SHA Hash Functions

Message Authentication

• Concerned with protecting message integrity, validating the identity of the originator, and non-repudiation of origin (dispute resolution)
• Three alternative functions used for message authentication: message encryption, message authentication code (MAC), and hash function

Message Encryption

• Provides a measure of authentication if symmetric encryption is used
• Receiver knows the sender must have created it, since only sender and receiver know the key used
• Content cannot have been altered, and suitable structure, redundancy, or checksum detect any changes
• If public-key encryption is used, encryption provides no confidence of sender, but signing with private-key and encrypting with recipient's public key provides both secrecy and authentication

Message Authentication Code (MAC)

• Generated by an algorithm that creates a small fixed-sized block depending on both message and some key
• Appended to message as a signature, and receiver performs same computation on message and checks it matches the MAC
• Provides assurance that message is unaltered and comes from sender
• Can use encryption for secrecy with separate keys, and compute MAC either before or after encryption
• Regarded as better done before encryption

MAC Properties

• A cryptographic checksum that condenses a variable-length message to a fixed-sized authenticator
• A many-to-one function, but finding multiple messages with the same MAC is very difficult
• Requirements:
  • Infeasible to find another message with the same MAC
  • MACs should be uniformly distributed
  • MAC should depend equally on all bits of the message

Using Symmetric Cipher for MAC

• Can use any block cipher in chaining mode and use the final block as a MAC
• Data Authentication Algorithm (DAA) was a widely used MAC based on DES-CBC

Hash Functions

• Condenses arbitrary message to fixed size
• Usually assume the hash function is public and not keyed
• Example: SHA-1, with concerns on its use in future applications
• Revised Secure Hash Standard NIST issued revision FIPS 180-2 in 2002 adds three additional versions of SHA
• SHA-3 is based on the sponge construction and has higher security levels

Hash Algorithms

• Comparison of different hash algorithms:
  • MD5: 128 bits, 64 rounds, broken
  • SHA-1: 160 bits, 80 rounds, theoretically vulnerable
  • RIPEMD-160: 160 bits, 80 rounds, used in Bitcoin
  • Whirlpool: 512 bits, 10 rounds, based on AES
  • SHA-2: 224, 256, 384, 512 bits, 64, 80 rounds, some theories, currently considered safe
  • BLAKE2: 256, 512 bits, 10, 12 rounds, based on ChaCha Stream Cipher, SHA candidate
  • SHA-3 (Keccak): 224, 256, 384, 512 bits, 24 rounds, secure, but relatively untested
  • BLAKE3: 256 bits, 7 rounds, very new, fast

Keyed Hash Functions as MACs

• Creating a MAC using a hash function rather than a block cipher
• Original proposal: KeyedHash = Hash(Key|Message), but weaknesses were found
• HMAC specified as Internet standard RFC2104, using hash function on the message: HMACK = Hash[(K+ XOR opad) || Hash[(K+ XOR ipad)||M]]]
• HMAC security relates to that of the underlying hash algorithm

Digital Signatures

• Provide the ability to verify author, date, and time of signature, authenticate message contents, and be verified by third parties to resolve disputes
• Digital signature properties:
  • Must depend on the message signed
  • Must use information unique to sender
  • Must be relatively easy to produce and verify
  • Must be computationally infeasible to forge
• Digital signatures involve only sender and receiver
• Direct digital signatures use sender's private key for signing and receiver's public key for verification