Advertisement

MMH: Software message authentication in the Gbit/second rates

  • Shai Halevi
  • Hugo Krawczyk
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1267)

Abstract

We describe a construction of almost universal hash functions suitable for very fast software implementation and applicable to the hashing of variable size data and fast cryptographic message authentication. Our construction uses fast single precision arithmetic which is increasingly supported by modern processors due to the growing needs for fast arithmetic posed by multimedia applications.

We report on hand-optimized assembly implementations on a 150 MHz PowerPC 604 and a 150 MHz Pentium-Pro, which achieve hashing speeds of 350 to 820 Mbit/sec, depending on the desired level of security (or collision probability), and a rate of more than 1 Gbit/sec on a 200 MHz Pentium-Pro. This represents a significant speed-up over current software implementations of universal hashing and other message authentication techniques (e.g., MD5-based). Moreover, our construction is specifically designed to take advantage of emerging microprocessor technologies (such as Intel’s MMX, 64-bit architectures and others) and then best suited to accommodate the growing performance needs of cryptographic (and other universal hashing) applications.

The construction is based on techniques due to Carter and Wegman for universal hashing using modular multilinear functions that we carefully modify to allow for fast software implementation. We prove the resultant construction to retain the necessary mathematical properties required for its use in hashing and message authentication.

Keywords

Hash Function Collision Probability Message Authentication Code Message Authentication Pseudorandom Generator 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. [AGS97]
    V. Afanassiev, C. Gehrmann and B. Smeets. Fast Message Authentication using Efficient Polynomial Evaluation Appeares in these proceedings.Google Scholar
  2. [AS96]
    M. Atici and D. Stinson. Universal Hashing and Multiple Authentication Advances in Cryptology — CRYPTO ’96 Proceedings, Lecture Notes in Computer Science Vol. 1109, N. Koblitz, ed., Springer-Verlag, 1996. pp. 16–30.Google Scholar
  3. [BCK96]
    M. Bellare, R. Canetti and H. Krawczyk. Keying hash functions for message authentication. Advances in Cryptology — CRYPTO ’96 Proceedings, Lecture Notes in Computer Science Vol. 1109, N. Koblitz, ed., Springer-Verlag, 1996. pp. 1–15.Google Scholar
  4. [BKR94]
    M. Bellare, J. Kilian and P. Rogaway. The security of cipher block chaining. Advances in Cryptology — CRYPTO ’94 Proceedings, Lecture Notes in Computer Science Vol. 839, Y. Desmedt, ed., Springer-Verlag, 1994. pp. 341–358.Google Scholar
  5. [BGV96]
    A. Bosselaers, R. Govaerts, J. Vandewalle. Fast Hashing on the Pentium, Advances in Cryptology — CRYPTO ’96 Proceedings Lecture Notes in Computer Science Vol. 1109, N. Koblitz, ed., Springer-Verlag, 1996. pp. 298–312.Google Scholar
  6. [Br82]
    G. Brassard. On computationally secure authentication tags requiring short secret shared keys, Advances in Cryptology — CRYPTO ’82 Proceedings, Springer-Verlag, 1983, pp. 79–86.Google Scholar
  7. [CW79]
    L. Carter and M. Wegman. Universal Hash Functions. J. of Computer and System Science 18, 1979, pp. 143–154.MathSciNetCrossRefzbMATHGoogle Scholar
  8. [CW]
    L. Carter and M. Wegman. Private Communication.Google Scholar
  9. [GMR88]
    S. Goldwasser, S. Micali and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal of Computing, vol. 17, 2 (April 1988), pp. 281–308.MathSciNetCrossRefzbMATHGoogle Scholar
  10. [HJ96]
    T. Helleseth and T. Johansson. Universal Hash Functions from Exponential Sums over Finite Fields Advances in Cryptology — CRYPTO ’96 Proceedings, Lecture Notes in Computer Science Vol. 1109, N. Koblitz, ed., Springer-Verlag, 1996. pp. 31–44.Google Scholar
  11. [Kr94]
    H. Krawczyk. LFSR-based Hashing and Authentication. Proceedings of CRYPTO ’94, Lecture Notes in Computer Science, vol. 839, Springer-Verlag, 1994, pp. 129–139.Google Scholar
  12. [Kr95]
    H. Krawczyk. New Hash Functions for Message Authentication. Proceedings of EUROCRYPT ’95, Lecture Notes in Computer Science, vol. 921, Springer-Verlag, 1995, pp. 301–310.Google Scholar
  13. [Ra79]
    Rabin, M.O., “Fingerprinting by Random Polynomials≓, Tech. Rep. TR-15-81, Center for Research in Computing Technology, Harvard Univ., Cambridge, Mass., 1981.Google Scholar
  14. [Ro95]
    P. Rogaway. Bucket Hashing and its application to Fast Message Authentication. Proceedings of CRYPTO ’95, Lecture Notes in Computer Science, vol. 963, Springer-Verlag, 1995, pp. 15–25.Google Scholar
  15. [Sh96]
    V. Shoup. On Fast and Provably Secure Message Authentication Based on Universal Hashing Advances in Cryptology — CRYPTO ’96 Proceedings, Lecture Notes in Computer Science Vol. 1109, N. Koblitz, ed., Springer-Verlag, 1996. pp. 313–328.Google Scholar
  16. [St94]
    D. Stinson. Universal Hashing and Authentication Codes. Designs, Codes and Cryptography, vol. 4, 1994, pp. 369–380.MathSciNetCrossRefzbMATHGoogle Scholar
  17. [To95]
    J. Touch. Performance Analysis of MD5. Proc. Sigcomm ’95, Boston, pp. 77–86.Google Scholar
  18. [St95]
    D. Stinson. On the Connection Between Universal Hashing, Combinatorial Designs and Error-Correcting Codes. TR95-052, Electronic Colloquium on Computational Complexity, 1995.Google Scholar
  19. [WC81]
    M. Wegman and L. Carter. New hash functions and their use in authentication and set equality. J. of Computer and System Sciences, vol. 22, 1981, pp. 265–279.MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag 1997

Authors and Affiliations

  • Shai Halevi
    • 1
  • Hugo Krawczyk
    • 2
  1. 1.Lab. for Computer ScienceMITCambridgeUSA
  2. 2.IBM T.J. Watson Research CenterYorktown HeightsUSA

Personalised recommendations