Cryptographic Hash Functions

and Digital Signatures.

Prajwal Gautam
Secure Hash Algorithms: SHA-1 and SHA-2
The secure hash algorithm is a family of cryptographic hash
functions published by the National Institute of standards and
technology (NIST) as a US federal information processing
standards (FIPS). It includes following variations.
1. Secure Hash Algorithm-1 (SHA-1):
SHA-1 is a cryptographic hash function which takes an input
and produces the output of 160 bits hash value known as a
message digest. It works for any input message that is less than
2^16 bits.
Steps /Operations:
Step 1: Message Padding: Padding is performed by appending a
single “1” bit to the message, and then enough zero bits are
append so that the length in bits of the padded message
becomes congruent to 448, modulo 512. And then 64 bits of the
original message is appended to the result so that the length is
the exact multiple of 512 bits.
Message| 1000000…..| 64bit
Step 2: SHA-1 Message digest computation: SHA-1 consists of
80 iterations. Each time it process the 512 bits message and at
last it produces the output of 160 bit hash value.
Let the 160 bits of hash value can be obtained as:
Initially, we initialize the A, B, C, D, E registers with the values,
A 67 45 23 01
B ef cd ab 89 where A,B,C,D,E are 32 bits blocks
C 98 ba dc fe each.(32*5=160)
D 10 32 54 76
E c3 d2 e1 f0
In each iteration, these values are updated as
B = old A
C = old B ↵ 30
D = old C
E = old D
A = E + (A ↵ 5) + Wt + Kt + f(t, B,C,D)
Where, Wt = Wn-3⨁Wn-8⨁Wn-14⨁Wn-16 is the t^th 32 bits word
block and Kt is the constant depending upon the value of t given
by the following relations:
Kt =5a827999 if 0<=t<=19
Kt =6ed9eba1 if 20<=t<=39
Kt =8f1bbcdc if 40<=t<=59
Kt =ca62c1d6 if 60<=t<=79

Again, f(t, B, C, D) is a function that varies according to the

f(t, B, C, D) = B ⨁ C ⨁ D if 20<=t<=39

f(t, B, C, D) = (B ∧ C) ∨ (B ∧ D) ∨ (C ∧ D) if 40<=t<=59

f(t, B, C, D) = B ⨁ C ⨁ D if 60<=t<=79
In each round following operations happen,(inner working of
SHA-1)
2. Secure Hash Algorithm-2 (SHA-2)
• SHA- 2 is a family of two similar hash functions known as
SHA-256 and SHA-512, with different block sizes.
• Both SHA-256 and SHA-512 algorithm belongs to SHA-2. They
differ in the word size.
• SHA-256 uses 32-bit words where SHA-512 uses 64-bit words.
• There are also truncated versions of each standards known as,
SHA-224, SHA-384, SHA-512, SHA-512/224, SHA-512/256.
Comparison of SHA Parameters:
SHA - 512
• SHA-512 is a member of SHA-2 family of cryptographic hash
functions. It was 1st published in the year 2001
• It is a hashing algorithm used to convert text of any length into a
fixed-size string. Each output produces a SHA-512 length of
512 bits(64 bytes).
• The algorithm is commonly used for email address hashing,
password hashing , and digital record verification. SHA-512 is
also used in blockchain technology, with the most notable
example being the BitShares network.
• SHA-512 undergoes following stages:
 i. Input formatting
ii. Hash buffer initialization
iii. Message processing
iv. Output
(refer page 343 pearson book)
Digital Signature
• A digital signature is a mathematical technique used to validate
the authenticity and integrity of a message, software or digital
document.
• As the digital equivalent of a handwritten signature or stamped
seal, a digital signature offers far more inherent security, and it
is intended to solve the problem of tampering and
impersonation in digital communications.
• Digital signatures can provide the added assurance of
evidences of origin, identity and status if an electronic
document, transaction or message and can acknowledge
informed consent by the signer.
Properties of Digital Signature
• Authentication: A digital signature must give the receiver
reason to believe the message was created and send by the
claimed sender.
• Non-repudiation: With digital signature, the sender cannot
deny having sent the message later on.
• Integrity: A digital signature must ensure that the message was
not altered in transit.
Generic Model of Digital Signature Process
Digital Signature: Types/Methods
1. Direct Digital Signatures:
• Direct Digital Signatures involve the direct application of
public-key algorithms involving only the communicating parties.
• A digital signature may be formed by encrypting the entire
message with the sender's private key, or by encrypting a hash
code of the message with the sender's private key.
• Confidentiality can be provided by further encrypting the entire
message plus signature using either public or private key
schemes.
• There is a threat of forged digital signature in this method.
2. Arbitrated Digital Signature
• The problems associated with direct digital signatures can be
addressed by using an arbiter, in a variety of possible
arrangements.
• The arbiter plays a sensitive and crucial role in this sort of
scheme, and all parties must have a great deal of trust that the
arbitration mechanism is working properly.
• These schemes can be implemented with either private or
public-key algorithms, and the arbiter may or may not see the
actual message contents.
• There is no threat of forged signature because arbiter verifies
the entire process due to time-stamping and dating.
Benefits and Drawbacks of Digital Signature
Benefits:
• Authentication: DS can be used to authenticate the source of
messages.
• Integrity: DS ensures the message is not compromised during
transmission.

Drawbacks:
• Trusted Time Stamping: DS do not inherently provide certainty about
the date and time when document is signed.
• Non-repudiation: The user cannot deny the fact that the document
was signed after the transmission is complete.