Message authentication ensures that:

• Integrity — the message content has not been altered in transit.

• Authenticity — the message was created by (or at least had the involvement of) the
claimed sender.

• (Sometimes) Non-repudiation — the sender cannot plausibly deny they created

the message (this is only provided by asymmetric signatures).

A message 𝑀is sent together with a small extra value (an authentication tag, MAC, or
signature). The receiver recomputes/verifies that tag; if it matches, the receiver accepts the
message.

Two main classes of message authentication

A. Message Authentication Codes (MACs) — symmetric-key

B. Digital Signatures — asymmetric

 A. MAC

A Message Authentication Code (MAC) is a short value (like a digital stamp) that verifies the
authenticity and integrity.

It is generated using:

• the message (M), and

• a secret key (K) shared between sender and receiver.

MAC = 𝑓(𝑀, 𝐾)

Only those who know the secret key can create or verify it.

Sender (Alice):

1. Has a message → M = "Pay Rs.500"

2. Uses secret key K = "key123"

3. Computes

MAC = 𝑓(𝑀, 𝐾)

4. Sends both → ("Pay Rs.500", MAC)

Receiver (Bob):

1. Also knows K

2. Recomputes MAC: f(M, K)

3. Compares with the received MAC

If they match → message is authentic

If not → message is tampered or fake
Because the same key K is used for both generating and verifying the MAC.
That’s why it’s called a symmetric-key authentication method.

Limitation:
Since both know the same key, either could have created the MAC — so non-repudiation is
not provided.
Role of Hash Functions in MACs

Most MACs today use hash functions to generate the authentication code.

A hash function converts any input message into a fixed-length value called a hash or
message digest.

Example:

Input : "HELLO"

Output: 8b1a9953c4611296a827abf8c47804d7

Properties of a Good Cryptographic Hash Function

Same input → same hash always

Output is fixed (e.g., 128, 160, or 256 bits)

Hard to get the original message from hash

No two different messages should have the same hash

Small change in input → large change in hash output

Quick to compute for any input size

Message Digest Algorithms

These are standard hash functions used to produce message digests (fixed-length
outputs):

Algorithm Output Developed By Notes / Use

Size

MD5 128 bits RSA Labs Old and not secure now (collisions
found)

SHA-1 160 bits NIST Better than MD5 but also broken

SHA-256 256 bits NIST (SHA-2 Currently secure and widely used
family)
MD5- MESSAGE DIGEST 5

A Message Digest Algorithm is a hash function used in cryptography to take any message
(of any length) and produce a fixed-size output, called a digest or hash value.

They ensure:

• Integrity – detects if data has been changed.

• Authentication – used in combination with keys to verify sender.

• Digital Signatures – sign the digest instead of whole data (faster).

Developed by:VRon Rivest (1991)

Output size:128 bits (16 bytes)

STEPS

1. Input message is divided into 512-bit blocks.

2. Each block is processed through a series of 64 rounds of operations.

3. Finally, a 128-bit digest is produced.

Example:

MD5("hello") = 5d41402abc4b2a76b9719d911017c592
Detailed Process:

1. Divide into 16 Words

MD5 processes data in 512-bit blocks, so your message must fit perfectly.

Let’s say your message = "abc" (3 bytes = 24 bits)

To make it 512 bits:

1. Add one “1” bit → 01100001 01100010 01100011 1

2. Add enough “0” bits until the total is 448 bits.

3. Add 64 bits at the end showing the original message length (24 bits).

Now the total = 512 bits (exactly one block)

2. Divide into 16 Words

That 512-bit block is divided into 16 parts of 32 bits each, called:

M[0], M[1], M[2], …, M[15]

Each will be used once per round.

3. Initialize 4 Registers

MD5 always starts with the same 4 fixed constants:

Register Hex Value

A 0x67452301

B 0xEFCDAB89

C 0x98BADCFE

D 0x10325476
 4. Define the Four Logical Functions

Each round uses a different mixing logic:

Round Function Formula Description

1 F (B∧C) ∨ (¬B∧D) If B then C else D

2 G (B∧D) ∨ (C∧¬D) Different bit pattern

3 H B⊕C⊕D XOR mix

4 I C⊕(B∨¬D) Complex mix

5. 64 Steps in 4 Rounds

Each of the 64 steps updates one of A, B, C, D using the same basic formula:

𝐴 = 𝐵 + LeftRotate(𝐴 + 𝐹(𝐵, 𝐶, 𝐷) + 𝑀[𝑘] + 𝑇[𝑖], 𝑠)

Where:

A,B,C,D Current register values

F One of F, G, H, I (depends on round)

M[k] One of the 16 message words

T[i] A constant from a table (precomputed using sine function)

s Left rotation amount (changes each step)

Each round uses a different F/G/H/I, message order, and rotation amount ..this scrambles
bits heavily.

6. Add Final Values

After all 64 steps:

A = A + A₀
B = B + B₀

C = C + C₀

D = D + D₀

(The new A,B,C,D are added to their original starting values.)

7. Produce Final 128-bit Digest

Finally, the concatenated values:

A || B || C || D

form the 128-bit MD5 hash — usually shown in 32-digit hexadecimal.

Example:

For "abc" → 900150983cd24fb0d6963f7d28e17f72

Problem:

MD5 is no longer secure , attackers can find collisions (two different messages producing
the same hash).

Used for:

• Non-critical checksum (like verifying downloaded files)

• Not for security-sensitive tasks anymore

SHA-1 (Secure Hash Algorithm 1)

Developed by:NSA (National Security Agency, 1995)

Output size:160 bits (20 bytes)

Steps

1. Message split into 512-bit blocks.

2. Each block goes through 80 rounds of mixing and shifting.

3. Final output = 160-bit hash.

Example:

SHA1("hello") = aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
Detail Process;

1. Padding the Message

SHA-1 also works on 512-bit blocks, so the message must fit neatly into those.

For message "abc":

1. Write its binary (24 bits).

2. Add one ‘1’ bit.

3. Add enough 0s so the total is 448 bits.

4. Append the 64-bit length of the original message at the end.

Now you have one 512-bit block.

2. Divide into 16 Words

That 512-bit block is divided into 16 words of 32 bits each, called:

W[0] … W[15]

3. Expand to 80 Words

Unlike MD5, SHA-1 expands these into 80 words (W[0] → W[79]) using this formula:

𝑊[𝑡] = LeftRotate(𝑊[𝑡 − 3] ⊕ 𝑊[𝑡 − 8] ⊕ 𝑊[𝑡 − 14] ⊕ 𝑊[𝑡 − 16],1)

This means from the 17th word onward, each word is a mix of four earlier words — it keeps
the diffusion spreading.
 4. Initialize 5 Registers

SHA-1 uses five 32-bit registers (instead of four in MD5):

Register Initial Hex Value

A 0x67452301

B 0xEFCDAB89

C 0x98BADCFE

D 0x10325476

E 0xC3D2E1F0

(These constants come from the official SHA-1 standard — not random.)

5. Define Logical Functions and Constants

SHA-1 has four rounds, each of 20 steps (20 × 4 = 80 steps total).

Each round uses a different function f(t) and a constant K(t).

Round Steps Function f(t) Constant K(t) Description

1 0–19 (B∧C) ∨ (¬B∧D) 0x5A827999 Similar to MD5 F

2 20–39 B⊕C⊕D 0x6ED9EBA1 XOR mixing

3 40–59 (B∧C) ∨ (B∧D) ∨ (C∧D) 0x8F1BBCDC Majority function

4 60–79 B⊕C⊕D 0xCA62C1D6 XOR again

6. Perform 80 Steps

Each of the 80 steps updates A,B,C,D,E using this formula:

TEMP = LeftRotate(𝐴, 5) + 𝑓(𝑡, 𝐵, 𝐶, 𝐷) + 𝐸 + 𝑊[𝑡] + 𝐾[𝑡]

Then the registers shift like this:

E=D

D=C

C = LeftRotate(B,30)

B=A

A = TEMP

This process repeats for all 80 steps , constantly rotating and mixing bits.

7. Add Back to Initial Values

After one 512-bit block is processed:

H0 = H0 + A

H1 = H1 + B

H2 = H2 + C

H3 = H3 + D

H4 = H4 + E

If the message had multiple 512-bit blocks, you’d repeat all steps for each block, feeding
the updated H values into the next block.

8. Produce Final Digest

Finally, the 5 registers (H0…H4) are concatenated:

SHA1(message) = H0 || H1 || H2 || H3 || H4

Output = 160 bits = 40 hex characters

Example:

"abc" → a9993e364706816aba3e25717850c26c9cd0d89d
Problem

SHA-1 is no longer considered secure for cryptography (since 2017).

Collisions (two different messages giving same hash) have been found.
Now we use:

• SHA-256

• SHA-512

• SHA-3

Used for:

• Older digital signatures

• Legacy systems (but being phased out)

SHA-256 (Secure Hash Algorithm 256-bit)
Developed by: NSA (National Security Agency, 2001)
Output size: 256 bits (32 bytes)

Steps

• Message split into 512-bit blocks.

• Each block goes through 64 rounds of logical operations and additions.

• Final output = 256-bit hash.

Example:
SHA256("hello") =
2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
Detail Process:

1. Padding the Message

SHA-256, like SHA-1, processes 512-bit blocks, so the input message is padded to fit
perfectly.
For message "abc":

• Write binary of "abc" (24 bits).

• Add one ‘1’ bit.

• Add enough ‘0’s so that total length = 448 bits.

• Append the 64-bit length of the original message at the end.

Now total = 512 bits (1 block).

2. Divide into 16 Words

That 512-bit block is divided into 16 words of 32 bits each:

W[0] … W[15]

3. Expand to 64 Words

Unlike SHA-1 (which expands to 80), SHA-256 expands these into 64 words (W[0] → W[63])
using:

W[t] = σ₁(W[t−2]) + W[t−7] + σ₀(W[t−15]) + W[t−16]

Where
σ₀(x) = (x rightrotate 7) ⊕ (x rightrotate 18) ⊕ (x >> 3)
σ₁(x) = (x rightrotate 17) ⊕ (x rightrotate 19) ⊕ (x >> 10)

This adds nonlinearity and diffusion across all words.

4. Initialize 8 Registers

SHA-256 uses eight 32-bit registers (instead of 5 in SHA-1):

 Register Initial Hex Value

A 0x6A09E667

B 0xBB67AE85

C 0x3C6EF372

D 0xA54FF53A

E 0x510E527F

F 0x9B05688C

G 0x1F83D9AB

H 0x5BE0CD19

(These constants are derived from the square roots of the first 8 primes.)

5. Define Logical Functions and Constants

SHA-256 uses 64 rounds : each uses a unique constant K[t] and logical functions:

Functions:

• Ch(E, F, G) = (E ∧ F) ⊕ (¬E ∧ G)

• Maj(A, B, C) = (A ∧ B) ⊕ (A ∧ C) ⊕ (B ∧ C)

• Σ₀(A) = (A rightrotate 2) ⊕ (A rightrotate 13) ⊕ (A rightrotate 22)

• Σ₁(E) = (E rightrotate 6) ⊕ (E rightrotate 11) ⊕ (E rightrotate 25)

Constants K[0] … K[63] are derived from cube roots of the first 64 prime numbers.

6. Perform 64 Steps

For each round t = 0 → 63:

TEMP1 = H + Σ₁(E) + Ch(E,F,G) + K[t] + W[t]

TEMP2 = Σ₀(A) + Maj(A,B,C)

Then update registers:

H=G
G=F
F=E
E = D + TEMP1
D=C
C=B
B=A
A = TEMP1 + TEMP2

This repeats for all 64 steps, thoroughly mixing all bits.

7. Add Back to Initial Values

After processing one 512-bit block:

H0 = H0 + A
H1 = H1 + B
H2 = H2 + C
H3 = H3 + D
H4 = H4 + E
H5 = H5 + F
H6 = H6 + G
H7 = H7 + H

If there are multiple blocks, the process repeats, carrying forward updated values.

8. Produce Final Digest

Finally, concatenate all 8 registers:

SHA256(message) = H0 || H1 || H2 || H3 || H4 || H5 || H6 || H7
Output = 256 bits = 64 hex characters

Example:
"abc" →
ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
Problem

• SHA-256 is computationally heavier than SHA-1 but far more secure.

• No practical collisions found till date.

• Still widely used in modern cryptography.

Used for:

• Digital signatures (e.g., ECDSA, RSA)

• Blockchain (Bitcoin uses SHA-256)

• SSL/TLS certificates

• File integrity verification

Feature SHA-1 SHA-256

Full Name Secure Hash Algorithm 1 Secure Hash Algorithm 256

Developed By NSA, 1995 NSA, 2001

Output Size 160 bits (20 bytes) 256 bits (32 bytes)

Block Size 512 bits 512 bits

Number of 80 64
Rounds

Registers Used 5 (A–E) 8 (A–H)

Word 16 → 80 words 16 → 64 words

Expansion

Functions f(t) changes per round Ch, Maj, Σ₀, Σ₁

Used

Constants K[t] 4 fixed values 64 unique values (from cube roots

of primes)

Hash Example SHA1("abc") = a9993e364706816a SHA256("abc") =

... c9cd0d89d ba7816bf8f01cfea ... f20015ad

Security Level Broken (collisions found 2017) Secure (no collisions known)

Speed Faster Slightly slower but stronger

Used In Legacy signatures, old systems Modern crypto, blockchain,

SSL/TLS

Status Deprecated / Insecure Recommended / Current

Standard