The UMBC Cyber Defense Lab presents
Statistical Testing of Hash Bit Sequences
Enis Golaszewski
CSEE, UMBC
11:15am-12:30pm Friday, 6 May 2016, ITE 237
We tested bit sequences generated from the MD5 hash function using multinomial distribution and close-point spatial statistical tests for randomness. We found that bit sequences generated from truncated-round MD5 hash fail these tests for high- and low-density input choices.
In 2000, the National Institute of Standards and Technology concluded a competition to select the Advanced Encryption Standard. One of the requirements for candidates was randomness of output bits. The techniques used to evaluate symmetric block cipher randomness have not been extensively applied to hash functions.
In this study, we adapt a subset of the techniques used to analyze the randomness of AES candidate algorithms to study the randomness of the well-known MD5 hash function. Our approach uses high-density, lo- density, and chained-input methods to generate MD5 hashes. We concatenate these hash outputs and subjected them to multinomial distribution and close-point spatial tests. We iterated this approach over reduced-round versions of MD5. Our presentation includes specifications for the input methods, details on the statistical tests, and analysis of the statistical results.
Through statistical testing of concatenated MD5 hashes, we derive results that demonstrate a link between the performance of the concatenated hash bit sequences in our statistical testing and the number of hash rounds applied to the high-density and low-density input methods. Randomness is a desirable property for cryptographic hash functions. We present a new approach that facilitates the analysis and interpretation of hash functions for statistical randomness.
About the Speaker. Enis Golaszewski is a prospective PhD student in CS at UMBC, working with Dr. Alan T. Sherman. His research interests include the security of software-defined networks. He graduated from UMBC in CS in December 2015 and was a student in the fall 2015 INSuRE class. Email: <Sorry, you need javascript to view this email address. >
Host: Alan T. Sherman, Sorry, you need javascript to view this email address.