Internet.Security

9d24c9c8 60d88e12 bf344c9e a208b652

Figure 4.6 128-bit hash code computation using inverse operation.

97a0e99a

| |

f41d3352 753f20dc a41fd83f 2405fd5b 128-bit hash code

Figure 4.7 128-bit hash code computation using addition and multiplication.

P( 1) P( 3) = 56c9017f <<< 10 = 2405fd5b

P( 2) + P( 4) = fd20fec1 <<< 5 = a41fd83f

h= (P( 1) + P( 3)) <<< 5||(P( 2) P( 4)) <<< 10|| (P( 2) + P( 4)) <<< 5||(P( 2) P( 3)) <<< 10

=f41d3352 753f20dc a41fd83f 2405fd5b(128bits)

Sin

F(r)

<<< 1

LSB

0 or 1

PK

Sout

LSB : Least significant bit of input value

: Exclusive OR

: multiplication

PK : 32-bit constant (ex. 0x000000AE)

Figure 4.8 State transition function F(r) for PRBS generation.

This is the 128-bit hash code found. So far, we have discussed computation for the DMDC without appending a one-bit flag and the message length in hex digits.

4.2 Advanced DMDC Algorithm

This section presents the secure DMDC algorithm for providing an acceptable level of security.

4.2.1Key Schedule

Figure 4.10 shows the newly devised key generation scheme. The 64-bit input key reshapes to the 56-bit key sequence through Table 3.1 (PC-1). The 56-bit keys are loaded into two 28-bit registers (C0, D0). The contents of these two registers are shifted by the SLi and SRi positions to the left. SLr and SRr are generated by the state transition function F(r) shown in Figures 4.8 and 4.10. In Figure 4.10, the 64-bit input key is separated into two 32 bits. Each becomes the input Sin to F(r). SLr and SRr are computed from Sout (mod 23). LFSR in Figure 4.9 is the device for the generation of a pseudo-random binary sequence (PRBS), whose characteristic function is:

f(x) = x32 + x7 + x5 + x3 + x2 + x + 1 of a period 232 − 1

The 64-bit input key is assumed to be 7a138b2524af17c5. Using Figure 4.11, entire round keys are computed, as shown in Table 4.2.

136 INTERNET SECURITY

4.2.2Computation of Message Digests

After the input message M of arbitrary length appends padding, divide the padded message into the integer multiple of 128 bits such that M1, M2, . . . , ML. Each Mi again positions to four 32-bit words as:

M10, M11, M12, M13, M20, M21, M22, M23, . . . , ML0, ML1, ML2, ML3

where Mr = (Mr0, Mr1, Mr2, Mr3) represents the rth round 128-bit message unit as shown in Figure 4.11. A, B, C and D denote the four 32-bit buffers in which the data computed at the (r − 1)th round is to be stored. Thus, Mr0 A, Mr1 B, Mr2 C and Mr3 D will become the rth round input data. Notice that the output at each round is swapped such that the data diffusion becomes very effective.

The following example demonstrates motivation, so that the reader can understand the whole process at each round (Figure 4.11). The ASCII file structure for the input message is assumed to be as shown below:

001: 12345678901234567890 002: 23456789012345678901 003: 34567890123456789012

.

.

.

198:89012345678901234567

199:90123456789012345678

200:01234567890123456789

After receiving this ASCII file as input, the 128-bit divided blocks are expressed in hexadecimal notation as follows:

In the last block, the last three words contain padding and message length. The message length is 0xa8b0(43184 in decimal).

The swapped outputs A, B, C and D at each round are computed as shown in Table 4.3.

Thus, the hash code computations applied to the new DMDC algorithm are listed in Table 4.4.

The DMDC algorithm is a secure, compact and simple hash function. The security of DMDC has never been mathematically proven, but it depends on the problem of F(r) generating the PRBS sequence which makes each 28-bit key (left and right) shift to the

Table 4.3 The swapped output A, B, C and D at each round

Table 4.4 Hash code values based on the new DMDC scheme

left. The secure DMDC processes data sequentially block-by-block of a 128-bit unit when computing the message digest. The computation uses four working registers labelled A, B, C and D. These register contents are the swapped outputs at the end of each round. The four 32-bit input unit are XORed with the register contents. This process offers good performance and considerable flexibility.

4.3 MD5 Message-digest Algorithm

The MD5 message-digest algorithm was developed by Ronald Rivest at MIT in 1992. This algorithm takes a input message of arbitrary length and produces a 128-bit hash value of the message. The input message is processed in 512-bit blocks which can be divided into 16 32-bit subblocks. The message digest is a set of four 32-bit blocks, which concatenate to form a single 128-bit hash code. MD5 (1992) is an improved version of MD4, but is slightly slower than MD4 (1990).

The following steps are carried out to compute the message digest of the input message.

4.3.1 Append Padding Bits

The message is padded so that its length (in bits) is congruent to 448 modulo 512. That is, the padded message is just 64 bits short of being a multiple of 512. This padding is formed by appending a single ‘ 1’ bit to the end of the message, and then ‘ 0’ bits are appended as needed such that the length (in bits) of the padded message becomes congruent to 448 (= 512 − 64), modulo 512.

4.3.2 Append Length

A 64-bit representation of the original message length is appended to the result of the previous step. If the original length is greater than 264, then only the low-order 64 bits of the length are used for appending two 32-bit words.

The length of the resulting message is an exact multiple of 512 bits. Equivalently, this message has a length that is an exact multiple of 16 (32-bit) words. Let M[0 . . . N − 1] denote the word of the resulting message, with N an integer multiple of 16.

4.3.3 Initialise MD Buffer

A four-word buffer represents four 32-bit registers (A, B, C and D). This 128-bit buffer is used to compute the message digest. These registers are initialised to the following values in hexadecimal (low-order bytes first):

A = 01 23 45 67

B = 89 ab cd ef

C = fe dc ba 98

D = 76 54 32 10

These four variables are then copied into different variables: A as AA, B as BB, C as CC and D as DD.

4.3.4Define Four Auxiliary Functions (F, G, H, I)

F, G, H and I are four basic MD5 functions. Each of these four nonlinear functions takes three 32-bit words as input and produces one 32-bit word as output. They are, one for each round, expressed as:

F(X, Y, Z) = (X•Y) + (X•Z)

G(X, Y, Z) = (X•Z) + (Y•Z)

H(X, Y, Z) = X Y Z

I(X, Y, Z) = Y (X + Z)

where X•Y denotes the bitwise AND of X and Y; X + Y denotes the bitwise OR of X and Y; X denotes the bitwise complement of X, i.e. NOT(X); and X Y denotes the bitwise XOR of X and Y.

These four nonlinear functions are designed in such a way that if the bits of X, Y and Z are independent and unbiased, then at each bit position the function F acts as a conditional: if X then Y else Z. The functions G, H and I are similar to the function F in that they act in ‘bitwise parallel’ to their product from the bits of X, Y and Z. Notice that the function H is the bitwise XOR function of its inputs.

The truth table for the computation of four nonlinear functions (F, G, H, I) is given in Table 4.5.

4.3.5FF, GG, HH and II Transformations for Rounds 1, 2, 3 and 4

If M[k], 0 ≤ k ≤ 15, denotes the kth sub-block of the message, and <<< s represents a left shift s bits, the four operations are defined as follows:

FF(a, b, c, d, M[k], s, i) : a = b + ((a + F(b, c, d) + M[k] + T[i] <<< s)

GG(a, b, c, d, M[k], s, i) : a = b + ((a + G(b, c, d) + M[k] + T[i] <<< s)

Table 4.5 Truth table of four nonlinear functions