1 / 23

Tiger: a fast hash

Tiger: a fast hash. Eric Seidel CS 257: Security Engineering. Overview. Hashing: a quick review Tiger Why Tiger? How it works Q & A. Hashing: A review. Non-linear, (generally) non-reversable function Purpose: smaller, unique representation of data. (Integrity)

cmanuel
Télécharger la présentation

Tiger: a fast hash

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tiger: a fast hash • Eric Seidel • CS 257: Security Engineering

  2. Overview • Hashing: a quick review • Tiger • Why Tiger? • How it works • Q & A

  3. Hashing: A review • Non-linear, (generally) non-reversable function • Purpose: smaller, unique representation of data. (Integrity) • Important to have high avalanche • Important to be fast.

  4. Tiger • Designed for 64-bit processors • Produces larger 192-bit hash (128 compat.) • Designed by Ross Anderson, Eli Biham • Drop-in for MD5

  5. Why Tiger? • Hashing should be fast. • 32-bit hashing on 64-bit machine runs at half efficiency. • Uses s-box concept for better non-linearity. • Faster than SHA-1, MD5 on 64-bit • Possibly more secure than SHA-1 or MD5

  6. How Tiger Works...

  7. Overview • Tiger operates on 512-bit blocks • Each block is broken into 8, 64-bit words • Tiger returns 3 (or 2) 64-bit words

  8. Overview Diagram Message Length Pad 512-bit Blocks 64-bit Words 192-bit Hash

  9. Stages • Save ABC • Pass 1, Key Schedule 1 • Pass 2, Key Schedule 2 • Pass 3 • feed-forward ABC

  10. Save ABC • ABC are initially salted with speical values. • At the beginning of each successive round ABC are saved for later use with feed-forward. • 64_bit_word aa = a, bb = b, cc = c;

  11. Pass 1, detail • 1 pass = 8 rounds, 1 for each 64-bit word • 64-bit words (keys) referred to as x0 - x7 • Each pass uses a multiplier (5,7,9) to redistribute bits between s-box lookups. • round(a,b,c,x0, mul);

  12. Round function • round(a,b,c,x, multiplier):c = c ^ xa = a – (s1[c1] ^ s2[c3] ^ s3[c5] ^ s4[c7])b = b + (s4[c2] ^ s3[c4] ^ s2[c6] ^ s1[c8])b = b * multiplier • ^ denotes XOR

  13. S-Boxes • s-boxes compose a non-linear function • map from 8 bits into 64. • Available on the author’s site:http://www.cs.technion.ac.il/~biham/

  14. Key Schedule • Key-Schedule re-distributes input bits. • Introduces further algorithm complexity. • Rotates words within block. • Each block is only looked at 3 times in the passes, this further distributes the bits.

  15. Feed-Forward • Generates new carry values from previous • a = a ^ aa ; • b = b - bb ; • c = c + cc ;

  16. Java Demo

  17. Further Thoughts...

  18. Final thoughts • Security • Complexity • Popularity • Performance

  19. Security • Good Avalanche • Long hash (large keyspace) • Little literature

  20. Complexity • More complex than either MD5 or SHA-1 • Potential barrier to entry

  21. Popularity • Complexity disadvantage • Relatively new (MDx, and SHA much older) • No pressing need

  22. Performance • Better than SHA-1, MD5 on 64-bit • Comparable on 32-bit • Makes (relatively) large TMTO • Slow (and large!) in hardware

  23. Q & A

More Related