Network Security

Lecture 4

Hashes and Message Digests

V.E.S.I.T_M.C.A Nishi TIku 1

Message Digests
 A message digest is a non-reversible algorithm which
reduces a message to a fixed-length “summary”
 The summary has the property that a change to the
original will produce a new summary
 The probability that the new summary is the same as
the old should be 1/(size of the digest)
 There are several good (but possibly no perfect)
message digest algorithms
 MD5 is probably the most common one in use -- 128 bit
digest (has known weaknesses)
 SHA-1 -- 160 bit digest (current best choice) [Another
product of NIST]

V.E.S.I.T_M.C.A Nishi TIku 2

Hash functions
A hash function is a mathematical function that generally
has the following three properties:
1. Condenses arbitrary long inputs into a fixed
length output
– You stuff as much data as you want into the function, and it
churns out an output (or hash) that is always the same fixed
length.
– In general this hash is much smaller than the data that was
put into the function.
– Because the hash is a smaller information that represents a
larger information, it sometimes referred to as a digest, and
the hash function as a message digest function.
V.E.S.I.T_M.C.A Nishi TIku 3
Hash functions
1. Is one-way
 The hash function should be easy to compute, but given the
hash of some data it should be very hard to recover the
original data from the hash.
• It is hard to find two inputs with the
same output
 It should be hard to find two different inputs (of any length)
that when fed into the hash function result in the same hash.
 This property is sometimes described as requiring a hash
function to be collision free.
 Note that it is impossible for a hash function not to have
collisions. If arbitrarily large inputs are all being reduced to a
fixed length hash then there will be lots of collisions. (For
example - it is impossible to give each of 60 million people a
different 4 digit PIN.) The point is that these collisions should
be hard to find.

V.E.S.I.T_M.C.A Nishi TIku 4

Hashes
 Hash is also called message digest
 One-way function: d=h(m) but no h’(d)=m
 Cannot find the message given a digest
 Cannot find m1, m2, where d1=d2
 Arbitrary-length message to fixed-length digest
 Cryptographically safe
 Randomness
Mapping of i/p to o/p should appear to be randomly
chosen
Any two o/ps should be totally uncorrelated, even if
most of the i/ps are similar
 Collision

V.E.S.I.T_M.C.A Nishi TIku 5

 An aside on hashing
 Length of hash <<length of message, & often fixed at 48-
128 /160
 Some other names of hashing: finger printing, message
integrity check (MIC), message digest, cryptographic
checksum, manipulation detection code
 Hash functions are well-known. So hashing,, is
exportable; often used to communicate programs securely
over the web
 MD‹key;data› is a message authentication code (MAC) or
data authentication code (DAC); knowing key

V.E.S.I.T_M.C.A Nishi TIku 6

Hashes
 How many bits does the o/p of MD fn . have to be in
order to prevent someone from being able to find two
messages. with the same MD?
OR
 How Many Bits for Hash?
If the MD has m bits , then it would take about

■m bits, takes 2m/2 to find two with the

same hash
■64 bits, takes 232 messages to search
■Need at least 128 bits

V.E.S.I.T_M.C.A Nishi TIku 7

Good cryptographic hash function h should have
the following properties:

 h should destroy all homomorphic structures in the

underlying public key cryptosystem (be unable to
compute hash value of 2 messages combined
given their individual hash values)
 h should be computed on the entire message
 h should be a one-way function so that messages are
not disclosed by their signatures
 it should be computationally infeasible given a
message and its hash value to compute another
message with the same hash value
 should resist birthday attacks (finding any 2
messages with the same hash value, perhaps by
iterating through minor permutations of 2 messages)

V.E.S.I.T_M.C.A Nishi TIku 8

Birthday Problem
 Compute probability of different birthdays
 Random sample of n (i/ps) people (birthdays)
taken from k o/ps (365) days
 With n i/ps =>n(n-1)/2 pairs of i/ps
 For each pair there’s a prob. of 1/k of both I/ps
producing the same o/p value=> We’ll need
k/2 pairs for the prob. to be 50%( for a
matching pair)

V.E.S.I.T_M.C.A Nishi TIku 9

Birthday Problem
 Let us assume n input and k possible output and an
unpredictable
n( n − 1)
map from input to output. With n inputs there
are C = 2 pairs of inputs. For each pair there is a
n
2

probability of 1/k of bout input producing the same output

value, so you will need about k/2 pairs in order for the
probability
n(n − 1) k
to be about 50% that you will find a matching pair,
i.e. . 2 > 2 This implies n > n(n − 1) > k .⇒ n > k there is a good
2

chance of finding a matching pair.

 Probability of no repetition:
 -p ≈ 1 - n(n-1)/2k
•Diff. between secret key algo. and a
msg. digest algo.
• Why are there so many msg .
digests

V.E.S.I.T_M.C.A Nishi TIku 10

Security of hash functions
Suppose that we sign the message Keith owes Fred £10 by hashing
it using a hash function that has a hash of just 2 bits:
there are only four possible hashes: 00, 01, 10 or 11.
Fred receives this signed message, and being a manipulative type he
decides to change the message to Keith owes Fred £100. Of
course Fred does not have Keith’s signature key, so he cannot
digitally sign this message. But he doesn’t have to – he only has
to sign the hash!

What is the probability that:

hash (Keith owes Fred £10 ) = hash (Keith owes Fred £100 )?

V.E.S.I.T_M.C.A Nishi TIku 11

 Security of hash functions
Suppose the hash is 10 bits long – in other words about 1000 hashes
1000 requests for £200 1000 request for £8000
2. Pay Fred Piper £200 Pay Fred Piper £8000
2.
3. Pay F. Piper £200 3. Pay F. Piper £8000
4. Pay F.C. Piper two hundred 4. Pay F.C. Piper eight thousand
pounds pounds
5. Pay F.C. Piper two hundred 5. Pay F.C. Piper eight thousand
pounds only pounds only
6. Pay two hundred pounds to 6. Pay eight thousand pounds to Mr
Mr Fred Piper Fred Piper
7. …. 7. ….
Since there are only 1000 different possible values of the hash, there is
a very good chance that there will be at least one match…
V.E.S.I.T_M.C.A Nishi TIku 12
Using Hash for Authentication

 Alice to Bob: challenge rA

 Bob to Alice: MD(KAB|rA)
 Bob to Alice: rB
 Alice to Bob: MD(KAB|rB)
 Only need to compare MD results

V.E.S.I.T_M.C.A Nishi TIku 13

Using Hash to Compute MAC
 Cannot just compute MD(m) MD(m’)
 MAC: MD(KAB|m)
 Allows concatenation with additional message:
MD(KAB|m|m’)
MD through chunk n depends on MD
through chunks n-1 and the data in
chunk n
 Put secret at the end of message:
 MD(m| KAB) (collision)
 Use only ½ the bits of msg. digest as MAC (64)
 MD( KAB |m | KAB)
 HMAC MD(MD( KAB |mNishi
V.E.S.I.T_M.C.A ) TIku 14
Using Hash to Encrypt
 One-time pad ( similar to o/p feedback mode)
 compute bit streams using MD, IV and K
b1=MD(KAB|IV), b2=MD(KAB| b1) , … bi= MD(KAB| bi-1)
 ⊕ with message blocks
 Both the sender and the receiver calculate it in
advance.
 Or mixing in the plaintext (used for integrity
check)
 similar to cipher feedback mode (CFB) ( j bits of
encrypt. IV ⊕ j bits of plain text)
 b1=MD(KAB|IV), c1= p1 ⊕ b1
 b2=MD(KAB| c1), c2= p2 ⊕ b2

V.E.S.I.T_M.C.A Nishi TIku 15

Using Secret Key for a Hash
 Unix password algorithm:
 Compute hash of user password, store the hash (not the
password), and compare the hash of user-input
password.
 First 8 characters of password used to form a secret
key.
 This key is now used with a DES-like algorithm for
encryption
 Off line guessing ;forgot the password?
 Salt:
 12-bit random number formed by the sys. and
process ID.
 Salt stored with hashed result.

V.E.S.I.T_M.C.A Nishi TIku 16

MD2

 Msg . Digest algo. developed by Ron Rivest

 Has its roots in its predecessor ( MD )
 128-bit message digest:
 Arbitrary number of octets
 Padding is a multiple of 16 octets(also called as
checksum)
 Append MD2 checksum (16 octets) to the end
 The checksum is almost a MD, but not
cryptographically secure by itself.
 Process whole message

V.E.S.I.T_M.C.A Nishi TIku 17

MD2 padding

Original msg. padding

Multiple of 16 octets

V.E.S.I.T_M.C.A Nishi TIku 18

MD2 Checksum computation
 A 16-byte checksum of the message is appended to the result of the previous step.This
step uses a 256-byte "random" permutation constructed from the digits of pi. Let S[i]
denote the i-th element of this table. The table is given below
41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6, 19,98, 167, 5, 243,
192, 199, 115, 140, 152, 147, 43, 217, 188, 76, 130, 202, 30, 155, 87, 60, 253, 212,
224, 22, 103, 66, 111, 24, 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73,
160, 251, 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63, 148, 194,
16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50, 39, 53, 62, 204, 231, 191,
247, 151, 3, 255, 25, 48, 179, 72, 165, 181, 209, 215, 94, 146, 42, 172, 86, 170, 198,
79, 184, 56, 210, 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157,
112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27, 96, 37, 173, 174,
176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15, 85, 71, 163, 35, 221, 81, 175, 58,
195, 92, 249, 206, 186, 197, 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205,
244, 65, 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123, 8, 12, 189,
177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233, 203, 213, 254, 59, 0, 29, 57,
242, 239, 183, 14, 102, 88, 208, 228, 166, 119, 114, 248, 235, 117, 75, 10, 49, 68,
80, 180, 143, 237, 31, 26, 219, 153, 141, 51, 159, 17, 131, 20
Do the following: /* Clear checksum. */
For i = 0 to 15 do:
Set C[i] to 0. end /* of loop on i */
Set L to 0. /* Process each 16-word block. */
For i = 0 to N/16-1 do /* Checksum block i. */
For j = 0 to 15 do Set c to M[i*16+j]. Set C[j] to S[c xor L].
Set L to C[j]. end /* of loop on j */ end /* of loop on i */

V.E.S.I.T_M.C.A Nishi TIku 19

MD2 Checksum

 MD2 checksum is a 16 octet quantity

 Checksum calculations processes one octet
at a time, k × 16 steps
 mnk: byte nk of message
 cn=π(mnk ⊕ cn-1) ⊕ cn
 π : 0 → 41, 1 → 46, …
 Substitution on 0-255 (value of the byte)

explain diag. 1

V.E.S.I.T_M.C.A Nishi TIku 20

MD2 Final Pass
 Msg.+ padding + checksum
 Operate on 16-octect chunks
 48-byte quantity q:
 (16 octet current digest+ msg.chunk+digest⊕chunk)
 18 passes of processing
 cn=π(cn-1) ⊕ cn for n = 0, … 47; c-1 = 0 for pass
0; c-1 = (c47 + pass #) mod 256
 After pass 17, use first 16 bytes as new digest

Explain diag2
V.E.S.I.T_M.C.A Nishi TIku 21
MD4
 MD4 was designed to be a 32 bit –word –
oriented so that it can be computed faster on
32 bit CPUs than an octet oriented scheme as
in MD2
 Can handle messages with an arbitrary no. of
bits ( as against integral no. of octets)
 Is computed in a single pass over data ( with
more intermediate states)

V.E.S.I.T_M.C.A Nishi TIku 22

MD4
 Msg. Padding
original msg. is padded by adding a 1 bit , followed by
enough o bits to leave the msg. 64 bits< multiple of 512
bits ( e;g if the original length is 1000 bits +472)

1-512 bits 64 bits

original msg. 1000…000 original length in bits

Multiple of 512 bits

V.E.S.I.T_M.C.A Nishi TIku 23

MD4
 Message digest computation
msg. Digest is a 128 bit quantity (four– 32
bit words)
msg. is processed in 512 bit ( 16 – 32 bit
word blocks)
 Compression fn.
fn. that takes 512 bits of the msg. and
digests it with the previous 128 bit o/p

V.E.S.I.T_M.C.A Nishi TIku 24

MD4 (overview of MD4, MD5 , SHA-1)

constant Padded msg.

512 bits
digest . . .

512 bits
digest
.
.
.

512 bits
digest
. Diag.3

Msg. digest V.E.S.I.T_M.C.A Nishi TIku 25

MD4
 Each stage starts with
16 word msg. Block (m0 ,m1 ,m2… ,m15)
4 word msg. diget value (d0 , d1 , d2, d3 , d4)
where d 0 is initialized to 67452301 to the base
16
d1 is initialized to efcdab89 to the
base 16
d2 is initialized to98badcfe to the
base 16
d3 is initialized to 10325476 to the
base 16
written in concatenation
Each pass modifies d0 …. d3 using mo………..m15
V.E.S.I.T_M.C.A Nishi TIku 26
MD4
~x is the bitwise complement of the 32 bit quantity x
x∧y is the bitwise and of the 32 bit quantities x and y
x∨ y is the bitwise or of the 32 bit quantities x and y
x⊕y is the bitwise exclusive or of the 32 bit quantities
x and y
x+y is binary sum of the 32 bit quantities x and y
( carry of the higher order bit discarded )
x↵y is x left rotate y bits

V.E.S.I.T_M.C.A Nishi TIku 27

MD4 msg. digest Pass 1

Selection formula:
d(-i) ∧ 3= d(-i) ∧ 3 +F(d (1-i) ∧3,d (2-i) ∧3,d (3-i) ∧ 3 , +mi)↵S1(i ∧3)

d0 = ( do+F(d1,d2,d3) +m0 )↵ 3
d3 =( d3 +F(do,d1,d2) +m1 ) ↵ 7
d2 =( d2+F(d3,d0,d1) +m2 )↵ 11
d1 =( d1+F(d2,d3,d0) +m3 ↵ 15
do =( do+F(d1,d2,d3) +m0 ↵ 3
where
F(x,y,z) is defined as (x∧y ) ∨ (~ x∧z)
V.E.S.I.T_M.C.A Nishi TIku 28
MD4 msg. digest Pass 2

 Majority fn.
G(x,y,z) is defined as (x∧y ) ∨ (x∧z) ∨ ( y∧z )
For each int.i from 0 thru 15

d(-i) ∧ 3= d(-i) ∧ 3 +G(d (1-i) ∧ 3 , d (2-i) ∧ 3 , d (3-i) ∧ 3 , ↵

+m (X(I)) +5a827999 16) )

S 2 (i ∧3)

V.E.S.I.T_M.C.A Nishi TIku 29

MD4 msg. digest Pass 2

d0 = ( do+G(d1,d2,d3) +m0 +5a827999)↵ 3

d3 =( d3 +G(do,d1,d2) +m4+5a827999 16 ) ↵ 5
d2 =( d2+G(d3,d0,d1) +m8+ 5a827999 16 + )↵ 9
d1 =( d1+G(d2,d3,d0) +m12+5a827999 16 ) ↵ 13
do =( do+G(d1,d2,d3) +m1 + 5a827999 16 )↵ 3

V.E.S.I.T_M.C.A Nishi TIku 30

 MD4 msg. digest Pass 3

Fn H(x,y,z) is defined as x ⊕ y ⊕ z
d(-i) ∧ 3= d(-i) ∧ 3 +G(d (1-i) ∧ 3 , d (2-i) ∧ 3 , d (3-i) ∧ 3 , +m (X(I))
+5a827999 16↵S 3(i ∧3)

d0 = ( do+H(d1,d2,d3) +m0 +6ed9eba1 16 )↵ 3

d3 =( d3 +H(do,d1,d2) +m8+ 6ed9eba1 16 ) ↵ 9
d2 =( d2+H(d3,d0,d1) +m4+ 6ed9eba1 16+ )↵ 11
d1 =( d1+H(d2,d3,d0) +m12+ 6ed9eba1 16 ) ↵ 15
do =( do+H(d1,d2,d3) +m2 + 6ed9eba1 16 ) ↵ 3

V.E.S.I.T_M.C.A Nishi TIku 31

MD4 Algorithm Description
 MD4 overview
 pad message so its length is 448 mod 512
 append a 64-bit message length value to message
 initialise the 4-word (128-bit) buffer (A,B,C,D)
 process the message in 16-word (512-bit) chunks,
using 3 rounds of 16 bit operations each on the
chunk & buffer
 output hash value is the final buffer value
 some progress at cryptanalysing MD4 has been made,
with a small number of collisions having been found
 MD5 was designed as a strengthened version, using
four rounds, a little more complex than in MD4.
 a little progress at cryptanalysing MD5 has been made
with a small number of collisions having been found

V.E.S.I.T_M.C.A Nishi TIku 32

MD5: Message Digest Version 5
 Less concerned with speed ,more concerned
with security
 Like MD4 , MD5 msg. is processed in 512 bit
blocks (sixteen 32 bit words)
 MD is 128 bit quantity (four 32 bit words)
 Refer to diag 3
 Each stage makes 4 passes over each 16
octet chunk using a different constt for each
msg. word on each pass
 Ti= int(232 * abs(sin(i))), i ranges between 1
and 64

V.E.S.I.T_M.C.A Nishi TIku 33

MD5: Message Digest Version 5

input Message

Output 128 bits Digest

V.E.S.I.T_M.C.A Nishi TIku 34

MD5 Box

512-bit message chunks (16 32 bit

words)
Initial F: (x∧y)∨(~x ∧ z)
128-bit vector G:(x ∧ z) ∨(y ∧~ z)
H:x⊕y⊕ z
I: y⊕(x ∧ ~z)
+: binary sum
x↵y: x left rotate y bits

128-bit result 4 32 bit words

V.E.S.I.T_M.C.A Nishi TIku 35
MD5: Padding
1 2 3 4
input Message

512 bit block Padding

Initial Value
MD5 Transformation block by block

Output 128 bits Digest Final Output

V.E.S.I.T_M.C.A Nishi TIku 36

Padding Twist
 Given original message M, add padding bits
such that resulting length is 64 bits less than a
multiple of 512 bits.
 Append (original length in bits mod 264),
represented in 64 bits to the padded message
 Final message is chopped 512 bits a block

V.E.S.I.T_M.C.A Nishi TIku 37

MD5 Process
 As many stages as the number of 512-bit
blocks in the final padded message
 Digest: 4 32-bit words: MD=A|B|C|D
 Every message block contains 16 32-bit
words: m0|m1|m2…|m15
 Digest MD0 initialized to:
A=01234567,B=89abcdef,C=fedcba98,
D=76543210
 Every stage consists of 4 passes over the
message block, each modifying MD

V.E.S.I.T_M.C.A Nishi TIku 38

MD5 msg. digest Pass 1

d0 = ( d1+d0+F(d1,d2,d3) +m0 +T1 )↵ 7

d3 =( d0 + d3+ F(do,d1,d2) +m1 +T2 ) ↵ 12
d2 =( d3+ d2+ F(d3,d0,d1) +m2 +T3 )↵ 17
d1 =( d2+ d1+ F(d2,d3,d0) +m3 +T14)↵ 22
do =( d1+ d0+ F(d1,d2,d3) +m0 +5)1 ↵ 7

V.E.S.I.T_M.C.A Nishi TIku 39

MD5 msg. digest Pass 2

d0 = d1+ ( do+G(d1,d2,d3) +m1 +T17)↵ 5

d3 = d0+ ( d3 +G(do,d1,d2) +m6+T 18 ) ↵ 9
d2 = d3+ ( d2+G(d3,d0,d1) +m11+ T19 )↵ 14
d1 = d2+ ( d1+G(d2,d3,d0) +m10+T 20 ) ↵ 20
do = d1+ ( do+G(d1,d2,d3) +m5 + T21 ) ↵ 5

V.E.S.I.T_M.C.A Nishi TIku 40

MD5 msg. digest Pass 3

Fn H(x,y,z) is defined as x ⊕ y ⊕ z

d0 = d1+( do+H(d1,d2,d3) +m5 +T 33)↵ 4

d3 =d0+( d3 +H(do,d1,d2) +m8+T 34 ) ↵ 11
d2 =d3+( d2+H(d3,d0,d1) +m11+ T35+ )↵ 16
d1 =d2+( d1+H(d2,d3,d0) +m14+ T 36) ↵ 23
do =d1+( do+H(d1,d2,d3) +m1 + T37 ) ↵ 4

V.E.S.I.T_M.C.A Nishi TIku 41

MD5 msg. digest Pass 4

Fn I(x,y,z) is defined as x ⊕(x ∨ ~ z)

d0 =d1+ ( do+I (d1,d2,d3) +m0 + T49 )↵ 6

d3 =d0+( d3 +I(do,d1,d2) +m7+ T 150) ↵ 10
d2 =d3+( d2+I(d3,d0,d1) +m14+ T51)↵ 15
d1 =d2+( d1+I(d2,d3,d0) +m15+ T 152) ↵ 21
do =d1+( do+I(d1,d2,d3) +m12 + T 53) ↵ 6

V.E.S.I.T_M.C.A Nishi TIku 42

MD5 Blocks

512: B1
512: B2
MD5
512: B3
MD5
512: B4
MD5
MD5

Result
V.E.S.I.T_M.C.A Nishi TIku 43
Processing of Block mi - 4 Passes
mi MDi

ABCD=fF(ABCD,mi,T[1..16])

A B C D
ABCD=fG(ABCD,mi,T[17..32])

ABCD=fH(ABCD,mi,T[33..48])

ABCD=fI(ABCD,mi,T[49..64])

+ + + +
V.E.S.I.T_M.C.A Nishi TIku 44
MD i+1
Process within a round
Other constants t
16 sub blocks
64 elements
M[0] to M[15[

One round

a b c d

V.E.S.I.T_M.C.A Nishi TIku 45

One MD5 operation
a d
a b
c
step1
add step2
Process P
add step3
M[I]

add
T[k] step4

add step5

add step6

step7

a V.E.S.I.T_M.C.A NishicTIku 46
a b d
Different Passes...
 Different functions and constants are used
 Different set of mi is used
 Different set of shift amount is used

V.E.S.I.T_M.C.A Nishi TIku 47

MD5( strengths/weaknesses)
 Two msgs. that produce same MD for each of
the four msg. rounds , but not for all the
rounds taken together
 Pseudo collision: execution of MD5 on a single
512 bit block produces the same o/p for two
diff. values in the chaining var. register abcd
 Execution of MD5 on two diff. 512 bit block
produces the same 128 bit o/p, but not
generalized to the full msg. block

V.E.S.I.T_M.C.A Nishi TIku 48

Hash stuff
 Most popular hash today SHA-1 (secure hash
algorithm)
 Older ones (MD2, MD4, MD5) still around
 Popular secret-key integrity check: hash
together key and data
 One popular standard for that : HMAC

V.E.S.I.T_M.C.A Nishi TIku 49

Secure Hash Algorithm
 Developed by NIST, specified in the Secure
Hash Standard (SHS, FIPS Pub 180), 1993
 SHA is specified as the hash algorithm in the
Digital Signature Standard (DSS), NIST
 Modified version of MD4

V.E.S.I.T_M.C.A Nishi TIku 50

General Logic
 Input message must be < 264 bits
 not really a problem

 Message is processed in 512-bit blocks

sequentially
 Message digest is 160 bits
 SHA design is similar to MD5, but a lot stronger
 SHA was designed to be infeasible to :
obtain the original msg. given its MD
find two msgs. producing the same MD

V.E.S.I.T_M.C.A Nishi TIku 51

Basic Steps
Step1: Padding
Step2: Appending length as 64 bit unsigned
Step3 : Divide the I/p into 512 bit blocks
Step4: Initialize MD buffer ( chaining vars.) into
5 32-bit words
A|B|C|D|E
A = 67452301
B = efcdab89
C = 98badcfe
D = 10325476
E = c3d2e1f0

V.E.S.I.T_M.C.A Nishi TIku 52

Basic Steps...
Step 5: the 80-step processing of 512-bit blocks –
4 rounds, 20 steps each.
Each step t (0 <= t <= 79):
 Input:

 Wt – a 32-bit word from the message

 Kt – a constant ABCDE: current MD.
 Output:
 ABCDE: new MD.

V.E.S.I.T_M.C.A Nishi TIku 53

Basic Steps...
 Only 4 per-round distinctive additive constants ( as
against 64 constants in MD5)
0 <=t<= 19 Kt = 5A827999
20<=t<=39 Kt = 6ED9EBA1
40<=t<=59 Kt = 8F1BBCDC
60<=t<=79 Kt = CA62C1D6

V.E.S.I.T_M.C.A Nishi TIku 54

Basic Steps - The Heart Of The
Matter

A B C D E

+
ft
+
CLS5
Wt
+

CLS30 Kt
+

A B C
V.E.S.I.T_M.C.A Nishi TIku
D E 55
Basic Logic Functions
 Only 3 different functions

Round Function ft(B,C,D)

0 <=t<= 19 (B∧C)∨(~B ∧D)
20<=t<=39 B⊕C⊕D
40<=t<=59 (B∧C)∨(B∧D)∨(C∧D)
60<=t<=79 B⊕C⊕D

V.E.S.I.T_M.C.A Nishi TIku 56

Twist With Wt’s

 Additional mixing used with input message

512-bit block
W0|W1|…|W15 = m0|m1|m2…|m15
For 15 < t <80:
Wt = s (Wt-16 ⊕Wt-14 ⊕Wt-8 ⊕Wt-3)
 XOR is a very efficient operation, but with
multilevel shifting, it should produce very
extensive and random mixing!

V.E.S.I.T_M.C.A Nishi TIku 57

MAC,HMAC

V.E.S.I.T_M.C.A Nishi TIku 58