Lecture-16
CS 703
Department of CSE/IT
MD5
MD5:- MD5 was the last in a succession of cryptographic hash functions
designed by Ron Rivest in the early 1990s.
It is a widely-used well-known 128-bit iterated hash function, used in various
applications including SSL/TLS, IPSec, and many other cryptographic protocols.
I
t is also commonly-used in implementations of time stamping mechanisms,
commitment schemes, and integrity-checking applications for online software,
distributed file systems, and random-number generation.
MD5 Algorithm Description
The following five steps are performed to compute the message digest of the
message.
Step 1. Append Padding Bits
The message is "padded" (extended) so that its length (in bits) is congruent to
448, modulo 512. That is, the message is extended so that it is just 64 bits shy of
being a multiple of 512 bits long. Padding is always performed, even if the length
of the message is already congruent to 448, modulo 512.
Padding is performed as follows: a single "1" bit is appended to the message, and
then "0" bits are appended so that the length in bits of the padded message
becomes congruent to 448modulo 512. In all, at least one bit and at most 512 bits
are appended.
�Step 2. Append Length
A 64-bit representation of b (the length of the message before the padding bits
were added) is appended to the result of the previous step. In the unlikely event
that b is greater than 2^64, then only the low-order 64 bits of b are used. (These
bits are appended as two 32-bit words and appended low-order word first in
accordance with the previous conventions.)
At this point the resulting message (after padding with bits and with b) has a
length that is an exact multiple of 512 bits. Equivalently, this message has a length
that is an exact multiple of 16 (32-bit) words. Let M[0 ... N-1] denote the words
of the resulting message, where N is a multiple of 16.
Step 3. Initialize MD Buffer
A four-word buffer (A,B,C,D) is used to compute the message digest. Here each
of A, B, C, D is a 32-bit register.
These registers are initialized to the following values in hexadecimal, low-order
bytes first):
word A: 01 23 45 67
word B: 89 ab cd ef
word C: fe dc ba 98
word D: 76 54 32 10
Step 4. Process Message in 16-Word Blocks
We first define four auxiliary functions that each take as input three 32-bit words
and produce as output one 32-bit word.
F(X,Y,Z) = XY v not(X) Z
G(X,Y,Z) = XZ v Y not(Z)
H(X,Y,Z) = X xor Y xor Z
�I(X,Y,Z) = Y xor (X v not(Z))
In each bit position F acts as a conditional: if X then Y else Z. The function F
could have been defined using + instead of v since XY and not(X)Z will never
have 1's in the same bit position.) It is interesting to note that if the bits of X, Y,
and Z are independent and unbiased, the each bit of F(X,Y,Z) will be independent
and unbiased.
The functions G, H, and I are similar to the function F, in that they act in "bitwise
parallel" to produce their output from the bits of X, Y, and Z, in such a manner
that if the corresponding bits of X, Y, and Z are independent and unbiased, then
each bit of G(X,Y,Z), H(X,Y,Z), and I(X,Y,Z) will be independent and unbiased.
Note that the function H is the bit-wise "xor" or "parity" function of its inputs.
Step 5. Output
The message digest produced as output is A, B, C, D. That is, we begin with the
low-order byte of A, and end with the high-order byte of D.
Differences Between MD4 and MD5
The following are the differences between MD4 and MD5:
1. A fourth round has been added.
2. Each step now has a unique additive constant.
3. The function g in round 2 was changed from (XY v XZ v YZ) to (XZ v Y
not(Z)) to make g less symmetric.
4. Each step now adds in the result of the previous step. This promotes a faster
"avalanche effect".
5. The order in which input words are accessed in rounds 2 and 3 is changed, to
make these patterns less like each other.
6. The shift amounts in each round have been approximately optimized, to yield
a faster "avalanche effect." The shifts in different rounds are distinct.
