Asymmetric and Public Key

2/2/2018 V.
madhu Viswanatham 1
Symmetric-key cryptography based
on sharing secrecy
• In symmetric –key cryptography, symbols are
permuted or substituted
• In asymmetric-key cryptography, numbers are
manipulated.
• Symmetric-key cryptography based on sharing
secrecy
• Asymmetric-key cryptography id based on
personal secrecy
2/2/2018 V.madhu Viswanatham 2

Encryption with a Public Key System

• Put (lock, locking key) in the
public domain, i.e., in a post
office.
• Anyone who wants to send me
a letter confidentially can do
the following:
– Buy a strong box
– Use my lock with the locking key
to lock the letter inside.
Lo Unl
– Send me the locked box. cki ocki
ng ng
Ke key
y
Key Exchange with a Public Key System
Bob (k e , k d) is the key pair Alice

of Alice
session encryted session

key sess. key key
k E k (k) k
Alice’s e Alice’s
public Private
Key k e Key k d
Bob generates the session key k, sends Alice the encrypted session key.

Miller-Rabin Primality Testing
Input: Odd integer M (2n-1 < M < 2n).
Repeat 100 times:
Pick b at random (1 < b < M).
Check if b is a smart witness ( poly(n) time).
If one or more b is a smart witness, output

“M is composite”.
Otherwise output “M is prime”.
Miller-Rabin Primality Testing
Properties of Algorithm:
• Randomized (uses coin flips to pick b’s).
• Run time - polynomial in n = log M.
• If M is prime the algorithm always outputs
“M is prime”.
•If M is composite the algorithm may err.

However to err, all choices of b should give
non-witnesses, so
Probability of error < (0.25)100 <<< 1.
The Idea of Public Key Cryptography
• Trapdoor One-Way Function
Given y and a trapdoor,x can be computed easily.

Applications of public_key cryptography
• Encryption/decryption
• Digital Signature(Authentication)
• Key Exchange
Example:
RSA: √ √ √
Diffie_Hellman: × × √
DSA: × √ ×

Symmetric Vs Asymmetric Key
Characteristics Symmetric key Asymmetric key
Key used for Same Key is used for One key is used for encryption
encryption/decryption encryption and and another different key is
decryption used for decryption
Speed of Very fast slower
Encryption/decryption
Size of resulting cipher text Usually same as or less More than the original text
than the original text size size
Key agreement/exchange A big problem No problem
Number of keys required N(N-1)/2 secret keys N secrete keys

Usage Mainly used for encryption Can be used for encryption
and and decryption as well as for
decryption(Confidentiality digital signature
),cannot be used for
Digital signature
RSA Key-Generation
• Select two large primes p and q such that p≠q
• n p×q
• Ø(n) (p-1) × (q-1)
• Select e such that 1<e< Ø(n) and e is coprime to Ø(n).
• d e-1 mod Ø(n) //d is Inverse of e modulo Ø(n)
• Public_key (e,n) //To be announced publicly
• Private_key d // To be kept secret

• Encryption C=Pe mod n
• Decryption P=Cd mod n
• Fast Exponentiation algorithm:
c=0,d=1
for i= k downto 0
do c=2 × c
d=(d × d) mod n
if bi =1
then c=c+1
d=(d × a) mod n
Return d

The Attacks Can be launched on RSA :
• Factorization attack
• Chosen Cipher text Attack
• Plain text attack
-short message attack
-cyclic attack
• Timing attack

• y is the product of nb terms. Each term is
either 1 (if the corresponding bit is 0) or a2i
•
• y is the product of nb terms. Each term is either 1 (if the corresponding bit is 0) or a2i
is the bit is 1y is the bit is 1. In other words, the term a2 i is included in the multiplication if the bit
is 1, it is not included if the bi is 0 (multiplication by 1 has no effect).

In each iteration, the algorithm checks the value of the corresponding bit. If the
value of the bit is 1, it multiplies the current base with the previous value of the
result. It then squares the base for the next iteration.
1. To encrypt bit pattern P in RSA, compute a = Pe mod n

2. To decrypt received bit pattern a in RSA, compute
P =ax mod n
Launch a timing attack against the decryption of RSA to figure out the private key
x if RSA uses above fast exponentiation algorithm.
Hint: use a timer to record execution time of each iteration, use the average value
of all iteration as threshold to determine each bit of d is 0 (below threshold) or 1
(above threshold).
Diffie-Hellman Key exchange Protocol
A B
1 R1=gx mod p
2 R1
R2=gy mod p 3
R2 4
5 K=(R2)x mod p K=(R1)y mod p 6
K=gxy mod p

• K = (R2)x mod p
= (gy mod p)x mod p
= (gy)x mod p
= (gyx) mod p
= (gxy) mod p
= (gx)ymod p
= (gx mod p)y mod p
= (R1)y mod p

• Both A and B need to choose a large prime number p on the order of 300
decimal digits(1024 bits) and g, is a primitive root of order p-1 in the
group<Zp*,×>
• A chooses a large random number x such that 0≤x ≤ p – 1 and calculates
R1 =gx mod p.
• B chooses another large random number y such that 0≤y ≤ p – 1 and
calculates R2=gymod p.
• A sends R1 to B.
• B sends R2 to A.
• A computes symmetric key,K=(R2)x mod p
• B computes symmetric key,K=(R1)y mod p

Security of Diffie-Hellman
• Discrete Logarithm Attack
• Man-in-the-middle Attack

The following recommendations are made:
 The prime must p must be very large(more than 300 decimal digits)
 The prime p must be choosen such that p-1 has atleast one large prime
factor(more than 60 decimal digits)
 The generator must be chosen from the group <Zp* ,×>
 Both entities must destroy x and y after thay have calculated the symmetric key.
The values of x and y must be used only once.

Station-to-Station key Agreement
A B
The values of p and g are public

1 R1=gx mod p
1st 2 R1
message R2=gy mod p 3
K=(R1)y mod p 4
k
R2 B’s certificate SigB(A|R1|R2) 5 2nd
message
Signed by B’s private key
6 )x
K=(R2 mod p
Verify B’s signature Signed by A’s private key

7
k
8 A’s certificate SigA(B|R1|R2)
3rd
message
2/2/2018 V.madhu Viswanatham Verify A’s signature 21 9
K=gxy mod p
Authentication
• It is a mechanism to verify the integrity of the
transmitted message or person initiating it.
-Entity authentication
- Data authentication

• Message encryption
• Message Authentication Code(MAC)
• Hash functions

MAC
• Data Authentication Algorithm:
D2 DN-1 DN
D1(64 bits)
+ + +
-----------
DES DES DES DES
K(56bits)
encrypt encrypt encrypt encrypt
O1(64 bits) O2 ON-1 ON

MAC

Two Simple Hash Functions
 consider two simple insecure hash functions

 bit-by-bit exclusive-OR (XOR) of every block
 Ci = bi1 xor bi2 xor . . . xor bim
 a longitudinal redundancy check
 reasonably effective as data integrity check
1. Initially1 set the -bit hash value to zero.
2. Process each successive -bit block of data as follows:
the block into the hash value.
one-bit circular shift on hash value
1. Initially set the -bit hash value to zero.

2. Process each successive -bit block of data as follows:
a.Rotate the current hash value to the left by one bit.
b.XOR the block into the hash value.

Hashing
Properties of Hash function:
1.h can be applied to a block of data of any size
2.h produces a fixed length output
3.h(x) is relatively easy to compute for any given x
4. Given a hash value value y ,it is computationally infeasible to find an input x
such that H(x)=y. This is sometimes referred as one way function (
Preimage resistant)
5.Given an input value x1,it is computationally infeasible to find another
input value x2 such that h(x1)=h(x2)::: weak collision resistance
6.It is computationally iintractable to find two input values x1 and x2 such
that h(x1)=h(x2)::strong collision resistance

Hash Functions
• A one-way hash function(OWHF)
• A collision-resistant hash function(CRHF)
o Select at random m and find its digest

o Call the algorithm R which returns m1 =R(d) such that d=h(m1 )
o If m ≠ m1 ,then this is a collision. Otherwise select another random
message and repeat the process

Using Hash for Authentication
• A computes Hash value using hash algorithm
and concatenates with original data and send
to B
• B computes Hash value using same algorithm
on the received original data and compares
the computed hash value with received hash
value
• If both are same then message is
authenticated.
MD5: Message Digest Version 5
Input message(Varaible
size)
Output 128 bits(Fixed)

How MD5 works?
• Step 1: Padding
• Step2 : Append length
• Step3 :Devide the input into 512-bit blocks
• Step4: Intialize chaining varaibles
A Hex 01 25 45 67
B Hex 89 AB CD EF
C Hex FE DC BA 98
D Hex 76 54 32 10

• Step 5: Process blocks
5.1: copy the chaining varaibles into four correspobding varaibles
a,b,c and d
5.2 :Devide the current 512 bit block into 16 sub-blocks(size-32bits)
5.3: Now we have four rounds.Ineach round we process all the 16
sub-blocks belonging to a block
Conceptual process within a round
16 sub-blocks Other constants(t)
One round
a b c d
• In each round we have 16 input sub-blocks,named
M[0],M[1],….,M[15].
• Also,t is an arrayof constants.It consists of 64 elements,with
each element consisting of 32 bits.We denote the elemnts of
this array t ast[0],t[1],……,t[63].
• K[i] := floor(232 × abs(sin(i + 1)))

• Each round has 16 steps of the form:
a = b+((a+g(b,c,d)+X[k]+T[i])<<<s)
• g(a,b,c) = (bc)(~b  d)
• g(a,b,c) = (b  d) (c ~ d)
• g(a,b,c) = bc d
• g(a,b,c) = c(b  ~d)

The folloing attacks have been launched against MD5
1. Tom berson could find two messages that produce the same
message digest for each of the four individual rounds.
However,he could not come up with two messages that
produce the same message digest for all the four rounds
taken together.
2. Den Boer and Bosselaers showed that the execution of MD5
on a single block of 512 bits will produce the same output for
two different values in the chaining variable register abcd.
This is called as pseudocollision.However ,they could not
extend this to a full MD5 consisting of four rounds each
containing 16 steps.
3. Dobbertin provided the most serious attack on MD5 . Using
this attack the operation of MD5 on two different 512 bit blocks
produces the same 128-bit output. However this has not been
generalized to a full message block.
the general recommendation is not to trust MD5.( ALTHOUGH

IT IS NOT PRACTICALLY broken into as yet).

Why collisions are bad
An example of what you might do with this.
You could request an SSL certificate (for your real identity) from a certificate
authority. After the response comes back, you can then use that response
(which is based on the MD5 of your identity+key) to "authenticate" a carefully
chosen different certificate, one which claims that you are
LargeBankOrSoftwareCorp., but which has the same MD5 as your real
identity. You can then present this to other people in order to convince them
that you are someone whom you are not.
Another example,
core internet routers use md5 to exchange passwords. We can simply sniff the
md5sum, and if I can find a string that generates the same sum, easily, I can
send my own routing update that takes down the internet. More examples,
since a LOT of applications use md5,

How SHA-1 works?
• Step 1: Padding
• Step3 :Divide the input into 512-bit blocks
• Step4: Initialize chaining varaibles
A Hex 01 25 45 67
B Hex 89 AB CD EF
C Hex FE DC BA 98
D Hex 76 54 32 10
E Hex C3 D2 E1 F0
5.1: copy the chaining varaibles into five correspobding varaibles
a,b,c , d and e
5.2 :Devide the current 512 bit block into 16 sub-blocks(size-32bits)
5.3: SHA-1has four rounds.each round consists of 20 steps
16 sub-blocks Other constants(t)
One round
a b c d e
• Each round has 20 steps of the form:
abcde=(e + function F+s5(a)+W[t]+K[t]),a, s30(b),c,d
Round 1: (b AND c) OR ((NOT b) AND (d))

Round 2: B XOR c XOR d
Round 3: (b AND c) OR (b AND d) OR (c AND d)
Round 4: B XOR c XOR d
The remaining 64 values are defined using the equation

W[t]=s1(W[t-16] XOR W[t-14] XOR W[t-8] XOR W[t-3])

Round Value of t between K[t] in Hex
1 1 and 19 5A 92 79 99
2 20 and 39 6E D9 EB A1
3 40 and 59 9F 1B BC DC
4 60 and 79 CA 62 C1 D6

Comparison of MD5 AND SHA -1
POINT MD5 SHA-1
Message digest length 128 bits 160
Attack to try find the Requires 2128 operations to Requires 2160 operations to
original message given a break in break in, therefore more
message digest secure
Attack to try find two Requires 264 operations to Requires 280

messages producing the break in operations to break in
same message digest given
a message digest
Successful attacks so far There have been reported No such claims so far
attempts to some extent(as
we discussed earlier)
Speed Faster(64 iterations and Slowerr(80 iterations and
128 bit buffer) 160 bit buffer)

How SHA-512 works?
• Step 1: Padding
• Step3 :Divide the input into 1024-bit blocks
• Step4: Initialize chaining variables
A 6A09E667F3BCC908
B BB67AE8584CAA73B
…………………….
H 5BE0CD19137E2179
5.1: copy the chaining varaibles into four correspobding varaibles
a,b,c and d
5.2 :Devide the current 1024 bit block into 16 sub-blocks(size-64 bits)
5.3: Now we have 80 rounds.In each round we process all the 16 sub-
blocks belonging to a block

Other constants(t)
16 sub-blocks
One round
a | b | c | d | e | f | g |h
SHA-512 Round Function
Ch(e,f,g)=(e AND f) XOR (NOT e AND g)
Maj(a,b,c)= (a AND b) XOR (a AND c ) XOR (b AND c)
Sum(a)= ROTR( a by 28 bits) XOR ROTR(a by 34 bits) XOR ROTR(a by 39 bits)
Sum(e)= ROTR( e by 14 bits) XOR ROTR(e by 18 bits) XOR ROTR(e by 41 bits)

W[t]=64-bit word derived from the current input block
K[t}=constants
Add= addition mod 264
1. For the first 16 rounds (0 to 15),the value of W[t] is equal to the corresponding
word in the message block.
2. For the remaining 64 steps,the value of W[t] is equal to the circular left shift by
one bit of the XOR of the four preceding values of W[t] with two of them
subjected to the circular left shift by 1 bit.

Various versions of SHA
Parameter SHA-1 SHA-256 SHA-384 SHA-512

Message digest 160 256 384 512
size
Block size 512 512 1024 1024
Word size 32 32 64 64
Steps in 80 64 80 80
agorithm

Digital Signatures

• Digital signature is a process to verify the
integrity of transmitted message

Signed Messages
Calculated
Message Hash
Message Sent thru’ Internet

Message
+
+
signature
Signature if
COMPARE OK
Hash Signatures
verified
SIGN hash Hash

With Sender’s
Private key
Decrypt
Signature
With Sender’s
Sender Receiver Public Key

• Properties of Digital Signature:
1. It must verify the author and the date and time of signature.
2. It must authenticate the contents at the time of signature
3. It must be verifiable by third parties, to resolve disputes.

• Requirements for a digital signature:
1. The signature must be a bit pattern that depends on the
message being signed.
2. The signature must use some information unique to the
sender, to prevent both forgery and denial
3. It must be relatively easy to produce the digital signature.
4. It must be relatively easy to recognize and verify the digital
signature.
5. It must be computationally infeasible to forge a signature
6. It must be practical to retain a copy of the digital signature
in storage.
Direct Digital Signature:
Arbitrated Digital Signature Techniques:

(a).Conventional Encryption: Arbiter sees Message
(1). X -> A: M|| EKxa [IDx ||H(M)]

(2) A-> Y:Ekay[IDx || M || EKxa [IDx ||H(M)] || T]
(b) . Conventional Encryption : arbiter Does not See message
(1) X-> A:IDx||EK xy [M]|| EKxa [IDx ||H(EK xy [M])]

(2) A-> Y:Ekay[IDx || EK xy [M]|| EKxa [IDx ||H(EK xy [M])] || T]
(c ) Public Key Encryption: arbiter Does not See message
(1) X -> A: IDx ||EKRx [IDx ||Ekuy (EKRx [M])]

(2) A -> Y:EKRa [IDx ||Ekuy (EKRx [M]] ||T]

Digital Signature Algorithm(DSA)
M II M H
KRa
KUG s
KUa
KUG
H r
Sig
Ver Compare

• Global Public-Key components
- p prime number between 512 and 1024 bits in length. The
no.of bits in p must be a multiple of 64.i.e, bit length of
between 512 and 1024 bits in increments of 64 bits
- q prime divisor of (p -1) , bit length of 160bits
- e1=e0(p-1)/q mod p
where e0 is any integer with 1 <h<(p-1)
• User’s Private Key
d random integer with 0<d<q

• User’s public key
e2=e1x mod p
• User’s per message secret Number
r random integer with 1<=r<=q
• DSA signature generation
- Compute s1=(e1rmod p) mod q
-Compute s2=r-1 (H(M) + ds1) mod q
-signature = (s1,s2)

• DSA signature verification
– Verify 0<s1<q and 0<s2<q, if not, invalid
– Computes V=[e1H(M)S2-1 e2S1S2-1 )mod p]mod q
– Valid iff V=S1.otherwise rejected.

1. In RSA scheme, find the relationship between the size of s and n?
2. In DSA ,find the size of s1 and s2 in relation to size of p and q
3. In DSA if eve can find the value of r ,can she forge a message ?
4. In DSA, why calculation of s1 is done in modulo p modulo q,but the
calculation of s2 is done only in modulo q.?
5. In DSA, prove the correctness of the verifying process.

Key Management
• public-key encryption helps address key
distribution problems
• distribution of public keys
• use of public-key encryption to distribute
secret keys
Distribution of Public Keys
• can be considered as using one of:
– Public announcement
– Publicly available directory
– Public-key authority
– Public-key certificates
Public Announcement
• users distribute public keys to recipients or
broadcast to community at large
– eg. append PGP keys to email messages or
post to news groups or email list
• major weakness is forgery
– anyone can create a key claiming to be
someone else and broadcast it
– until forgery is discovered can masquerade as
claimed user for authentication
Publicly Available Directory
• can obtain greater security by registering
keys with a public directory
• directory must be trusted with properties:
– contains {name, public-key} entries
– participants register securely with directory
– participants can replace key at any time
– directory is periodically published
– directory can be accessed electronically
• still vulnerable to tampering or forgery
Public-Key Authority
Public-Key Authority
• improve security by tightening control over
distribution of keys from directory
• requires users to know public key for the
directory
• then users interact with directory to obtain
any desired public key securely
– does require real-time access to directory
when keys are needed
Public-Key Certificates
• The public-key authority could be a bottleneck in
the system.
– must appeal to the authority for the key of every other
user
• certificates allow key exchange without real-time
access to public-key authority
• a certificate binds identity to public key
• with all contents signed by a trusted Public-Key
or Certificate Authority (CA)
– Certifies the identity
– Only the CA can make the certificates
Public-Key Certificates
Public-Key Distribution of Secret
Keys
• public-key algorithms are slow
• so usually want to use private-key
encryption to protect message contents
• hence need a session key
• have several alternatives for negotiating a
suitable session using public-key
Simple Secret Key Distribution
• proposed by Merkle in 1979
– A generates a new temporary public key pair
– A sends B the public key and their identity
– B generates a session key K sends it to A
encrypted using the supplied public key
– A decrypts the session key and both use
• problem is that an opponent can intercept
and impersonate both halves of protocol
– The scenario
Public-Key Distribution of Secret
Keys
• First securely exchanged public-keys
using a previous method
X.509 Certificates
Sample View of a Certificate
PKI(Public Key Infrastructure)
1. Certificates issuing, renewal and revocation
2. Keys storage and update
3. Providing services to other protocols
4. Providing Access control
Security at the Application Layer:
PGP and S/MIME
E-mail architecture
PGP ;
• widely used de facto secure email
• developed by Phil Zimmermann
• selected best available crypto algs to use
• integrated into a single program
• on Unix, PC, Macintosh and other systems
• originally free, now also have commercial
versions available
PGP Operation – Authentication
1. sender creates message
2. make SHA-1160-bit hash of message
3. attached RSA signed hash to message
4. receiver decrypts & recovers hash code
5. receiver verifies received message hash
PGP Operation – Confidentiality
1. sender forms 128-bit random session key
2. encrypts message with session key
3. attaches session key encrypted with RSA
4. receiver decrypts & recovers session key
5. session key is used to decrypt message
PGP Operation – Confidentiality &
Authentication
• can use both services on same message
– create signature & attach to message
– encrypt both message & signature
– attach RSA/ElGamal encrypted session key
PGP Operation – Compression
• by default PGP compresses message
after signing but before encrypting
– so can store uncompressed message &
signature for later verification
– & because compression is non deterministic
• uses ZIP compression algorithm
PGP Operation – Email
Compatibility
• when using PGP will have binary data to send
(encrypted message etc)
• however email was designed only for text
• hence PGP must encode raw binary data into
printable ASCII characters
• uses radix-64 algorithm
– maps 3 bytes to 4 printable chars
– also appends a CRC
• PGP also segments messages if too big
PGP Operation – Summary
PGP Message Format
PGP Key Rings
each PGP user has a pair of keyrings:
public-key ring contains all the public-keys of
other PGP users known to this user, indexed
by key ID
private-key ring contains the public/private
key pair(s) for this user, indexed by key ID &
encrypted keyed from a hashed passphrase
security of private keys thus depends on
the pass-phrase security
PGP Key Rings
Let us show a private key ring table for Alice. We assume that
Alice has only two user IDs, alice@some.com and
alice@anet.net. We also assume that Alice has two sets of
private/public keys, one for each user ID.
It may become necessary for an entity to revoke his or her public key from the
ring. This may happen if the owner of the key feels that the key is compromised
(stolen, for example) or just too old to be safe.
PGP Message Generation
PGP Message Reception
PGP Key Management
• rather than relying on certificate authorities
• in PGP every user is own CA
– can sign keys for users they know directly
• forms a “web of trust”
– trust keys have signed
– can trust keys others have signed if have a chain of
signatures to them
• key ring includes trust indicators
• users can also revoke their keys
MIME
MIME-Version
This header defines the version of MIME used. The
current version is 1.1.
• The content type and the content subtype are
separated by a slash. Depending on the subtype, the
header may contain other parameters.
• Content-Type
S/MIME
S/MIME adds some new content types to include

security services to the MIME. All of these new types
include the parameter “application/pkcs7-mime,” in
which “pkcs” defines “Public Key Cryptography
Specification.”
Cryptographic Message Syntax (CMS)

To define how security services, such as confidentiality
or integrity, can be added to MIME content types,
S/MIME has defined Cryptographic Message Syntax
(CMS). The syntax in each case defines the exact
encoding scheme for each content type. For details, the
reader
16.99 is referred to RFC 3369 and 3370.
Signed-data content type
Enveloped-data content type
16.101
Digest-data content type
Authenticated-data content type
Cryptographic Algorithms
S/MIME defines several cryptographic algorithms. The
term “must” means an absolute requirement; the term
“should” means recommendation.
Example
The following shows an example of an enveloped-data in which a

small message is encrypted using triple DES.

Asymmetric and Public Key

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Asymmetric and Public Key

Transféré par

Droits d'auteur :

Formats disponibles

2/2/2018 V.

2/2/2018 V.madhu Viswanatham 2

2/2/2018 V.madhu Viswanatham 3

Bob (k e , k d) is the key pair Alice

session encryted session

2/2/2018 V.madhu Viswanatham 5

If one or more b is a smart witness, output

•If M is composite the algorithm may err.

2/2/2018 V.madhu Viswanatham 8

2/2/2018 V.madhu Viswanatham 9

Number of keys required N(N-1)/2 secret keys N secrete keys

2/2/2018 V.madhu Viswanatham 11

2/2/2018 V.madhu Viswanatham 12

2/2/2018 V.madhu Viswanatham 13

2/2/2018 V.madhu Viswanatham 14

1. To encrypt bit pattern P in RSA, compute a = Pe mod n

5 K=(R2)x mod p K=(R1)y mod p 6

2/2/2018 V.madhu Viswanatham 16

2/2/2018 V.madhu Viswanatham 17

2/2/2018 V.madhu Viswanatham 18

2/2/2018 V.madhu Viswanatham 19

2/2/2018 V.madhu Viswanatham 20

The values of p and g are public

Verify B’s signature Signed by A’s private key

2/2/2018 V.madhu Viswanatham 22

2/2/2018 V.madhu Viswanatham 23

O1(64 bits) O2 ON-1 ON

2/2/2018 V.madhu Viswanatham 25

 consider two simple insecure hash functions

1. Initially set the -bit hash value to zero.

2/2/2018 V.madhu Viswanatham 27

2/2/2018 V.madhu Viswanatham 28

o Select at random m and find its digest

2/2/2018 V.madhu Viswanatham 29

Output 128 bits(Fixed)

2/2/2018 V.madhu Viswanatham 31

2/2/2018 V.madhu Viswanatham 32

2/2/2018 V.madhu Viswanatham 34

2/2/2018 V.madhu Viswanatham 36

the general recommendation is not to trust MD5.( ALTHOUGH

2/2/2018 V.madhu Viswanatham 38

2/2/2018 V.madhu Viswanatham 39

16 sub-blocks Other constants(t)

Round 1: (b AND c) OR ((NOT b) AND (d))

The remaining 64 values are defined using the equation

2/2/2018 V.madhu Viswanatham 43

2/2/2018 V.madhu Viswanatham 44

Attack to try find two Requires 264 operations to Requires 280

2/2/2018 V.madhu Viswanatham 45

Conceptual process within a round

Sum(e)= ROTR( e by 14 bits) XOR ROTR(e by 18 bits) XOR ROTR(e by 41 bits)

2/2/2018 V.madhu Viswanatham 49

Parameter SHA-1 SHA-256 SHA-384 SHA-512

2/2/2018 V.madhu Viswanatham 50

2/2/2018 V.madhu Viswanatham 51

2/2/2018 V.madhu Viswanatham 52

Message Sent thru’ Internet

SIGN hash Hash

2/2/2018 V.madhu Viswanatham 53

2/2/2018 V.madhu Viswanatham 54

2/2/2018 V.madhu Viswanatham 56

(1). X -> A: M|| EKxa [IDx ||H(M)]

(b) . Conventional Encryption : arbiter Does not See message