SHA Hash Functions

Questions and Answers

What are the three primary concerns of message authentication?

protecting the integrity of a message, validating the identity of the originator, and non-repudiation of origin (dispute resolution)

How does symmetric encryption provide message authentication?

The receiver knows the sender must have created the message, since only the sender and receiver know the key used.

What is the primary difference between a MAC and a digital signature?

A MAC is generated using a shared secret key, whereas a digital signature is generated using the sender's private key.

Why is it generally recommended to compute a MAC before encrypting a message?

Computing a MAC before encryption ensures the integrity of the message, as any changes to the message during transmission would result in a different MAC.

What is the primary advantage of using a MAC over digital signatures for message authentication?

MACs are more efficient and require less computational power compared to digital signatures.

What is the primary goal of a hash function in the context of message authentication?

To provide a fixed-size, unique representation of the message, allowing for efficient integrity verification.

What is the primary purpose of a Message Authentication Code (MAC)?

Authentication

What is a necessary property of a secure MAC?

It is computationally infeasible to find another message with the same MAC, given a message and its MAC.

What is the function of a hash function in cryptographic applications?

To condense an arbitrary message to a fixed-size output.

What type of attack is mitigated by the uniform distribution of MACs?

Collision attacks

How can a block cipher be used to construct a MAC?

By using a block cipher in chaining mode and using the final block as the MAC.

What is a key difference between a MAC and a digital signature?

A MAC uses a symmetric key, whereas a digital signature uses an asymmetric key.

What is the output size of the MD5 hash function?

128 bits

What is the main concern raised about the use of SHA-1 in recent years?

Security concerns, as it has been shown to be theoretically vulnerable.

What is the purpose of a Message Authentication Code (MAC)?

To authenticate the message and ensure its integrity.

What is the main difference between a block cipher and a hash function?

Block ciphers are reversible, while hash functions are one-way.

What is the primary advantage of using a hash function over a block cipher for creating a MAC?

Hash functions are generally faster and not limited by export controls.

What is the primary weakness of the original KeyedHash proposal?

It was found to have some weaknesses, which led to the development of HMAC.

What is the main security requirement for a digital signature?

It must be computationally infeasible to forge a digital signature.

What is the primary difference between a digital signature and a MAC?

A digital signature provides authentication and non-repudiation, while a MAC only provides authentication.

What is the primary advantage of using an ElGamal digital signature?

It provides security based on the difficulty of computing discrete logarithms.

What is the correct order of operations when using a digital signature and encryption?

Sign the message first, then encrypt the message and signature.

Study Notes

Message Authentication

• Concerned with protecting message integrity, validating the identity of the originator, and non-repudiation of origin (dispute resolution)
• Three alternative functions used for message authentication: message encryption, message authentication code (MAC), and hash function

Message Encryption

• Provides a measure of authentication if symmetric encryption is used
• Receiver knows the sender must have created it, since only sender and receiver know the key used
• Content cannot have been altered, and suitable structure, redundancy, or checksum detect any changes
• If public-key encryption is used, encryption provides no confidence of sender, but signing with private-key and encrypting with recipient's public key provides both secrecy and authentication

Message Authentication Code (MAC)

• Generated by an algorithm that creates a small fixed-sized block depending on both message and some key
• Appended to message as a signature, and receiver performs same computation on message and checks it matches the MAC
• Provides assurance that message is unaltered and comes from sender
• Can use encryption for secrecy with separate keys, and compute MAC either before or after encryption
• Regarded as better done before encryption

MAC Properties

• A cryptographic checksum that condenses a variable-length message to a fixed-sized authenticator
• A many-to-one function, but finding multiple messages with the same MAC is very difficult
• Requirements:
  • Infeasible to find another message with the same MAC
  • MACs should be uniformly distributed
  • MAC should depend equally on all bits of the message

Using Symmetric Cipher for MAC

• Can use any block cipher in chaining mode and use the final block as a MAC
• Data Authentication Algorithm (DAA) was a widely used MAC based on DES-CBC

Hash Functions

• Condenses arbitrary message to fixed size
• Usually assume the hash function is public and not keyed
• Example: SHA-1, with concerns on its use in future applications
• Revised Secure Hash Standard NIST issued revision FIPS 180-2 in 2002 adds three additional versions of SHA
• SHA-3 is based on the sponge construction and has higher security levels

Hash Algorithms

• Comparison of different hash algorithms:
  • MD5: 128 bits, 64 rounds, broken
  • SHA-1: 160 bits, 80 rounds, theoretically vulnerable
  • RIPEMD-160: 160 bits, 80 rounds, used in Bitcoin
  • Whirlpool: 512 bits, 10 rounds, based on AES
  • SHA-2: 224, 256, 384, 512 bits, 64, 80 rounds, some theories, currently considered safe
  • BLAKE2: 256, 512 bits, 10, 12 rounds, based on ChaCha Stream Cipher, SHA candidate
  • SHA-3 (Keccak): 224, 256, 384, 512 bits, 24 rounds, secure, but relatively untested
  • BLAKE3: 256 bits, 7 rounds, very new, fast

Keyed Hash Functions as MACs

• Creating a MAC using a hash function rather than a block cipher
• Original proposal: KeyedHash = Hash(Key|Message), but weaknesses were found
• HMAC specified as Internet standard RFC2104, using hash function on the message: HMACK = Hash[(K+ XOR opad) || Hash[(K+ XOR ipad)||M]]]
• HMAC security relates to that of the underlying hash algorithm

Digital Signatures

• Provide the ability to verify author, date, and time of signature, authenticate message contents, and be verified by third parties to resolve disputes
• Digital signature properties:
  • Must depend on the message signed
  • Must use information unique to sender
  • Must be relatively easy to produce and verify
  • Must be computationally infeasible to forge
• Digital signatures involve only sender and receiver
• Direct digital signatures use sender's private key for signing and receiver's public key for verification

Description

This quiz covers the SHA hash functions, including SHA-1, SHA-256, SHA-384, and SHA-512. Learn about their design, security features, and applications. Understand the differences and similarities between these algorithms and their use cases.