MODULE 3 Cryptographic Hash

Functions
CHAPTER 3

Academic Year 2021-2022

University Prescribed Syllabus w.e.f
CMAC.
secure hash function, MD5, SHA-1, MAC, HMAC,
Cvptographic hash function, Properties of

3-2

Hashing Techniques 3-2

3.1
3.1.1 Message lntegrity. 3-2
Message Authentication.
3.1.2 .3-2

3.1.3 Message Authentication Code (MAC). .3-3

Hash-based MAC (HMAC).
3.1.4 .3-3
CMAC.
GQ. Compare and contrast HMAC and
3-4
(CMAC)
3.1.5 Cipher-based Machine Authentication Code
3-5
3.1.6
Cryptographic Hash Functions.
hash functions? Compare MD5 and
UQ. What are the requirements of the cryptographic .3-5
SHA Hash functions. MU-May19
3-6
3.2 MD5 Algorithm.
3-7
3.2.1 Working of MD5 Algorithm
.... 3-8
3.3 Secure Hash Algorithm (SHA)
3-8
GQ. SHA provides better security than MD. Justify
3-9
3.3.1 SHA-256.
3-10
3.3.2 SHA-512.
.3-14
Chater Ends
 Functions)...Page no. (3-3)
(MU-Sem.6-Comp) (Cryptographic Hash Functions)....Page (Cryptographic Hash
CIyptography &System Security no.(3-2 Cryptography & System Security
(MU-Sem.6-Comp)
This requires
establishment of shared secret
prior
This message digest is difficult to
3.1 HASHING TECHNIQUES check the integrity of a meSsage, cryptographT reverse. Sender
Recevor
to use of
MAC.
security
Key,K MAC depends on the
that has function is applied again to produce The security of the the MAC.
of cryptography message digest. This message digest is algorithm used to produce
Hashing is a method
MAC
Key, K MAC of the hash
messagecompardigesed
Message |Algorthm used.
unique string of Nested MACs are
dala into a with the previous one. If both the Equal ? security,
Converts any form of MAC To improve the
hashed, no matter
MAC
sure that |Algorithm
of data can be
we are Message
are same, then
MAC (HMAC)
text. Any piece message has not be altere. origina (UB25)Fie. 3.1.2:
Message
Authentication Code 3.1.4 Hash-based
its size or type. sender uses some HMAC and CMAC.
the data's size Fig. 3.l.2, the Compare and contrast
hashing, regardless of As shown in and the secret
GQ
Code
In traditional produces is
Cryptographic
inputs the message Message Authentication
that any data Hash
MAC algorithm, AHash-based
type, or length, the hash Function MAC to include
length. Message digest produce a MAC. (HMAC) a nested
alwaysthe same key K to and a secret key in
along with the cryptographic hash function
sends the message
Message
one-way function sender authentication code. Like
Ahash is designed to act as a The insecure channel. mcssage
algorithm and (UB24)Fig. 3.1.1 : Message and Message Digest receiver over the deriving the integrity
into a hashing MAC to the MAC. used for both data
ie.you can put data upon a new a 3.1.2 Message Authenticatlon separates the
message and the any of the MAC, it is Module
it yOU come The receiver secret authentication of the message.
get a unique string, but message and the
shared and data origin
decipher the input data it feeds the received computes the SHA-256
hash. you cannot Message Digest does not authenticate the sende MAC algorithm, and Typically, MD5, SHA-1
data will always kev K into the used to calculate
represents. A unique piece of of the message. Message authentication is. cryptographic hash functions are
MAC. other
produce the same hash. mechanism used to verify integrity of a messap. computed HTTPS, SFTP, FTPS, and
compares freshly the HMAC value.
casy to The receiver now We will see in the
Hashing is a mathematical operation that is to ensure that it is coming from authenticated uSer
received from the sender. If transfer protocols use HMAC.
reverse. MAC with the MAC signatures are almost
perform, but extremely difficult to
In cryptography, a message authentication code then the message is later sections that digital
the two MACS match, employ a hash
The difference between hashing and encryption
is (MAC) is ashort piece of information used tr imposter. The similar to HMACs i.e., they both
authentic and not altered by the shared key.
decrypted, the freshly function and a
that encryption can be reversed, or authenticate a message i.e., to confirm that the receiver accepts the message. If
HMACs use
using a specific key. message came from the stated sender, not from computed MAC does not match the
MAC sent by The difference lies in the keys i.e.,
asymmetric
The most widely used hashing functions are MDS, impostor and has not been changed. the sender, the message integrity and
authenticity symmetric key while Signatures use
that approach (two different keys).
SHAI and SHA-256. cannot be determined. The receiver assumes
a 3.1.3 Message Authentication Code (MAC)
a J.1.1 Message Integrity the message is not the genuine. IT Working of HMAC
A Message Authentication Code (MAC) is a tag Each
Step 1: The message is divided in N block.
S Limitations of MAC
Message integrity means that a message has not attached to a message to ensure the integrity and
MAC technique does not provide a non block is of b bits.
been tampered or altered. It is the validity of a data origin authenticity of the message. It is
transmitted message. The most common approach repudiation service. Non-repudiation is the -Step 2:To match the key length with size of
derived by applying a MAC algorithm (hash
IS to use a cryptographic hash function that assurance that a message originator caniot deny
function) to a message in combination with a every block, the secret key is left-padded with 0's
combines all the bytes in the message with a secret any previously sent messages. If there is a dispute to create b bit key. If the size of the HMAC is n.
secret key.
key between the sender and receiver over message
MACalgorithm is a symmetric key cryptographic the secret key longer than n bits is recommended.
When a message is passed through such hash origination, MACs cannot provide a proof that a
function, it produces compressed image of the technique where the sender and receiver share a Step 3:The result of previous step is X-0Red
message was indeed sent by the sender.
message that can be used as a fingerprint called as symmetric key K. That is, MAC is different from with input pad (ipad) to create b-bit block. The
a message digest or message detection code MDC in a way that MAC includes a secret key. MACcan provide message authentication among ipad is a constant whose value is b/8 repetition of
(MDC). pre-decided legitimate users who have shared key the sequence 00110110i.e., 36 in hexadecimal.
(MU-New Syllabus w.e.f academic year 21-22)(M6-71) Tech-Neo Publications..A SACHIN SHAH Venture
(MU-New Syllabus wef academic year 21-22)(M6-71) Tech-Neo Publications...A SACHIN SHAH Venture
 (Cyptographic Hash Functions). Functions)....Page no. (3-5)
Security (MU-Sem.6-Comp)
System
Cyplography&.
prepended to the N.
Padded to
.Page no. (3 (MU-Sem.6-Comp)
(Cryptographic Hash
from the
resultung block is Cryptography & System
Security n leftmost bits
CMAC is basically the
b bits
A Step 4: The N+l blocke CMAC is not of m
Now, wc have last block of
hlock message. of nbits. If the 100000...000 last block.
ipad -+ with the sequence addition with
the previous step is applied bits, it is padded more key k in
5:The result
of CMAC uses one last
Step
create n-bit digest (inter. m bits. applied only at the
to hashing algorithm to to make it
the symmetric key which is
M. M plaintext is encrypted with generated from the encryption
mediate HMAC). M The first block of ciphertext. This step. This key is the
using
plaintext of m -bits
b bits b bits b bits
bblty create m-bit
-mediate HMAC is left padded symmetric key, K to block and the algorithm with the
with x
6:This inter- with the next is then multiplied
Step
b bit block
ciphertext is X-Ored
encrypting the cipher key K. The result with x. if
with O's to creale applied and multiplied
Padded
created by
b bits Hash next m-bit block is continued if no padding is
now repeated but with step. The process is
Step 7: Steps 2 and 3 are bits result of previous encrypted. padding is applied.
(opad). The opad is a of the plaintext is
the new constant, output pad opad until the last block
constant whose value is b/8 repctition of the Intermediate HMAC M,:Message block
I
M.
hexadecimal. Padded to Ma
sequence 01011100i.e.,5C in
M.
b bits
the
Step 8: The resulting block is prepended lo b bits b bits Modu
block of Step 6.
Encyption Encypton Encryption 3
Step 9:The result of Step 8 is applied to sanme
algonith
algorlthm algorithm
Hash
hashing algorithm to create final n-bit HMAC. Seled n
leftmost bts
Advantages of HMAC n bits

Due to use of hash functions, HMACs are CMAC function

HMAC
considered to be good high-performance systems. (B26)Fig. 3.1.3 : Hash-based MAC
m0-bits -bit CMAC

2. Since it uses hashing twice, it is great for K

a 3.1.5 Cipher-based Machine Authentication Encyptlon Encryption
cryplanalysis attacks. alaorithm algorthm

Dlsadvantages of HMAC
Code (CMAC)
Key-generator for last step

1 We cannot use the Hash-bascd Message CMAC is a keyed hash function that is based on a (1B27)Fig. 3.14: CMAC
Authentication Code in case of more than onc symmetric key block cipher, such as te
one-way password file. It can be used for intrusion
receiver because HMAC uses the symmetric key Advanced Encryption Standard. CMAC A 3.1.6 Cryptographic Hash Functions
detection and virus detection. A cryptographic
lo generate MAC.
equivalent to the CBC mode of block cipher sea UQ. What are the requirements of the cryptographic bash function can be used to construct a
2. If we share the symmetric with multiple parties, in first section of this chapter. CMACis a blodt hash functions? Compare MD5 and SHA Hash ! pseudorandom function (PRF or a pseudorandom
there is no way the receiver to know that the
cipher-based MAC algorithm. It may be used
functions. MU-May19
number generator (PRNG) also. A common
message was prepared and sent by the which
sender, also there is a possibility of not sharing the provide assurance of the authenticity and, henc: A eryptographic hash function Haccepts a application for a hash-based PRF is for the
the integrity of binary data. As shown in variable-1length block of data M as input and generation of symmetric keys.
keys by some receivers. So, there is the possibility
of fraud that one of the receivers may create false Fig. 3.1.4., one block of MAC is created from ) produces a fixed-size hash value (message digest),
There are two categories of possible attacks on
h= H(M). The principal object of ahash function
messageS. blocks of plaintext using symmetric key cipher N hash functions, brute-force and cryptanalysis. A
is data integrity. A change to any bit or bits in M
3. There is also a need for periodic refreshments of times. brute-force attack uses trial-and-error to guess the
keys.
would result in a change to the message digest.
Here, the message is divided into N blocks. Every encryption keys. Attackers work through all
Hash functions are commonly used to
create a
block is mbits long. The final CMAC generated possible combinations hoping to guess correctly. It
(MU-New Syllabus wef academic year 21-22)(M6-71) Tech-Neo Publications..A SACHIN SHAH Ventu (MU-New Syllabus w.e.f academic year
21-22)(M6-71) Tech-Neo Publications...A SACHIN SHAH Venture
 (Cryptographic Hash Functions) ..Page no. (3-7)
(Cryptographic Hash Functions)..
Cryptography&Systen
Security
(MU-Sem.6-Comp)
In other words, for a hash
.Ph,ageit isno. Security
(MU-Sem.6-Comp)
Initialize MD Buffer

on the specific
algorithm but function h Cryptography & System
hashing algorithm
3.
into multiple
blocks
does not depend Jength. the case of a hash find any two different inputs x and y The MDS
message-digest
broken down The entire string
is converted
dependsonlyon bit b(x) = h(y). such t
processes data in
512-bit strings,
each. You also
need to initialize four
depends only on the composed of 32 bits each. The of 512 bits and D.
namely A, B, C,.
brute-forreattack into 16 words message-digest different buffers,
function. a Since, hash function is compressing
bit length
of the
is an
hash vajue
based
attack
Acryptanalysis, in
weaknesses in a fixed hash length. it is impossible for a
to have collisions. This
funcion w output from MD5
value.
is a l28-bit

thanks to
These buffers are 32
as follows :
bits each and are
initialized

contrast. function not 128 bits, and

thesepropercoltlyisio
particular crypiographic algorithm. is always 67
collision free only confirms that The digest size change in the A = 0l 23 45
guidelines, a minor
hash function should be hard to find. bashing function different digest. B= 89 ab cd ef
Properties ofa secure a drastically
G the input string generate
effective cryptographic tool,
generation 98
This property makes it very difficult fo simila hash C = fe dc ba
Inorder to be an following This is essential
to prevent
a hash
desired to possess attacker to find two input values with the sa also known as D = 76 54
32 10
hash function is as much as
possible,
hash. Process Each Block
properties. collision. 4.
further into
1. Pre-Image Resistance Also, if a hash function is collision-resistant h Algorithm gets broken down
MD5 Each 512-bit block
This property means that it should be
it is second pre-image resistant. a 3.2.1 Working of 32 bits each.
algorithm: 16 sub-blocks of Mo
function. steps in the
computationally hard to reverse a hash There are four major operations, with each
3.2 MD5 ALGORITHM There are four rounds of
produced a sub-blocks, the buffers, and
In other words, if a hash function h 1, Padding Bits round utilizing all the
difficult process MD5 (Message Digest Method 5) is , you have to
hash value z, then it should be a When you receive
the input string, a constant array
value.
that hashes to z. cryptographic hash algorithm used to generale, of a multiple of T1] ->
to find any input value x
make sure the size is
64 bits short can be denoted as
This constant aray
against an attacker who 128-bit digest from a string of any length.
" This property protects 512.
T[64).
only has a hash value and is trying
to find the represents the digests as 32-digit hexadecim the bits, you must add are denoted as M[O] ->
When it comes to padding Each of the sub-blocks
numbers. by zeroes to round out the
input. one(1) first, followed
M[15].
2. Second Pre-Image Resistance extra characters.
099F9AFBCD Padding Bits
This property means given an input and its hash, it Simplileam
684A8C2AAOC Onginal message
Non-Linear process
should be hard to find a different input with the
D3919A9FIA
#*** multiple of 512
Total length to be 64 bits less than Addiöon
same hash.
MD5 function 128-bit digas
Input string (282)Fig. 3.2.2 : Padding bits
In other words, if a hash function h for an input x M Addition

produces hash value h(x), then it should be 2. Padding Length Addition

(2B1)Fig. 3.2.1 : Overview of MDS working
difficult to find any other input valuey such that You need to add a few more characters to make Shifting
h(y) = h(x). MDS is the third message-digest algorithm Rives
simila your final string a multiple of 512. To do so, take
created. MD2, MD4 and MD5 have
Addition
This property of hash function protects against an && the length of the initial input and express it in the
attacker who has an input value and its hash, and structures, but MD2 was optimized for form of 64 bits.
wants to substitute different value as legitimate machines, in comparison with the two late
On combining the two, the final string is ready to (2B4)Fig. 3.2.4 : Processing each block
value in place of original input value. algorithms, which are designed for 32
be hashed.
3. Collision Resistance machines. As shown in Fig, 3.2.4, you see the values being
Onginal mesage Padding Bits + Lengh of input
of MD
This property means it should be hard to find two The MDS algorithm is an extension run for a single buffer A. The correct order is as
fast bu
different inputs of any length that result in the which the critical revjew found to be Final data to be hashed as a multiple ol 512 follows :
same hash. This property is also refered to as potentially insecure. In comparison, MD5 is D (2B3)Fig. 3.2.3 : Padding length It passes B, C, and D onto a non-linear process.
collision free hash funcion.
quite as fast as the MD4 algorithm but offe
much more assurance of data security.
(MU-New Syllabus w.e.f academic year 21-22)(M6-71) Tech-Neo Publications...A SACHIN SHAH Venture
(MU-New Syllabus w.e.f academic year 21-22)(M6-71) Tech-Neo Publications..A SACHIN SHAH Ven
 (MU-Sem.6-Compl Functions)...Page no. (3-9)
Security (Cryptographic Hash Functions).. Page no. (). (MU-Sem.6-Comp)
(Cryptographic Hash
Cryptography& System Security first eight prime numbers
value present atA H 3.3 SECURE HASH ALGORITHM (SHA Cryptography&System square roots of the
addedwith the
The result is A 3.3.1 SHA-256 (2,3,5,7, l1, 13,17,19):
result above
sub-block value to the GO SHAprovides better security than MD. Justif,
SHA-2 family. In
SHA-256, Buffer Value (in
Itadds the particular SHA-256 is a part of Buffer
Value (in
hexadecimal)
constant value for that are transformed into hexadecimal)
Then. it adds the The Secure Hash Algorithm (SHA) to 2 bit
messages up Given (0 510E527F
256 bits (32 bytes). 6A09E667 H,
message digests of size
(0)
iteration. developed by the National Institute of SHA-256: H,
There is a circular shift
applied to the string.
to the string
and Technology (NIST) and published as a fede Standard below is the hashing
procedure for
(0) BB67AE85
(0)
H,
9BO5688C

As a final step, itadds

the value of B
information processing standard (FIPS 180:
IS Pre-processing
hashed.
H (0) IF83D9AB
buffer A. the message to be (0) 3C6EF372 H
and is stored in 1993. Padding: If we note M l<2, then as a first H,
every SBEOCD19
above are run for 1. bits where (0)
The steps mentioned block's and lits length in message M', which (0) A54FF53A H,
When the last It is refereed as Secure Hash Standard (SR% the padded H,
buffer and every sub-block. step we create
such that M' is of
complete, you will receive the MD5 also, When weaknesses were discovered in SHA message M plus a right
padding,
final buffer is Specifically, we use a S Algorithm
of 512.
digest. (SHA-0), a revised version was issued as RIDe Jength I', a multiple processing cach message
non-linear process above is
different for each
180-1 in 1995 and is referred to as SHA-1. padding P such that
M' is: The hash is produced by block
The For each of message
sub-block H
p
block Mof M' in order. Mo
round of the The standard is based on the hash function Me
M

c) OR ((NOTb) AND (d))

M
M':
Round 1: (b AND which is strengthened version of MD4. SHA
512
schedule
(NOT d)
512
Step 1 : Message
Round2:(bAND d) OR (c AND produces a hash value of 160 bits. schedule W, consisting of
L We create a message
Round 3:b XOR c XOR d where P =10.. 0 blocks (each made of 16
NIST produced a revised version of the standari notation four 512-bit message
and L is M'slength l in bit Wis message
Round 4 :c XOR (b OR (NOT
d)
in 2002, FIPS 180-2, that defined four new (1B28)Fig. 3.3.1: Padding input blocks). The first block of
block M. and the next
three blocks are variations
IS Advantages of MD5
Algorithm
versions of SHA: SHA-224, SHA-256, SHA-384 formulas in the
is of length I', a of M, obtained through the
the latest hash and SHA-512, respectively. The new message M'=M|P
1. Easy to Compare : Unlike multiple of 512. The padding consists of a single Fig. 3.3.3:
algorithm families, a 32-digit digest is relatively Collectively, these hash algorithms are known a necessary number of 0 bits
bit followed by the
easier to compare when verifying the digests. SHA-2. All these new versions have the sam: (100000...000).
underlying structure and use the same types of blocks of size 512 W=
2. Storing Passwords : Passwords
need not be 2. Blocks : M' is parsed into N
them accessible modular arithmetic and logical binary operations bits, M' to M,and each block is expressed as 16
stored in plaintext format, making M
using The Table 3.3.1 lists Some input blocks of size 32 bits, M, to M1s: Shuned blocks
for hackers and malicious actors. When as SHA-1.

digests, the database also gets a boost

since the characteristics of different versions of SHA: D123 G23 (1B30)Fig. 3.3.3 : Message Schedule
Table 3.3.1: Characteristics of SHAS
M':
O011
size of all hash values will be the same. 0sts15
M
3. Low Resource : A relatively low memory Characteristic SHA-1 SHA-224|SHA-256|SHA-384 SHAS2 M M² M
16 sts63
Block: 512 bts W-a) +Wi-zt+(Wi-1s) +Wi- t6
footprint is necessary to integrate mutiple 21281 210-1 Input block: 32 bits
g64-1| 2641 24-1 (256)
services into the same framework without aCPU
|Message Size (x) =ROTR'(*) ROTR°(%) SHR'()
(1B29)Fig. 3.3.2: Block Structure
1024
overhead. Block Size 512 512 512 1024 (256) (x) =ROTR*) ROTR' ) SHR)
3. Hash initialization: The initial hash value H of
4. Integrity Check: You can monitor file corruption Message Digest Size 160 224 256 384 512
length 256 bits (8 input blocks of 32 bits) is set by Where, t refers to the 'input block' number,
by comparing hash values before and after transit. 8 taking the first 32 bits of the fractional parts of the ranging from 0 to 63. The input blocks of the
32 32 64
Once the hashes match. file integrity checks are Word Size
'shuffled blocks' are functions of prior input
valid, and it avoids data corruption. Number of Rounds 80 64 64 80 80

(MU-New Syllabus w.e.f academic year 21-22)(M6-71) Tech-Neo Publications...A SACHIN SHAH Venture
MU-New Syllabus wefacagemic year SHAH Venture
21-22)(M6-71) Tech-Neo Publications..A SACHIN
 Security
(MU-Sem.6-Comp) (Gryptographic Hash Fuunctions).. .Page no.
Cryptography &System
with special functions. If other message blocks M (31 (Cryptographic Hash Functions) Page no. (3-11)
blocks, and are generated
(ROTR), right shifts (SHR) process (message schedule. big remain, repcat Cryptography &System Security
(MU-Sem.6-Comp)
processing 1024-bit
mixing right rotations shuffle, buffer
Step 4: Message
and exclusive ORs (). the new hash H') creation Step 3:Initialize hash
The algorithm works in a way
where it processes
(128-word) blocks
algorithmn is a module that
If W was the last message schedule, then L The main part of the
Step 2:The big shuffle each block of 1024 bits from
thc message using module is labelled F in
is message M's final hash or digest. consists of 80 rounds; this
schedule W are fed. block. This can cause
The input blocks of message the result from thc previous the Fig.3.3.5 Each round
necds three things: one
1024-bit block which can"
one after the other, to a function
represented A 3.3.2 SHA-512 aproblem for the first Word, the output of the previous Round, and a
previous processing. for the same is
below as a graph. Iuse the result from any SHA-512 constant. The logic
SHA-512 version of SHA creates 512-bit solved by using a default
The graph takes as inputs a hash o'()
and a This problem can be depicted in Fig. 3.3.7.
digest from
multiple-block message. Like
message schedule input block W(), and outputs a versions the SHA family of
mes ag value tobe used for the first
block in order to start
intermediate result needs to Each round takes as input the
512-bit buffer value
algorithms, this ver off the process. Each the buffer.
hash o(+1). The initial hash o (0) fed to the is also based on the iterated hash hold (abcdefgh) and updates the contents of
the next block. To
function, Merkl be used in processing The first Round doesn't have a
previous round's
graph is the intermediate hash H' in the case of Damgard scheme. As shown in
the Fig. 3.35 intermediate and final results of the hash function. output from the
output, so it uses the final
w, it's H" defined in the pre-processing step. block is 1024 bits in length. Following are the A512-bit buffer is used.
previous message processing phase
for the
o'0 and w'o) produce o); in turn o) and followed to create a message digest: represented as eight 64-bit previous block of 1024 bits.
The buffer can be are
w) produce o2), etc., until o(63) is produced. d, e, f, g, h). These registers Mod:
Step 1: Append padding bits registers (a, b, c,
64-bit integers For the first Round of the first block (1024 bits) of
1 initialized to the following Initial Vector (IV) is used.
W
SHA-512 can't hash a message input of any sipe obtained by the formatted input, the
(hexadecimal values) which were the value
i.e., it has an input size limit. The message neet
sixty-four bits of the fractional At input to the first round, the buffer has
H 63 to be padded so that its length is congruent to Rl taking the first
first 8 prime of the intermediate hash value, H,-j. Each round t
parts of the square roots of the makes use of a 64-bit value W, derived from
the
modulo 1024 [length =896(mod 1024)1. are
numbers (2,3,5,7,|1,13,1 7, 19). These values
Even if the message is already of the desire current l024-bit block being processed (Mi).
called the Initial Vectors (IV).:
length, Padding is always added. Thus, the These values are derived using a message
Buffer Value (in
number of padding bits is in the range of l t Buffer Value (in schedule described subsequently. Each round also
1024. The padding consists of a single 1 bi hexadecimal) hexadecimal) makes use of an additive constant K,, where 0<t
followed by the necessary number of 0 bils <79 indicates one of the 80 rounds. Since there
6A09E667F3BCC908 e 510E527FADE682D1
are 80 Rounds and each of them needs one of
M. (100000.000).
BB67AE8584CAA73B 9BO5688C2B3E6C1F these constants.
Step 2:Append length
Queue A block of 128 bits is appended to the message. C 3C6EF372FE94F82B 1F83D9ABFB41BD6B
These words represent the first 64 bits of the
fractional parts of the cube roots of the first 80
This block is treated as an unsigned 128-b1 A54FF53A5F1D36F1 prime numbers. The output of the eightieth round
h 5BE0CD19137E2179
IB1) Fig. 3.3.4 : Shuffling
integer (most significant byte first) and contains is added to the input to the first round (H, ) to
Step 3: New hash Hash Buffer produce Hi.
the length of the original message (before the
The addition is done independently for each of the
After all input blocks from Whave been used padding). Register a Register e
and we o(63) has been created, we can create the eight words in the buffer with each of the
The outcome of the first two steps yields
new hash Hsuch that cach input block of His the Register b Register f corresponding words in H, 1 using addition
message that is an integer multiple of 1024 bits ID
sum of the coresponding input block of H plus modulo 264. This process is repeated for 80
length. In Fig., the expanded message Register c
the coresponding input block of o(63): Register g Rounds. After the 80" Round, its output is simply
represented as the sequence of 1024-bit blocks added to the result of the
H) =#)+o63)0) M1, M2, . MN, So that the total length of the Register d Register h previous message
where + is the addition modulo 2 processing phase to get the final result for this
expanded message is N* 1024 bits. (1832)
iteration of message processing.
(MU-New Syllabus wef academic year (MU-New Syllabus w.e.f academic year
21-22)(M6-71) a Tech-Neo Publications.A SACHIN SHAH Ventut 21-22)(M6-71) ITech-Neo
Publications..A SACHIN SHAH Venture
 no. (3-13)
(MU-Sem.6-Comp) (Cryptographic Hash Functions)....Page
Cryptography & System Security
Step 5: Output
(Cryptographic Hashn
Functions). . Page no. (3-12 Cvptography &System Security
(MU-Sem.6-Comp)

After allN 1024-bit blocks have been processed, the output fromthe N"stage is the 512-bit
So, the intermediate results are all used from each block for processing the next block. And when
message diges H, 4

1024-bit block has finished being processed, we have with us the final result of the SHA-512 algorithhe finga SMessage
schedue
our original message. Ko
W, ROund 0
Nx 1024bits
L bits 128 bits

Message 1000000..o L
K.
W
Roundt

1024 bits 1024 bits 1024 bits

M M Ma
K79
W79 Round 79

H H

512 bits 512 bits 512 bits

H

(1833)Fig. 3.3.5: Message Digest creation using SHA-512 1024-bit block in SHA-512
(1B34)Fig. 3.3.6: Processing of a single
Finally, SHA-512 can be summarized as : bC d e f 9
H,= IV Maj Ch
Hi = SUM64(H; -1, abcdefgh;)
MD = HN
where
processing of the i K
IV =initial value of the abcdefgh buffer and abcdefgh; = the output of the last round of
message block
fields)
N=the number of blocks in the message (including padding and length
modulo 264 performed separately on each word of the pair of inputs
SUMA = addition
512 bits
MD = final message digest value

(LB35)Fig. 3.3.7 : Single round for SHA-512

(MU-New Syllabus w.e.f academic year 21-22)(M6-71) Tech-Neo Publications..A SACHIN SHAH Ventur
(MU-New Syllabus w.e.f academic year
21-22)(M6-71) Tech-NeoPublications..A SACHIN SHAH Ventre
 Q.
5 Q. 3 Q.2
4 Q.
Q.
1
Cryptography
Differentiate SHA
WhatExplain Compare
bits64
are provides
steps (1B36)Fig. &
the and System
SHA-256
between
and
requirements in contrast
better
MD5 1024
bits
3.3.8: Security
security MË
algorithm. HMAC Creation (MU-Sem.6-Comp)
of
the than and of W45
cryptographic MD.CMAC. 80-word
SHA-512. Descriptive
Questions
Justify. W16 Wo
Input Wy
Sequencefor Wg
hash
W14
functions?
Processing
SHA-512of W-16
Functions)...P
(Cryptographic
W-15
Compare W

W-7
W:2
MD5
Hash
Single W63W65
and
SHA Block LJ
79 l W7W716
ChapterEnds. Hash
(R1Page
no.
functions
D00
(May 19)