit hash value.
Tiger Hash – Tiger Outer Round
• In outer round input to outer
round F5 is (a,b,c).
• The output of F5 as (a,b,c)
• The input to F7 is (c,a,b)
• The input to F9 is (b,c,a)
• Each function Fm consists of eight
inner rounds.
Tiger Hash – Inner Round
• Consists of 8 round inner rounds
• 512 bit input W to fm as w = (w0 , w1,
w2,……, w7 ) where each wi is 64 bits.
• The input values for the fm,i for i =
0,1,2, ……,7 are (a, b, c), (b, c, a), (c, a,
b), (a, b, c), (b, c, a), (c, a, b), (a, b, c), (b,
c, a), respectively, where the output of
fm,i-1 is labeled (a, b, c).
 Tiger Hash – Inner Round
• Each fm,i depends on a,b,c, wi and m
• Input values of a.b.c from previous round.
• Wi is 64 bit sub block of the 512 bit input W.
• Subsription m is multiplier
• C = (C0 , C1, C2,……, C7 )
• Output of fm,i is

• Each Si is s-box: 8 bit mapped to 64 bits.

Tiger Hash – key schedule
• Input is X = (X0 , X1, X2,……, X 7)
• W is one of the input block Xi
• Small change in X will produce large
change in key schedule output.
 HMAC
• Hash-based Message Authentication Code
• HMAC is a type of a message authentication code (MAC) that is acquired by
executing a cryptographic hash function on the data to be authenticated and a secret
shared key.
• HMAC is specified in RFC 2104.
• HMACs are almost similar to digital signatures. They both enforce integrity and
authenticity. They both use cryptography keys. And they both employ hash
functions. The main difference is that digital signatures use asymmetric keys, while
HMACs use symmetric keys.
 HMAC
• HMAC has two obvious approaches are h(K,M) and h(M,K).
• Most cryptographic hashes hash the message in blocks. For MD5, SHA-1
and Tiger, the block size used is 512 bits. As a result, if M = (B1, B2 ), where
each Bi is 512 bit then,
• h(M) = F(F(A, B1 ), B2 ) = F(h( B1 ), B2 )
For some function F, where A is fixed initial constant.
 HMAC
• If M' = (M,X), Trudy might be able to use h(M) = F(F(A, B1 ), B2 ) = F(h( B1
), B2 ) to find h(K, M') from h(K,M) without knowing K.
• h(K, M') = h(K,M,X) = F(h(K,M),X)
• Is h(M,K) better? If it should happen that there is a collision, that is, if there
exists some M' with h(M') = h(M) then by h(M) = F(F(A, B1 ), B2 ) = F(h( B1
), B2 ), we have
• h(M,K) = F(h(M),K) = F(h(M'), K) = h(M' , K) provided that M and M' are each a
multiple of the block size.
• since if such a collision occurs, the hash function is insecure.
 HMAC
• We can prevent both of these potential problems by slightly modifying the
method used to mix the key into the hash.
• Let B be the block length of hash, in bytes. For MD5, SHA-1 and Tiger.
B=64 is define.
• Ipad = 0x36 repeated B times and Opad = 0x5c repeated B times.
• Then HMAC of M is,
• HMAC(M,K) = H(K XOR opad, H(K XOR ipad, M))
HMAC structure