Untitled Quiz

Questions and Answers

What is the approximate time it takes for Eve to launch an attack using a hash function with a 64-bit digest?

• 1 week
• 1 month
• 1 hour (correct)
• 1 day

How many tests does the adversary need to perform a collision attack on MD5?

• 264 (correct)
• 230
• 280
• 232

What is the digest size of the hash function SHA-1?

• 512 bits
• 160 bits (correct)
• 256 bits
• 128 bits

What is the primary design difference between SHA-1 and the revised Secure Hash Standard versions?

The revised versions provide higher security levels. (A)

How long does it take to launch an attack on SHA-1 assuming the adversary can perform $2^{30}$ tests per second?

10,000 years (C)

What size is the digest produced by the new hash function SHA-512?

512 bits (A)

How many rounds does the SHA-512 compression function consist of?

80 rounds (C)

From what values are the round constants in SHA-512 derived?

First 80 prime numbers (A)

Why is a message authentication code (MAC) needed?

To prove the sender's identity. (A)

What does a modification detection code (MDC) assure?

The message has not been modified. (D)

What is the output size of SHA-512 hash values?

512 bits (D)

What is processed in 1024-bit blocks during SHA-512 computation?

Message data (A)

What is the approximate number of tests required to find a collision using SHA-512?

2256 (A)

Which function is NOT part of the round structure in SHA-512?

Binary search function (B)

Which of the following describes the SHA-256 hashing process?

It is more secure than SHA-1. (B)

What is the leftmost hexadecimal digit of the result when applying the Majority function on buffers with values 0x7, 0xA, and 0xE?

0xE (C)

What is the primary purpose of a message digest (MDC) in message transmission?

To ensure the message has not changed during transmission (D)

Which of the following is NOT a concern of message authentication?

Ensuring message confidentiality (A)

How does symmetric message encryption contribute to authentication?

By ensuring only the sender and receiver know the key used (C)

In public-key encryption, what can provide both secrecy and authentication?

Signing the message with the sender's private key and encrypting with the recipient's public key (A)

What happens to the size of a message during the signing and encryption process using public-key encryption?

The size may double due to encryption and signing overhead (C)

What security requirement relates to ensuring that a sender cannot deny sending a message?

Non-repudiation (C)

Which function is NOT typically used for message authentication?

Asymmetric encryption (C)

What is a primary challenge when using public-key encryption for messaging?

Public-key encryption does not confirm the sender's identity (B)

What is the primary purpose of using salt in password hashing?

To deter precomputation attacks (A)

Which of the following best describes the role of the server in Lamport one-time passwords?

The server hashes the user's password for verification (C)

In the context of the Birthday Paradox, what is the implication of a 64-bit hash?

It can be considered unreliable for generating unique signatures. (B)

What action does Alice perform when using the Lamport one-time password protocol?

She sends a hash derived from her password to the server. (B)

Which mechanism is ineffective for security but reasonable for data integrity checking?

One-bit circular shift on hash value (B)

What is a primary feature of the birthday attack as described?

It can produce valid signatures for both original and forged messages. (B)

How does the Lamport one-time password protocol enhance security against interception?

It prevents an attacker from obtaining the password even if they intercept communications. (C)

What is a limitation of simple hash functions highlighted in the content?

They offer reasonable data integrity but lack security. (B)

What is the implication of using a formula like h(M) = M mod n for creating message digests?

It can lead to a violation of randomness requirements. (C)

Given that messages are 6 bits long and digests are 4 bits long, what is the conclusion based on the pigeonhole principle?

At least one digest corresponds to multiple messages. (D)

How long would it take Eve to create enough digests to find the original message if each digest is 64 bits long?

More than 500 years. (D)

What is the probability threshold for Eve to find two messages with the same digest in a collision attack?

More than 0.5. (D)

In a collision attack with a 64-bit digest, how many digests must Eve create to have more than a 50% chance of a collision?

About 1.18 × 2^32 digests. (D)

What happens when the number of messages exceeds the number of possible unique digests?

It increases the risk of collision attacks. (A)

What does the generalized pigeonhole principle state about occupied pigeonholes?

If n pigeonholes are occupied, k + 1 messages can exist in one. (D)

If Eve can create digests at a rate of 1 million messages per second, how long will it take to perform a collision attack?

About two hours. (C)

What is the maximum length of padding that can be added to a message according to SHA-512 specifications?

1023 bits (A)

What is necessary for padding to be required in SHA-512?

A length field needs to be added. (B)

If the length of the original message is 2590 bits, how many padding bits are added?

353 bits (C)

What is the minimum possible length of padding in SHA-512 if the original message is such that (−|M| − 128) mod 1024 = 0?

0 bits (B)

How long can a message be to be compliant with SHA-512 before needing to be shortened?

Less than 2^128 bits (B)

What is the digest size produced by SHA-512?

512 bits (D)

How many pages would a message of 2^128 bits occupy if each page holds approximately 2048 bits worth of characters?

2^110 pages (B)

What occurs when the original message's length is already a multiple of 1024 bits?

Only the length field needs to be added. (D)

Flashcards

Pigeonhole Principle

If more items than pigeonholes are placed into those pigeonholes, at least one pigeonhole must contain more than one item.

Preimage Attack

An attack trying to find a message that produces a specific hash.

Second Preimage Attack

Finding a second message with the same hash as a given message.

Collision Attack

Finding two different messages with the same hash.

Random Oracle Model

A theoretical model where a hash function behaves like a random function, making it unpredictable.

Message Digest Size (n bits)

The length, in bits, of the output (hash) of a hash function.

Time Complexity for Preimage Attack

The time required to find a message with a specific hash value is exponential relative to the hash size.

Time Complexity for Collision Attack

The time required to find two different messages with the same hash value is significantly less than a preimage attack.

Hash Function Collision Attack

An attack that aims to find two different messages producing the same hash value.

64-bit Hash Digest Security

64-bit hash digests are no longer considered secure against collision attacks due to processing power improvements.

MD5 Hash Function

An older standard hash function producing 128-bit digests.

SHA-1

A 160-bit standard hash function created by NIST.

SHA-512

A newer 512-bit hash function, likely to become a NIST standard, resistant to collision attacks.

Message Authentication

Verification that a message came from the claimed sender and hasn't been tampered with.

Modification Detection Code (MDC)

A message digest used to verify the message's integrity.

Message Authentication Code (MAC)

Used for message authentication—ensuring a message's origin and integrity, similar to MDC but also verifying sender.

Salt for Precomputation Attacks

Adding random data to passwords before hashing, making precomputed tables ineffective.

Rainbow Tables

Precomputed tables of hashes used for cracking passwords.

Lamport One-time Passwords

A method that ensures attacker cannot get or fake a password, even if the server is compromised.

Birthday Attacks

Attack that finds two different messages with the same hash using the Birthday Paradox.

Hash Function

Algorithm that transforms input data into a unique fixed-size output (hash).

Hash Size and Security

Larger hash sizes make birthday attacks harder, but not impossible.

Data Integrity Check

A method to ensure data hasn't been modified.

Insecure Hash Function Examples

Simple XOR or circular shift operations are weak and unreliable hashes.

Message Authentication Code (MAC)

A method to verify the integrity and origin of a message, ensuring it hasn't been altered during transmission.

Modification Detection Code (MDC)

A code used to detect changes to a message during transmission, ensuring message integrity.

Message Authentication

Ensuring a message's integrity, originating from a known sender, and preventing denial of origin.

Symmetric Encryption and Authentication

Using the same key for encryption and decryption, ensuring the verified sender is the only one who can have the message

Public-Key Encryption and Authentication

Using separate keys for encryption and decryption, enabling both confidentiality and authentication, but less efficient than symmetric encryption.

Message Security Requirements

Criteria to ensure message security, including protection against disclosure, modification, and malicious tampering.

Hash Function

An algorithm that converts a message of any size into a fixed-size string of digits, providing integrity checks.

Security of MAC

The security of a MAC depends on the security of the underlying hash algorithm, meaning vulnerabilities in that hashing algorithm compromises security

SHA-512 Message Length

SHA-512 restricts messages to less than 2^128 bits.

Padding in SHA-512

Padding ensures the message length is a multiple of 1024 bits, plus a length field.

W60 calculation

W60 in SHA-512 is created from four previously calculated words, as part of a hashing algorithm.

Message Digest Size

The output size of SHA-512 hash function (512 bits).

Message Preparation (SHA-512)

The process of preparing the message before calculating SHA-512 hash.

Padding Bits (Example)

Number of padding bits added to a message to meet SHA-512 requirements.

Message Length Limitation

The restriction on input messages in SHA-512 to be under a specific maximum size.

Word Expansion (SHA-512)

The process of expanding words in SHA-512 hashing algorithm.

SHA-512

A 512-bit hash function, part of the SHA-2 family, resistant to collisions.

SHA-512 Compression Function

The core of SHA-512, processing messages in 1024-bit blocks with 80 rounds.

Hash Function Rounds

Repeated steps in the hash function; each round updates a buffer and uses a message block part.

Round Constants (SHA-512)

Fixed values in each round, derived from the cube root of prime numbers, essential for variability.

SHA-2 Family

A group of SHA hash functions including SHA-256, SHA-384, and SHA-512; designed for increased security.

SHA-1 Concerns

Security of SHA-1 was questionable in 2005, raising concerns about future applications.

SHA-256, SHA-384

Members of the SHA-2 family offering varied security levels (256 and 384 bits).

Message Digest Size

The length, in bits, of the hash output of a cryptographic hash function.

Study Notes

Message Integrity

• Cryptography systems presented so far offer secrecy but not integrity
• Integrity ensures the message hasn't been altered
• A fingerprint, like a cryptographic hash function, can be used to check for integrity.

Document and Fingerprint

• A physical document's integrity can be ensured using a fingerprint
• Alice can ensure the contents of her document aren't changed by affixing her fingerprint at the bottom
• A document fingerprint is analogous to a message digest.

Message and Message Digest

• The digital equivalent of a document and fingerprint is a message and a digest pair
• A hash function transforms the message into its digest (fingerprint)
• A message's integrity is verified by comparing the calculated digest with the stored digest.

Difference

• Documents and fingerprints are physically linked
• Messages and digests can be unlinked and compared separately
• The message digest must be protected from tampering to maintain integrity.

Checking Integrity

• Hash functions calculate a current digest
• Comparison with the previous digest determines if a message has been altered
• Discard an altered message, or re-transmit it.

Cryptographic Hash Function Criteria

• Cryptographic hash functions must satisfy three criteria
• Preimage resistance: Infeasible to find an input (preimage) producing a given output.
• Second preimage resistance: Infeasible to find a second input producing the same output as a given input.
• Collision resistance: Infeasible to find two different inputs producing the same output.

Preimage Resistance

• A preimage attack attempts to find an input that produces a given output
• Given a hash value, it's computationally infeasible to find its corresponding message.
• The difficulty is proportional to 2^n, where n is the hash value's length.

Lossless Compression

• Lossless compression methods are not suitable for cryptographic hash functions
• They create reversible compressed messages.

Checksums

• Checksums are not robust enough for cryptographic hash functions
• They're not preimage resistant, meaning multiple messages might have the same checksum.

Second Preimage Resistance

• A second preimage attack tries to find a second message with the same hash value as a known message
• Finding a second preimage is computationally infeasible, proportional to 2^n

Collision Resistance

• A collision attack finds two different messages with the same hash value
• Finding collisions is computationally infeasible, proportional to 2^(n/2)

Random Oracle Model

• Introduced by Bellare and Rogaway in 1993, it's an ideal mathematical model for hash functions.
• It assumes the hash function acts like a random oracle, outputting random values for every input.

Oracle Table

• A table used to store messages and their corresponding digests generated by an oracle.
• The oracle checks the table for a matching message before calculating the digest.

Pigeonhole Principle

• If n pigeonholes contain more than n pigeons, at least one pigeonhole must contain more than one pigeon.
• This concept is applicable to hash functions, where if more messages map to fewer possible digests, there's a high probability of collisions.

Example of collisions

• If messages have 6 bits and digests have only 4 bits, there are more messages than possible digests (2^6 > 2^4)
• The probability of collision is greater than zero in this simplified example.

Algorithms Attacks

• Algorithms to attack preimage, second preimage, & collision attacks.
• Calculating difficult attack costs against input lengths (2^n, 2^(n/2).

Message Authentication Code(MAC)

• Message digests don't authenticate the sender
• A MAC adds a proof of authorship
• MACs use cryptographic hash functions combined with secret keys for message authentication

Modification Detection Code (MDC)

• A MDC is a message digest that serves as proof of integrity
• Alice creates an MDC and sends it along with the message to Bob
• Bob calculates a new MDC from the received message.
• If the new MDC is the same as the received one, then the message is undamaged.

MAC Security

• MAC security relies on the underlying hash function’s strength
• Brute-force and cryptanalytic threats exist
• Increased bit sizes of hash functions offer increased security

Keyed Hash Functions

• A hash function used to generate MACs
• This method uses both a message and a secret key to derive the MAC.
• The keyed hash includes a key along with the message to create unique hash values.

HMAC

• An improvement over keyed hash functions, HMAC ensures wider security against attacks.
• HMACs use a hash function combined with a key and padding to increase the security and resistance of the MACs.
• It's a secure way to apply hash functions to messages paired with a secret key.

Hash Function Uses

• Hash functions can condense arbitrary-length messages into fixed-size digests.
• They're used to detect changes to messages, verify data integrity, and in processes like password storage.
• Hash functions provide one-way mappings and are collision-resistant for security purposes

Cryptographic Hash Function

• A mathematical function that maps a message of arbitrary length to a fixed-size hash value—a digest—that acts as a message fingerprint.

Hash Function Uses

• Message Integrity Check (MIC): Calculating a hash of message for integrity checks
• Message Authentication Code (MAC): Using a keyed hash function to protect a message's integrity
• Digital Signatures (Non-repudiation): Encrypting a hash with a private key for non-repudiation

Birthday Attacks

• Birthday paradox demonstrates that the probability of a collision increases significantly given more inputs when there are a limited number of possible outcomes.
• Attackers aim to find collisions by generating many messages with the same hash function result.
• When the number of possible hashed messages exceeds the square root of the total hashes, there's a greater probability of collisions.

Hash Function Cryptanalysis

• Hash functions use an iterative structure involving multiple message blocks
• Cryptanalytic attacks seek to exploit the structure of hash functions to find collisions faster than an exhaustive search.

Block Ciphers as Hash Functions

• Block ciphers can be adapted into hash functions, but their output can be too small for security.
• Vulnerable to birthday and meet-in-the-middle attacks due to their relatively short output lengths

Secure Hash Algorithms (SHAs)

• Designed by NIST and NSA in 1993
• Reimplemented with additional versions in 1995 for increased security
• Produces longer, 160-bit hash values, which make it more resistant to attacks.

Revised Secure Hash Standard

• NIST introduced revisions with additional SHA versions.
• Enhanced versions of SHA designed for security compatibility with the AES cipher.

SHA-512 Overview

• Processing messages in 1024-bit blocks
• 80 rounds of iterations in the compression functions

SHA-512 Compression Function

• Compressing messages in 1024-bit blocks during SHA-512 operation.
• 80 rounds, updating a 512-bit buffer
• 64-bit values derived from the message block
• Round constant values extracted by cube roots of 80 prime numbers

SHA-512 Round Function

Structure of Each Round

Majority Function

Conditional Function

Rotate Functions

Compression Function

Message Digest Initialization

• Initialization values of constants utilized in the SHA-512 message digest.

Message Preparation

• SHA-512 requires the length of the message to be under 2^128 bits.

Padding and length field in SHA-512

Padding Calculation

Padding Necessity

Minimum and Maximum Padding

Characteristics of Secure Hash Algorithms (SHAs)

SHA-3

• A new hash algorithm designed to address vulnerabilities in older SHA versions

SHA-3 Requirements

• Replacing SHA-2 with SHA-3 to uphold similar hash sizes and the online procedures in smaller block sizes.

Two groups of compression functions

Iterated Hash Function (Merkle-Damgård Scheme)

• A hash function that processes the message in multiple blocks, using a compression function iteratively.

Rabin Scheme

Davies-Meyer Scheme

Miyaguchi-Preneel Scheme

Secure Hash Algorithm (SHA-1)

• A 160-bit hash algorithm, designed by NIST & NSA

SHA Overview

SHA-1 Compression Function

Message-Digest 5 (MD5)

• Designed by Ronald Rivest
• 128-bit message hash, widely used, later found to have vulnerabilities.

MD5 Overview

MD5 Compression Function

MD4

• Precursor to MD5
• Designed for speed with little-endian architecture

Strength of MD5

• Hash is dependent on all message bits, but vulnerabilities exist in newer analyses.

SHA-1 Verses MD5

• Brute force attack is harder for SHA-1 than MD5
• SHA-1 is a bit Slower than MD5

Revised Secure Hash Standard

• Provides additional SHA versions with higher security standards

Whirlpool

• A 512-bit hash algorithm based on the Miyaguchi-Preneel scheme with a customized AES block cipher as the compression function.

Whirlpool Cipher

SubBytes

ShiftColumns

MixRows

AddRoundKey

Key expansion in the Whirlpool cipher

CMAC

CMAC Overview

CMAC

Authenticated Encryption

Counter with Cipher Block Chaining-Message Authentication Code (CCM)

Galois/Counter Mode (GCM)

GCM Functions

Authenticated Encryption

Generic Composition

Comparison

Inclusion

Verification Method

Relationship

Duplicity

Process

Digital Signature Process

Need for Keys

Signing the Digest

Services

Message Integrity

Nonrepudiation

Confidentiality

Attack Types

Forgery Types

Digital Signature Schemes

RSA Digital Signature Scheme

Key Generation

Signing and Verifying

ElGamal Digital Signature Scheme

Key Generation

Verifying and Signing