SUBMITTED TO: SUBMIITED
DR: PAUL DARWEN LOVEJEET KAUR
report is about cryptographic hash functions. Cryptographic
hash functions are a basic technology used in many encryption methods. A cryptographic
hash function is a type of security mechanism that produces a hash value,
message digest or checksum value for a specific data object. Data oriented
companies can use any type of cryptographic hash functions.
are many types of cryptographic hash functions. We can basically divide it into
cryptographic hash functions
cryptographic hash functions
cryptographic hash functions include popular ones like MD5 and SHA-1.
MD5 is a
popular Hash Function producing a 128-bit hash value and used by numerous
individuals around the globe.
similar to MD5 and produces a 160-bit message digest.
Newer cryptographic hash functions are
supposed to be better, like BLAKE2, SHA-3, and Tiger.
BLAKE2 is a cryptographic hash function faster than MD5, SHA-1, SHA-2, and SHA-3, yet is at least as
secure as the latest standard SHA-3. BLAKE2 has been adopted by many
projects due to its high speed, security, and simplicity.
SHA-3 is designed to provide a random mapping from a
string of binary data to a fixed-size “message digest” and achieve certain
Tiger is designed to run on
64-bit platforms. The size of a Tiger hash value is 192 bits.
As a result, I think data-oriented companies should use
Newer cryptographic hash functions because these are better than older ones and
have new improvements and features.
A hash work takes a gathering
of characters (called a key) and maps it to an estimation of a specific length
(called a hash esteem or hash). The hash esteem is illustrative of the first
series of characters which is ordinarily littler than the first.
Hashing is improved the
situation ordering and finding things in databases since it is simpler to
locate the shorter hash an incentive than the more drawn out string. Hashing is
likewise utilized as a part of encryption.
This term is otherwise called
a hashing calculation or message process work.
Hash function takes
an input of arbitrary or almost arbitrary length to one whose length is a fixed
number like 160 bits. These are
used in many parts of cryptography and there are many different types of hash functions, with differing
of hash function
Hash tables are one of the most useful data
structures ever invented. Unfortunately, they are also one of the most misused.
Code built using hash tables often falls far short of achievable performance.
There are two reasons for this:
· Clients choose poor hash functions that do not
act like random number generators, invalidating the simple uniform hashing
· Hash table abstractions do not adequately
specify what is required of the hash function or make it difficult to provide a
good hash function.
A cryptographic hash function
takes an information (or ‘message’) and returns a fixed-size alphanumeric string. The string is known as
the ‘hash esteem’, ‘message process’, ‘advanced unique mark’, ‘process’ or
It should have three
It is simple to ascertain a hash for any given
2. It is
computationally hard to figure an alphanumeric content that has a given hash.
3. It is
improbable that two unique messages will have a similar hash.
A cryptographic hash
function is a kind of algorithm that can be run on a piece of data, like an
individual file or a password, to produce a value
called a checksum. Its main use is to verify the
authenticity of a piece of data.
History and Definitions
Cryptographic hash functions
map input strings of arbitrary (or very large) length to short fixed length
output strings. In their 1976 seminal paper on public key cryptography, Diffie
and Hellman identified the need for a one-way hash function as a building block
of a digital signature scheme. The first definitions, analysis and
constructions for cryptographic hash functions can be found in the work of
Rabin, Yuval, and Merkle of the late 1970s. Rabin proposed a design with a
64-bit result based on the block cipher DES, Yuval showed how to find
collisions for an n-bit hash function in time 2n/2 with the birthday paradox,
and Merkle’s work introduced the requirements of collision resistance, second
preimage resistance, and preimage resistance. In 1987, Damg?ard formalized the
definition of collision resistance, and two years later Naor and Yung defined a
variant of seoncd preimage resistant functions called Universal One-Way Hash
Functions (UOWHFs). In 2004 Rogaway and Shrimpton formally studied the relations between
collision resistance and several flavors of preimage resistance and second
preimage resistance. Hash functions should also destroy the algebraic structure
of the signature scheme; typical examples are the Fiat-Shamir heuristic and
Coppersmith’s attack on the hash function in X.509 Annex D that was intended
for use with RSA (this attack breaks the signature scheme by constructing
message pairs (x, x0 ) for which h(x) = 256 · h(x )). This development resulted
in the requirement that hash functions need an ‘ideal’ behavior which would
allow them to instantiate the theoretical concept of random oracles.
Constructions of MAC algorithms based on hash functions (such as HMAC) have
resulted in the requirement that the hash function can be used to construct
pseudo-random functions, which has a.o. been studied by Bellare et al.
OF CRYPTOGRAPHIC HASH FUNCTION
are many types of cryptographic hash functions. Some of them are older but
popular as well like MD5 and SHA-1 and Some are newer ones that supposed to be
better like BLAK2, SHA-3 and Tiger. These types are discussed in detail in
cryptographic hash functions
MD5 is a popular Hash Function
producing a 128-bit hash value and used by numerous
individuals around the globe. It is Created by Professor Ronald L. Rivest of
MIT in 1991. It
is an updated version of MD4. MD5 (message digest algorithm) is one-way function that produce a
“fingerprint”. essentially, they map something with a lot of bits
down to just a few bits (128 in the case of MD5) in such a way that collisions
are as rare as possible. MD5 was designed especially to run on 32-bit processors
It has two purposes:
the honesty of a document after a predefined timeframe
Hash esteems for a specific bit of information ( Ex: document) and store them,
for later cross checking if the record has been adjusted or not.
Examples of framework which contains a record called
MD5 takes as information a
message of subjective length and creates as yield a 128-piece “unique
mark” or “message process”. It is computationally infeasible to
deliver any message having a given prespecified target message process. The MD5
calculation was planned for advanced mark applications, where a vast record
must be “packed” in a safe way before being marked with a private
(mystery) key under an open key cryptosystem, for example, RSA. Be that as it
may, commonsense assaults on the impact protection of MD5 exist 1, and it
ought to along these lines not be utilized with advanced marks or some other
application requiring crash protection.
MD5 consists of 64 of these operations, grouped in four
rounds of 16 operations. F is used in each round which is nonlinear function.
Mi denotes the message input of 32 bit, and Ki which is different for each
operation and is 32-bit constant. s is a left bit rotation by s.The main
algorithm MD5 is divided into A, B, C and D which operates on 128 bit where
each carry 32 bits.These are constants which are initialized into,
A = 0x67452301 B =
0xEFCDAB89 C = 0x98BADCFE D = 0x10325376
The processing consists of four same stages and each stage
is composed of similar 16 operations. The figure denotes one such kind of
operation. F (B,C,D)=(B AND C) OR (NOT B AND D) G (B,C,D)= (B AND D) OR ( C AND
NOT D) H (B,C,D)= B XOR C XOR D I (B,C,D)= C XOR (B OR NOT D)
The output is called
a hash value, a fingerprint or a message digest.
· It is useful because we
can compare and store small hashes much more easily than the entire original
· It can be utilized to check something without
fundamentally giving ceaselessly the first data. For example, Unix stores
hashes of passwords rather than the passwords themselves.
· MD5 is very collision
· It provides fast
· It provides one-way
· It is popular globally.
· It has known security
flaws and vulnerabilities.
· It is less secure than
the SHA-1 algorithm MD5.
· MD5 use Davies-Meyer construction with certain block
ciphers that do not see much use on
works similar to MD5 and produces a 160-bit message digest. It is the most
widely used algorithm for integrity. The main reason for its popularity among
existing algorithms is its time efficiency and its robustness. It was no longer
used for most cryptographic uses after 2010 attack by Marc Stevens, which can
produce hash collisions with a complexity of 261 operations. It was designed by the United
States National Security Agency, and is a U.S. Federal Information
Processing Standard. SHA1 is widely considered
the successor to MD5. SHA stands for “Secure Hash Algorithm”
Here A, B, C, D
and E denotes the 32-bit words in one iteration of SHA-1 function. F varies and
d it is a nonlinear function. N varies for each rotation and denotes a left
side rotation. Wt. is the expanded message word of round t. Kt denotes the
addition modulo and is a constant. H0, h1, h2, h3, and h4 denotes 32 bit
divisions of SHA Algorithm. h0
=0x67452301 h1= 0Xefcdab89 h2=0x98BADCFE
h3=0x10325476 h4=0XC3D2E1F0 Based on F function message it consist of
similar 80 operations. Modular addition and left rotation.
A=h0, B=h1, C=h2, D=h3, E=h4
From iteration 16 to 79
wi= (wi-3 xor wi-8 xor wi-14
xor wi-16) leftrotate1
The possible F functions: F(B,C,D)=(B
AND C) OR (NOT B AND D) G(B,C,D)=B XOR C
XOR D H(B,C,D)=(B AND C) OR (B AND D) OR
(C AND D) 5 I(B,C,D)=B XOR C XOR
SHA1 requires 80 processing constant
words defined as:
K(t) = 0x5A827999 , (0 <= t <= 19) K(t) = 0x6ED9EBA1, (20 <= t <= 39) K(t) = 0x8F1BBCDC ,(40 <= t <= 59) K(t) = 0xCA62C1D6, (60 <= t <= 79) Advantages of SHA-1 · It has longer hash value compared with MD5 · It is collision resistant - Is in widespread use · It provides one-way hashing · It is cryptographic hash functions with different support of bit rate. · SHA-1 is widely used in a number of applications. · It has gained big success in ensuring that data remains unchanged. Disadvantages of SHA-1 · It has slower computation comparing to MD5. · It is known security vulnerabilities. · SHA-1 also use Davies-Meyer construction with certain block ciphers that do not see much use on their own. · SHA-1 is slower than MD5 Newer cryptographic hash functions BLAKE2 The BLAKE2 cryptographic hash function was designed by Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn, and Christian Winnerlein. BLAKE2 is an improved version of the SHA-3. BLAKE2 comes in two basic flavors: o BLAKE2b (or just BLAKE2) is optimized for 64-bit platforms and produces digests of any size between 1 and 64 bytes. o BLAKE2s is optimized for 8- to 32-bit platforms and produces digests of any size between 1 and 32 bytes. The BLAKE2 hash function may be used by digital signature algorithms and message authentication and integrity protection mechanisms in applications such as Public Key Infrastructure (PKI), secure communication protocols, cloud storage, intrusion detection, forensic suites, and version control systems. BLAKE2 includes the 4-way parallel BLAKE2bp and 8-way parallel BLAKE2sp designed for increased performance on multicore or SIMD CPUs. BLAKE2 offers these algorithms tuned to your specific requirements, such as keyed hashing (that is, MAC or PRF), hashing with a salt, updatable or incremental tree-hashing, or any combination thereof. BLAKE2 also includes the BLAKE2x variants, which can produce digests of arbitrary length. BLAKE2 shines on 64-bit CPUs: on an Intel Core i5-6600 (Skylake microarchitecture, 3310MHz), BLAKE2b can process 1 gibibyte per second, or a speed rate of 3.08 cycles per byte. Good point: · BLAKE2 has been adopted by many projects due to its security and simplicity. · It provides high speed. BLAKE2 does not require a special "HMAC" (Hashed Message Authentication Code) construction for keyed message authentication as it has a built-in keying mechanism. · Faster than MD5 on 64-bit Intel platforms· 32% less RAM required than BLAKE· Minimal padding, which is faster and simpler to implement· Direct support, with no overhead, of– Parallelism for many-times faster hashing on multicore or SIMD CPUs– Tree hashing for incremental update or verification of large files– Prefix-MAC for authentication that is simpler and faster than HMAC– Personalization for defining a unique hash function for each application Bad point: · Resistance to Joux's multicollisions similar to that of SHA-2 · Fixed-points found in less time than for an ideal function (but not efficiently). SHA-3 A cryptographic hash algorithm (alternatively, hash "function") is designed to provide a random mapping from a string of binary data to a fixed-size "message digest" and achieve certain security properties. Hash algorithms can be used for digital signatures, message authentication codes, key derivation functions, pseudo random functions, and many other security applications. The Federal Information Processing Standard (FIPS 180-4), Secure Hash Standard, specifies seven cryptographic hash algorithms for Federal use, and is widely adopted by the information technology industry as well. SHA-3 stands for Secure Hash AlgorithmSHA-3 (Secure Hash Algorithm 3) is a cryptographic hash function based on the sponge construction. SHA-3 is a part of Keccak cryptographic function family. The Keccak algorithm was created by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche in 2006. Won a SHA-3 standard competition in 2012 and became a NIST (National Institute of Standards and Technology) standard in 2015.SHA-3 was designed to be very efficient in hardware but is relatively slow in software. SHA-3 takes about double the time compared to SHA-2 to run in software and about a quarter of the time to run in hardware.The goal of the SHA-3 competition was to specify "a new hash algorithm to augment and revise" FIPS 180-2, the standard that specified SHA-1 and SHA-2. The SHA-3 competition was organized by the United States National Institute of Standards and Technology (NIST). The process of SHA-3 standardization by NIST was completed in August 2015 and includes four hash functions with output lengths of 224, 256, 384 and 512 bits. In all these cases, the width is 1600 (i.e., the underlying permutation is Keccak-f1600) and the capacity is twice the output length. The capacity works as a security parameter, so that security is increased with higher capacities, but there is a security-efficiency trade-off and speed may be increased by using lower capacities. Strong points · SHA3 will be deployed into a world full of SHA2 implementaPons · It uses a sponge function construction. · It is a positive fact that SHA-3 has not the same structure as SHA-2. That means that a new attack could not threaten both algorithms at the same time. Weak points · SHA-3 takes double the time to run in software, if you want the same password handling time on your server you would need to do half the number of iterations. But attackers can use a hardware implementation for password cracking. Due to this attacker can crack SHA-3 hashed passswords eight times faster than SHA-2 hashed passwords - 2 times faster because we need to halve the number of hash iterations and 4 times faster because of SHA-3 hardware being faster than SHA-2 hardware. · SHA-3 is designed to be a good hash-function, not a good password-hashing-scheme (PHS), whereas bcrypt is designed to be a PHS and was analyzed in this direction as well. · Bcrypt is slower and requires some memory (4 kiB IIRC), so one spends 100ms to check a valid password whereas an attacker needs days / years to crack it because he's slowed down and can't use GPUs efficiently. Tiger Tiger is also a cryptographic hash function, designed to run on 64-bit platforms. Different versions of Tiger (Tiger-128, Tiger-160, and Tiger-192) allow for different hash sizes. Distinctive initialization values are not defined with Tiger. The fixed amount of rounds used to create a hash with a Tiger function is 24.Tiger is a cryptographic hash function with a 192-bit hash value. It was proposed by Anderson and Biham in 1996. Tiger with the full 192 bits of output in use may be called Tiger/192, and we recommend its use in all new applications. When replacing other functions in existing applications, we suggest two shorter variants: 1. Tiger/160: the hash value is the first 160 bits of the result of Tiger/192, and is used for compatibility with SHA and SHA-1; 2. Tiger/128: the hash value is the first 128 bits of the result of Tiger/192, and is used for compatibility with MD4, MD5, RIPE-MD, the Snefru variants and some hash functions based on block ciphers. Tiger is a cryptographic iterated hash function that processes 512-bit blocks and produces a 192-bit hash value. It was proposed by Anderson and Biham in 1996. Recent results in the cryptanalysis of Tiger show weaknesses in round-reduced variants of the hash function. At FSE 2006, Kelsey and Lucks presented a collision attack on 16 and 17 (out of 24) rounds of Tiger. The attack has a complexity of about 244 evaluations of the compression function. Furthermore, they present a pseudo-near-collision for a variant of Tiger reduced to 20 rounds with a complexity of about 248. These results were later improved by Mendel et al. in 3. They show that a collision can be found for Tiger reduced to 19 rounds with a complexity of about 262 evaluations of the compression function. Furthermore, they present a pseudo-near-collision for Tiger reduced to 22 rounds with a complexity of about 244. However, so far no attack is known for the full Tiger hash function. It is Simply transform messages or texts to a string of fixed numbers. usually for the purpose of security or data management. And "one way" means that it is almost impossible to extract the text from the original string. Working of Tiger 512bit message block is divided into eight 64bit word X0, X1,X2,X3,X4,X5,X6,X7. Computations in one round consists of three passes and between each of them there is a key schedule. feed-forward stage in which the new values of A B and C are combined with their initial values to give to the next message block. A = 0123456789ABCDEF B = FEDCBA9876543210 C = F096A5B4C3B2E187 C = C XOR X A = A - even(C) B = B + odd(C) B = B * mult Even(C) = T1 c0 XOR T2 c2 XOR T3 c4 XOR T4 c6Odd(C) = T4 c1 XOR T3 c3 XOR T2 c5 XOR T1 c7 Advantages · The main advantage is data structures table is speed. · They can predict the maximum number of entries in early · It is compatible with existing protocols. · Tiger designed to be very fast on modern computers. · Tiger has no usage restrictions nor patents. It can be used freely, with the reference implementation, with other implementations or with a modification to the reference implementation (as long as it still implements Tiger). Disadvantages · More difficult than other types, such as binary search trees · Take a long time and not effective when it is a very small number of entries. · Less efficient for some string processing applications, such as spell check of other known methods of tire. Conclusion In my opinion, data-oriented company should use newer cryptographic hash functions such as BLAKE2, SHA-3, and Tiger because these are really better than the older generation. Newer cryptographic hash functions have more features than old ones. They are improved version of previous cryptographic hash functions. For example, from overall analysis it can be seen that BLAKE2 which is newer cryptographic hash function is much better than older ones. So, it is used by many projects because of its features like security, simplicity and high speed. References Eastlake, Motorola, Jones. "RFC 3174 - US Secure Hash Algorithm 1 (SHA1)", September 2001. URL:http://www.faqs.org/rfcs/rfc3174.html Wikipedia. "SHA-1", March 2002. URL: http://www.wikipedia.org/wiki/SHA-1 Professor Guevara Noubir, Fundamentals of Cryptography: Algorithms, and Security Services. Jerry li, MD5 Message Digest Algorithm. San Jose University, Computer Science department Andrew S. Tanenbaum, Pearson Publication, Fourth edition, Computer Networks. MD5 is faster than SHA-1.Journal Of Omnifarious-Myth. 6 Ross J. Anderson and Eli Biham. TIGER: A Fast New Hash Function. In Dieter Gollmann, editor, FSE, volume 1039 of Lecture Notes in Computer Science, pages 89–97. Springer, 1996. Norbert Pramstaller, Christian Rechberger, and Vincent Rijmen. Exploiting Coding Theory for Collision Attacks on SHA-1. In Nigel P. Smart, editor, IMA Int. Conf., volume 3796 of Lecture Notes in Computer Science, pages 78–95. Springer, 2005. Donghoon Chang, Mridul Nandi, and Moti Yung. Indifferentiability of the Hash Algorithm BLAKE. Cryptology ePrint Archive, Report 2011/623, 2011. http://eprint.iacr.org/ 2011/623. Samuel Neves and Jean-Philippe Aumasson. BLAKE and 256-bit advanced vector extensions. In The Third SHA-3 Candidate Conference, March 2012. Marc Stevens, Alexander Sotirov, Jacob Appelbaum, Arjen K. Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger. Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In Shai Halevi, editor, CRYPTO, volume 5677 of LNCS. Springer, 2009. G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche. Keccak specifications. SHA-3 Algorithm Submission, October 2008. Available: http://keccak.noekeon.org/Keccak-specifications. pdf (2008/11/07).