Hash Functions And

Digital signature’s
Prepared by Kinfe Tek.
RSA- PUBLIC-KEY CRYPTOGRAPHY
 Public-key cryptography is also known as asymmetric-key
cryptography, to distinguish it from the symmetric-key cryptography
we have studied thus far.
 Encryption and decryption are carried out using two different keys.
The two keys in such a key pair are referred to as the public key and
the private key.
 Party A, if wanting to communicate confidentially with party B, can
encrypt a message using B’s publicly available key. Such a
communication would only be decipherable by B as only B would
have access to the corresponding private key. This is illustrated by the
top communication link in Figure 1. A’s public and private keys are
designated PUA and PRA. B’s public and private keys are designated
PUB and PRB.
RSA – PUK/PIK
 As a direct consequence of the Euler’s Theorem state that when
“a” and “n” are relatively prime, in arithmetic operations a
power of m mod n, the exponents behave modulo the totient
φ(n) of n.

 Considering arithmetic modulo n, let’s say that e is an integer that

is coprime to the totient φ(n) of n. Further, say that d is the
multiplicative inverse of e modulo φ(n). These definitions of the
various symbols are listed below for convenience:
RSA- PUK/PIK
 n = a modulus for modular arithmetic
 φ(n) = the totient of n
 e = an integer that is relatively prime to φ(n) [This guarantees that e
will possess a multiplicative inverse modulo φ(n)]
 d = an integer that is the multiplicative inverse of e modulo φ(n)
RSA - Confidentiality

 Party A wants to send a message to Party B When only

confidentiality is needed:
 RSA - Authentication
 Party A, if wanting to send an authenticated message to party B,
would encrypt the message with A’s own private key. Since this
message would only be decipherable with A’s public key, that
would establish the authenticity of the message — meaning that A
was indeed the source of the message. This is illustrated by the
middle communication link in Figure 1.

 When only authentication is needed:

RSA – Confidentiality + Authentication
 The communication link at the bottom of Figure 1 shows how
public-key encryption can be used to provide both confidentiality
and authentication at the same time. Note again that confidentiality
means that we want to protect a message from eavesdroppers and
authentication means that the recipient needs a guarantee as to the
identity of the sender.
Digital Signature(DSA)

 The sender A encrypting his/her message with its own private key PRA
provides authentication. This step constitutes A putting his/her digital
signature on the message. Instead of applying the private key to the
entire message, a sender may also “sign” a message by applying his/her
private key to just a small block of data that is derived from the message
to be sent. The sender A further encrypting his/her message with the
receiver’s public key PUB provides confidentiality.
 The price paid for achieving confidentiality and authentication at the
same time is that now the message must be processed four times in all
for encryption/decryption. The message goes through two encryptions
at the sender’s place and two decryptions at the receiver’s place. Each of
these four steps involves separately the computationally complex public-
key algorithm.
Model of Digital Signature(DSA)

 Digital signature is a technique that binds a person/entity to the

digital data. This binding can be independently verified by receiver
as well as any third party. Digital signature is a cryptographic value
that is calculated from the data(from specific data some times- birth
date certificate) and a secret key known only by the signer.
 In real world the receiver of message needs assurance that the
message belongs to the sender and he should not be able to
repudiate the origination of that message. This requirement is very
crucial in business applications, since likelihood of a dispute over
exchanged data is very high.
The Model of DSA

 Model of digital signature scheme is depicted in the following

illustration − following points explain the entire process in detail.
The Model - DSA
 Each person adopting this scheme has a public-private key pair.
 Generally, the key pairs used for encryption/decryption and
signing/verifying are different. The private key used for signing is
referred to as the signature key and the public key as the
verification key.
 Signer feeds data to the hash function and generates hash of data.
 Hash value and signature key are then fed to the signature
algorithm which produces the digital signature on given hash.
Signature is appended to the data and then both are sent to the
verifier.
 Verifier feeds the digital signature and the verification key into the
verification algorithm. The verification algorithm gives some
value as output.
The Model - DSA
 Verifier also runs same hash function on received data to generate
hash value.
 For verification, this hash value and output of verification
algorithm are compared. Based on the comparison result, verifier
decides whether the digital signature is valid.
 Since digital signature is created by ‘private’ key of signer and no
one else can have this key; the signer cannot repudiate signing the
data in future.
DSA and RSA
 It should be noticed that instead of signing data directly by signing
algorithm, usually a hash of data is created. Since the hash of data is a
unique representation of data, it is sufficient to sign the hash in place
of data. The most important reason of using hash instead of data
directly for signing is efficiency of the scheme.
 Let us assume RSA is used as the signing algorithm. As discussed in
public key encryption chapter, the encryption/signing process using
RSA involves modular exponentiation.
 Signing large data through modular exponentiation is
computationally expensive and time consuming. The hash of the data
is a relatively small digest of the data, hence signing a hash is more
efficient than signing the entire data.
 Note that DSA can only be used for signing/verification, whereas RSA
can be used for encryption/decrypt as well.
Importance of DSA
 Out of all cryptographic primitives, the digital signature using public key
cryptography is considered as very important and useful tool to achieve
information security. Apart from ability to provide non-repudiation of
message, the digital signature also provides message authentication and data
integrity. Let us briefly see how this is achieved by the digital signature −
 Message authentication − When the verifier validates the digital signature
using public key of a sender, he is assured that signature has been created
only by sender who possess the corresponding secret private key and no
one else.
 Data Integrity − In case an attacker has access to the data and modifies
it, the digital signature verification at receiver end fails. The hash of
modified data and the output provided by the verification algorithm will
not match. Hence, receiver can safely deny the message assuming that
data integrity has been breached.
 Non-repudiation − Since it is assumed that only the signer has the
knowledge of the signature key, he can only create unique signature on a
given data. Thus the receiver can present data and the digital signature
to a third party as evidence if any dispute arises in the future.
Cryptographic Hash Functions
 A cryptographic hash function is a special class of hash
function that has certain properties which make it suitable for use
in cryptography. It is a mathematical algorithm that maps data of
arbitrary size to a bit string of a fixed size (a hash) which is
designed to also be a one-way function, that is, a function which
is infeasible to invert. The only way to recreate the input data
from an ideal cryptographic hash function's output is to attempt
a brute-force search of possible inputs to see if they produce a
match, or use a rainbow table of matched hashes.
 The input data is often called the message, and the output
(the hash value or hash) is often called the message digest or
simply the digest.
Cryptographic Hash Functions
 it is deterministic so the same message always results in the same
hash
 it is quick to compute the hash value for any given message
 it is infeasible to generate a message from its hash value except by
trying all possible messages
 a small change to a message should change the hash value so
extensively that the new hash value appears uncorrelated with the
old hash value
 it is infeasible to find two different messages with the same hash
value
Cryptographic Hash Functions

 A cryptographic hash function (specifically SHA-1) at work. A small change in

the input (in the word "over") drastically changes the output (digest). This is
the so-called avalanche effect.
Cryptographic Hash Functions
 Hash Functions
 MD2/MD4/MD5/MD6/SHA-0/SHA-1/SHA-2
 Cryptographic hash functions have many information-
security applications, notably in digital signatures, message
authentication codes (MACs), and other forms of authentication.
They can also be used as ordinary hash functions, to index data
in hash tables, for fingerprinting, to detect duplicate data or
uniquely identify files, and as checksumsto detect accidental data
corruption. Indeed, in information-security contexts,
cryptographic hash values are sometimes called
(digital) fingerprints, checksums, or just hash values, even though
all these terms stand for more general functions with rather
different properties and purposes.
MD5- Message Digest
 The MD5 algorithm is a widely used hash function producing a
128-bit hash value. Like most hash functions, MD5 is neither
encryption nor encoding. MD5 was designed by Ronald Rivest in
1991 to replace an earlier hash function MD4.[3] The source code
in RFC 1321 contains a "by attribution" RSA license. The
abbreviation "MD" stands for "Message Digest.“
 MD5 was designed by Ronald Rivest in 1991 to replace an earlier
hash function MD4. it is based on Merkle–Damgård construction,
with 4 rounds, each of these has 16 operations.
MD5 – Structure

MD5- Algorithm
 MD5 processes a variable-length message into a fixed-length
output of 128 bits. The input message is broken up into chunks of
512-bit blocks (sixteen 32-bit words); the message is padded so
that its length is divisible by 512.
 The main MD5 algorithm operates on a 128-bit state, divided into
four 32-bit words, denoted A, B, C, and D. These are initialized
to certain fixed constants. The main algorithm then uses each 512-
bit message block in turn to modify the state. The processing of a
message block consists of four similar stages, termed rounds; each
round is composed of 16 similar operations based on a non-linear
function F, modular addition, and left rotation.
 MD5 Steps
 In a word, MD5 consists of two phases: padding phase and compression
phase. In the padding phase, some extra bits (1 to 512bits) are appended to
the input message. The result bits is congruent to 448 mod 512. Then the
length of the initial message is transformed to a 64-bit binary-string (if the
length is greater than 264, the lower 64-bit is used) and this 64 bits is added
to the tail of the message too. So the padding phase ends with a bit stream
that consists of one or more 512-bit blocks. In the compression phase, a
compression function is used on each 512-bit block and generates a 128-bit
output. The output is always involved in the calculation of next round.
 For convenience, we describe the algorithm through the following five
steps:
 Step 1: add padding bits behind the input message. This step is to elongate
the initial message and make its length be congruent to 448 mod 512. First,
a single bit “1” is appended to the message. Then, a series of “0” bits are
appended so that Length(the padded message)  448 mod 512
MD5- Steps
 For example, suppose the initial message has 1000 bits. Then this
step will add 1 bit “1” and 471 bits “0”. As another example,
consider a message with just 448 bits. Since the algorithm doesn’t
check whether the initial length is congruent to 448 mod 512, one
bit “1” and 511 bits “0” will be appended to the message.
Therefore, the padding bits’ length is at least one and at most 512.
 Step 2: Add a 64-bit binary-string which is the representation of
the message’s length. Here, please pay attention to the meaning
of the 64-bit binary-string. You shouldn’t regard it as first 64 bits
of the initial message. It is indeed the binary representation of the
length of the initial message. For example, suppose the message is
1000bits long. Its 64-bit binary representation would be
0x00000000000003E8. If the message is very long, greater than
264, only the lower 64 bits of its binary representation are used.
MD5 - Steps
 Step 3: Buffer initialization-
 A four-word buffer (A, B, C, D) is used to compute the message digest.
Each of A, B, C, D is a 32-bit register. These registers are initialized to the
following values in hexadecimal, low-order bytes first):
A = 0x67452301
B = 0xEFCDAB89
C = 0x98BADCFE
D = 0x10325376
MD5- Steps
 Steps 4: Compress every 512-bit block
 Figure illustrates one operation within a round. There are four
possible functions; a different one is used in each round:
MD5- Compression
 MD5 consists of 64 of these operations, grouped in four rounds
of 16 operations. F is a nonlinear function; one function is used in
each round(F, G, H,I). Mi denotes a 32-bit block of the message
input, and Ki denotes a 32-bit constant, different for each
operation.
 <<<s denotes a left bit rotation by s places; s varies for each
operation.
 Denotes addition modulo 232.
 There are four possible functions; a different one is used in each
round:
MD5- Round 1
 [ABCD k s i] denote the operation A=B +((A + F (B, C, D) +M[k]+[i])
<<< s).
 Do the following 16 operations in round 1.

 Example. : Suppose a message “ Hello World! ", which is of length

12 bytes, calculate the length of input message and padding value.
 [0]=72 [4] =111 [8]=114
 [1]=101 [5]=32 [9]=108
 [2] =108 [6]= 87 [10]=100
 [3] =108 [7]=111 [11]=33
 Example
 Step 1: Padding is performed as follows: In this case, the message fits a
single 512 bit block, so we will add 448 – 12*8 = 352 padding bits (it
will start with “1” then 351 “0”s). A single "1" bit is appended to the
message, and then "0" bits are appended, so that the length in bits of the
padded message becomes congruent to 448, modulo 512. In all, at least
one bit and at most 512 bits are appended.
 Step 2. Append Length : Ex. The length of message in bits is 96 bits ==
00000000 00000000 00000000 0000000000000000 00000000
00000000 01100000… Taking low order byte first will result in
 [0]=96
 [1]=0
 [2]=0
 [3]=0
 [4]=0
 [5]=0
 [6]=0
 [7] =0