CN100405386C - A security authentication method in a radio frequency identification system - Google Patents

Abstract

Translated fromChinese

本发明公开了一种射频识别系统中的安全认证方法，认证过程基于散列运算，并加入随机数掩码和密钥更新等方法。读卡器和电子标签双方均存有相同的密钥对K1、K2。K1和随机数R进行散列运算对电子标签进行认证，K2和唯一标识符C进行散列运算对读卡器进行认证。本发明提供的安全认证方法对于射频识别系统中存在的几种安全和隐私问题的防护能够有效地解决，并能够满足电子标签芯片的低成本、低功耗的需求。本发明具有防止地点隐私泄露、防止标签信息被窃取、防止伪造标签和防止中间人攻击等特点，并且对于电子标签的低成本实现更具意义。

The invention discloses a safety authentication method in a radio frequency identification system. The authentication process is based on hash operation, and methods such as random number mask and key update are added. Both the card reader and the electronic tag store the same key pair K1, K2. K1 performs a hash operation with the random number R to authenticate the electronic tag, and K2 and the unique identifier C performs a hash operation to authenticate the card reader. The safety authentication method provided by the invention can effectively solve the protection of several safety and privacy problems existing in the radio frequency identification system, and can meet the requirements of low cost and low power consumption of the electronic label chip. The invention has the characteristics of preventing leakage of location privacy, preventing label information from being stolen, preventing counterfeit labels, preventing man-in-the-middle attacks, and the like, and is more meaningful for the low-cost realization of electronic labels.

Description

Translated fromChinese

一种射频识别系统中的安全认证方法A security authentication method in a radio frequency identification system

技术领域technical field

本发明属于射频识别技术领域，具体为一种射频识别系统中的安全认证方法，尤其适用于无源电子标签与读卡器之间的认证。The invention belongs to the technical field of radio frequency identification, in particular to a safety authentication method in a radio frequency identification system, and is especially suitable for authentication between a passive electronic tag and a card reader.

背景技术Background technique

射频识别(RFID)这一革命性的技术是20世纪90年代开始兴起的一种利用大规模集成电路与无线通信技术相结合的自动识别技术。但由于读卡器与RFID标签之间是无线通信，因此射频识别系统很容易受到攻击。在实际应用中，各应用领域已经对电子标签的应用安全提出了现实的需求。The revolutionary technology of radio frequency identification (RFID) is an automatic identification technology that combines large-scale integrated circuits and wireless communication technologies that began to emerge in the 1990s. However, due to the wireless communication between the reader and the RFID tag, the RFID system is vulnerable to attack. In practical applications, various application fields have put forward realistic requirements for the application security of electronic tags.

在射频识别系统中，主要是针对信息安全和隐私防护两方面的考虑。由于标签携带有唯一标识符UID，一旦被获得，也就获得了目标对象的数据信息。而且，攻击方也能根据这些特定的信息对特定目标进行地点跟踪。因此，射频识别系统中的安全认证显得意义重大。In the radio frequency identification system, it is mainly for the consideration of two aspects of information security and privacy protection. Since the tag carries a unique identifier UID, once it is obtained, the data information of the target object is also obtained. Moreover, the attacker can also track the location of a specific target based on these specific information. Therefore, the security certification in the radio frequency identification system is of great significance.

目前，国际上还没有将具有交互(标签芯片和读写器及后端系统之间)安全认证协议用于RFID系统中。但相关的研究工作较多，主要是针对信息安全和隐私防护。S.Weis[见S.Weis，S.Sarma，R.Rivest and D.Engels，“Security andPrivacy Aspects of Low-Cost Radio Frequency Identification Systems，″in lst InternConference on Security in Pervasive Computing(SPC)，2003.]等提出了一种基于散列函数锁存的认证方法，在这个认证方法中，每个电子标签分配了不同的认证密钥k，电子标签存储密钥k的hash值mentaID(mentaID＝hash(k))。当读卡器询问电子标签时，电子标签将mentaID值发送给读写器，读卡器将mentaID值传给后端数据库，同时在后端的数据库中查找相应的认证密钥k。数据库通过读写器将认证密钥k发送给电子标签，标签将得到的认证密钥k通过散列函数运算得到一个散列值，将该值与本身储存的mentaID值进行比较，如果两个值相等的话，电子标签将通过认证并向周围的阅读器提供所有的存储信息。这是一种较直接和经济的方法，但是电子标签对读写器的响应的信息是可预测的，所以地点隐私被泄露。此外，认证密钥k和电子标签的存储信息容易被窃取。S.Weis在这种锁存方法的基础上做了一些改进，改进后的方案虽然可以保护地点隐私，但是无法对抗中间人攻击。Jeongkyu Yang[见Jeongkyu Yang，Jaemin Park，Hyunrok Lee and Kui Ren，“MutualAuthentication Protocol for Low-cost RFID，″ECRYPT Workshop on RFID and LightweightCrypto，Graz University of Technology，Austria，2005]等在此基础上提出了一种交互认证的方案，此方案运用密钥对(k1，k2)来认证读卡器和电子标签，能较好的防止上述攻击，但是存在两个缺点；第一，在每次认证后，密钥(k1，k2)才会更新。在密钥更新之前，攻击方每次用相同的询问指令询问电子标签时，电子标签的响应是相同的。这样，地点隐私也会被泄露，第二，在这种认证方案中，数据库的计算量很大，不适合同时处理大量标签，例如共有N个标签的ID，那么就需要进行N次搜索和N次散列(hash)函数计算。Tassos Dimitriou[见Tassos Dimitriou，“A Lightweight RFID Protocol to protect againstTraceability and Cloning attacks”，ECRYPT Workshop on RFID and Lightweight Crypto，Graz University of Technology，Austria，2005]等给出一种防地点隐私和防伪造的安全认证机制，它的原理是在标签和后端数据库共享的秘密ID被不断刷新，不公布的秘密ID可以防伪造，秘密ID的刷新可以防跟踪。但是这种方案需要标签处理的信息很多，需要产生两个散列函数值发送给读写器，并在接收读写器的散列值的同时，产生相应的值进行比较，使得标签安全认证电路的实现成本较高。At present, there is no security authentication protocol with interaction (between the tag chip and the reader and the back-end system) used in the RFID system in the world. However, there are many related research works, mainly for information security and privacy protection. S. Weis [See S. Weis, S. Sarma, R. Rivest and D. Engels, "Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems," in lst InternConference on Security in Pervasive Computing (SPC), 2003.] proposed an authentication method based on hash function latching. In this authentication method, each electronic tag is assigned a different authentication key k, and the electronic tag stores the hash value mentaID of the key k (mentaID=hash(k )). When the card reader inquires the electronic tag, the electronic tag sends the mentaID value to the reader, and the card reader sends the mentaID value to the back-end database, and at the same time searches the corresponding authentication key k in the back-end database. The database sends the authentication key k to the electronic tag through the reader-writer, and the tag obtains a hash value through the operation of the hash function on the authentication key k, and compares this value with the mentaID value stored in itself. If the two values If it is equal, the electronic tag will pass the authentication and provide all the stored information to the surrounding readers. This is a more direct and economical method, but the response information of the electronic tag to the reader is predictable, so the privacy of the location is leaked. In addition, the stored information of the authentication key k and the electronic tag is easy to be stolen. S. Weis made some improvements on the basis of this locking method. Although the improved scheme can protect the privacy of the location, it cannot resist man-in-the-middle attacks. Jeongkyu Yang [see Jeongkyu Yang, Jaemin Park, Hyunrok Lee and Kui Ren, "MutualAuthentication Protocol for Low-cost RFID," ECRYPT Workshop on RFID and LightweightCrypto, Graz University of Technology, Austria, 2005] et al. This scheme uses a key pair (k1, k2) to authenticate the card reader and the electronic tag, which can better prevent the above attacks, but there are two disadvantages; first, after each authentication, the key The key (k1, k2) will be updated. Before the key is updated, each time the attacker inquires the electronic tag with the same inquiry command, the response of the electronic tag is the same. In this way, the privacy of the location will also be leaked. Second, in this authentication scheme, the calculation of the database is very large, and it is not suitable for processing a large number of tags at the same time. For example, if there are N tag IDs in total, then N searches and N Secondary hash (hash) function calculation. Tassos Dimitriou [see Tassos Dimitriou, "A Lightweight RFID Protocol to protect against Traceability and Cloning attacks", ECRYPT Workshop on RFID and Lightweight Crypto, Graz University of Technology, Austria, 2005] etc. give a security against location privacy and anti-counterfeiting The principle of the authentication mechanism is that the secret ID shared by the tag and the back-end database is constantly refreshed, the unpublished secret ID can prevent forgery, and the refreshing of the secret ID can prevent tracking. However, this scheme requires a lot of information to be processed by the tag, and two hash function values need to be generated and sent to the reader, and while receiving the hash value of the reader, generate a corresponding value for comparison, so that the tag security authentication circuit The implementation cost is higher.

国内相关的研究产品中，只有一些加密产品的推出，对于包含认证机制的系统推出，还没有相关报道。Among the relevant domestic research products, only some encryption products have been launched, and there are no relevant reports on the launch of systems including authentication mechanisms.

发明内容Contents of the invention

本发明的主要目的是实现一种射频识别系统中的安全认证方法，该方法可以保护地点隐私，防止标签信息被窃取，防止伪造标签的攻击以及防止中间人攻击。The main purpose of the present invention is to realize a security authentication method in a radio frequency identification system, which can protect location privacy, prevent label information from being stolen, prevent counterfeit label attacks and prevent man-in-the-middle attacks.

本发明提供的一种射频识别系统中的安全认证方法，其步骤包括：A safety authentication method in a radio frequency identification system provided by the present invention, the steps include:

(1)读卡器向电子标签发送带伪随机数R的询问指令；(1) The card reader sends an inquiry command with a pseudo-random number R to the electronic tag;

(2)电子标签接收到询问指令后，从电子标签芯片内部EEPROM中读取密钥k1，将密钥k1和伪随机数R进行散列运算，将散列运算后的结果S1与唯一标识符C用随机数p进行掩码，再将掩码得到的数据M传送给读卡器；(2) After the electronic tag receives the query command, it reads the key k1 from the EEPROM inside the electronic tag chip, performs a hash operation on the key k1 and the pseudo-random number R, and combines the result S1 after the hash operation with the unique identifier C uses a random number p to mask, and then transmits the masked data M to the card reader;

(3)读卡器正确识别上述掩码后的数据M后，将数据M和伪随机数R一起传送给终端；(3) After the card reader correctly identifies the data M after the above mask, it transmits the data M and the pseudo-random number R to the terminal together;

(4)终端对数据M和伪随机数R按下述步骤进行判断：(4) The terminal judges the data M and the pseudo-random number R according to the following steps:

(4.1)去掉数据M中的掩码，得到散列运算后的结果S1与唯一标识符C；(4.1) Remove the mask in the data M to obtain the result S1 and the unique identifier C after the hash operation;

(4.2)根据唯一标识符C从终端的存储信息中获得对应的密钥k1；(4.2) Obtain the corresponding key k1 from the storage information of the terminal according to the unique identifier C;

(4.3)将密钥k1与伪随机数R按照步骤(2)中相同的算法进行散列运算，得到数据S2；(4.3) Carry out the hash operation with the key k1 and the pseudo-random number R according to the same algorithm in step (2), to obtain the data S2;

(4.4)将数据S2与S1进行比较，如果相等，则认为标签合法，否则认为标签是伪标签，终止通信；(4.4) Compare the data S2 with S1, if they are equal, the label is considered legal, otherwise the label is considered to be a pseudo-label, and the communication is terminated;

(5)如果标签为合法电子标签，终端从数据库中取出另一密钥k2，将密钥k2与唯一标识符C进行散列运算，得到数据N1，并发送给读卡器；(5) If the tag is a legal electronic tag, the terminal takes out another key k2 from the database, performs a hash operation on the key k2 and the unique identifier C, obtains data N1, and sends it to the card reader;

(6)读卡器将数据N1传送给电子标签；(6) The card reader transmits the data N1 to the electronic tag;

(7)电子标签接收到数据N1后，从电子标签芯片内部EEPROM中读取另一密钥k2，然后按照步骤(5)相同的算法将密钥k2与唯一标识符C进行散列运算，得到数据N2；再比较数据N1与N2，如果相等，则通过认证，交互认证完成；否则，认证失败，电子标签不对该读卡器的其他指令进行响应；(7) After the electronic tag receives the data N1, it reads another key k2 from the EEPROM inside the electronic tag chip, and then performs a hash operation on the key k2 and the unique identifier C according to the same algorithm in step (5), to obtain Data N2; then compare the data N1 and N2, if they are equal, the authentication is passed, and the mutual authentication is completed; otherwise, the authentication fails, and the electronic tag does not respond to other instructions of the card reader;

(8)在完成认证后，读卡器和标签双方以相同的方式更新密钥k1，k2。(8) After completing the authentication, both the card reader and the tag update the keys k1 and k2 in the same way.

本发明在理论上是一种安全的认证方案，对于射频识别系统中存在的几种安全隐患和隐私问题都能较好的防护，而且实际中也已经成功实现，特别是针对采用无源标签的射频识别系统，这种认证方式优势更为明显。具体而言，本发明具有以下技术效果：The present invention is a safe authentication scheme in theory, which can better protect several potential safety hazards and privacy problems existing in the radio frequency identification system, and has been successfully implemented in practice, especially for the use of passive tags. RFID system, this authentication method has more obvious advantages. Specifically, the present invention has the following technical effects:

(1)防止地点隐私泄露：即防止攻击方根据标签上所携带的特定信息而得到标签使用者的某些私人信息或者跟踪标签。即使攻击方每次带相同的R询问标签，由于步骤(2)中存在随机数掩码的过程，使标签每次的响应是不同的，能够保障地点隐私，防止跟踪；而且每次通过认证后，k1的更新也能防止地点隐私泄露。(1) Prevent location privacy leakage: prevent the attacker from obtaining some private information of the tag user or tracking the tag based on the specific information carried on the tag. Even if the attacker brings the same R query tag each time, due to the process of random number masking in step (2), the response of the tag is different each time, which can protect the privacy of the location and prevent tracking; and after passing the authentication each time , the update of k1 can also prevent location privacy leakage.

(2)防止标签信息被窃取：即没有通过认证的读卡器(非法读卡器)是不能获得电子标签内部存储的有效信息的。(2) Prevent the tag information from being stolen: that is, the card reader (illegal card reader) that has not passed the authentication cannot obtain the valid information stored in the electronic tag.

(3)防止伪造标签：即没有通过认证的电子标签(非法标签)，读卡器是不会读取其内部存储的信息的。(3) Prevention of counterfeit labels: that is, electronic labels (illegal labels) that have not passed the certification, the card reader will not read the information stored in it.

(4)防止中间人攻击：即利用电子标签的认证信息来攻击读卡器或者利用读卡器的认证信息来攻击电子标签。由于每次交互认证完成后，读卡器和电子标签之间都会更新密钥，攻击方监听得到的认证信息不再有效。即使攻击方监听了多次认证过程，获得多组数据，但由于每次传送与密钥k1，k2相关的信息时，都经过了散列运算，攻击方很难分析出k1，k2。(4) Prevent man-in-the-middle attacks: use the authentication information of the electronic tag to attack the card reader or use the authentication information of the card reader to attack the electronic tag. Since the key is updated between the card reader and the electronic tag after each mutual authentication is completed, the authentication information obtained by the attacker is no longer valid. Even if the attacker monitors multiple authentication processes and obtains multiple sets of data, it is difficult for the attacker to analyze k1 and k2 because the information related to keys k1 and k2 is hashed every time.

(5)此安全认证方法的电路实现成本低、功耗小，能够满足标签芯片的低成本、低功耗的需求。(5) The circuit implementation cost of this security authentication method is low, and the power consumption is small, which can meet the requirements of low cost and low power consumption of the tag chip.

附图说明Description of drawings

图1为发明内容示意图。Fig. 1 is a schematic diagram of the content of the invention.

图2为射频识别系统示意图。Figure 2 is a schematic diagram of the radio frequency identification system.

图3为本发明实例的认证过程示意图。Fig. 3 is a schematic diagram of the authentication process of the example of the present invention.

具体实施方式Detailed ways

如图2所示，一个基本的射频识别系统由三部分组成：电子标签102、读卡器101和天线103、104。读卡器101和电子标签102之间通过天线103、104来传输信号，而读卡器101端，因为设计需要来决定是否与以数据处理终端105相连。电子标签102由耦合元件及芯片组成，每个标签具有唯一的电子编码，附着在物体上标识目标对象。读卡器101是读取(或写入)标签信息的设备，可设计为手持式或固定式。天线103、104是用来在标签和读卡器间传递射频信号。读卡器101可以被设计为手持式或固定式，其中，手持式的读卡器应具有相应的存储功能和数据运算功能，以确保能顺利的完成认证功能，而固定式的读卡器则可与终端PC相连，存储功能和数据运算功能可由终端承担。电子标签也被设计成具有相应运算和控制功能。读卡器或者终端存有所有合法电子标签的唯一标识符UID(C)和相应的认证密钥(k1，k2)。电子标签内部的存储器空间被划分为三部分，分别用来存储唯一标识符UID(C)，认证密钥(k1，k2)和用户信息。As shown in FIG. 2 , a basic radio frequency identification system consists of three parts: anelectronic tag 102 , acard reader 101 andantennas 103 and 104 . Signals are transmitted between thecard reader 101 and theelectronic tag 102 through theantennas 103 and 104 , and thecard reader 101 end is determined whether to be connected to thedata processing terminal 105 due to design requirements. Theelectronic tag 102 is composed of a coupling element and a chip, each tag has a unique electronic code, and is attached to an object to identify a target object. Thecard reader 101 is a device for reading (or writing) tag information, and can be designed as a hand-held or fixed type. Theantennas 103 and 104 are used to transmit radio frequency signals between the tag and the card reader. Thecard reader 101 can be designed as hand-held or fixed, wherein the hand-held card reader should have corresponding storage functions and data calculation functions to ensure that the authentication function can be successfully completed, while the fixed card reader can It can be connected with the terminal PC, and the storage function and data calculation function can be undertaken by the terminal. Electronic tags are also designed to have corresponding computing and control functions. The card reader or terminal stores the unique identifier UID (C) of all legal electronic tags and the corresponding authentication keys (k1, k2). The internal memory space of the electronic tag is divided into three parts, which are used to store the unique identifier UID (C), authentication keys (k1, k2) and user information respectively.

在认证过程中，伪标签攻击方因为不知道合法的c和k1，计算不出正确的认证码，无法冒充成合法标签。对于标签的攻击，因为k2的存在，也可以避免。而且，标签每次的响应经过了随机数P的掩码以及k1的更新，地点隐私得到了较好的保护。同时，散列函数的使用，也使攻击方企图分析数据以获得密钥变成不可能。During the authentication process, the pseudo-label attacker cannot calculate the correct authentication code because he does not know the legal c and k1, and cannot pretend to be a legal label. For label attacks, because of the existence of k2, it can also be avoided. Moreover, each response of the tag is masked by the random number P and updated by k1, and the privacy of the location is better protected. At the same time, the use of the hash function also makes it impossible for the attacker to analyze the data to obtain the key.

下面举例对本发明方法作进一步详细的说明。The method of the present invention is described in further detail below with examples.

实例：Example:

结合图3来说明本认证方式的具体实施方式：手持式设备中读卡器具备存储功能和数据运算功能，而固定式设备可将读卡器101与终端PC105相连。在本例中，读卡器设定为固定式设备，认证过程如下：The specific implementation of this authentication method is described with reference to FIG. 3 : the card reader in the handheld device has storage function and data calculation function, and thecard reader 101 can be connected with the terminal PC105 in the fixed device. In this example, the card reader is set as a fixed device, and the authentication process is as follows:

(1)首先，读卡器发送带伪随机数R的询问指令。(1) First, the card reader sends an inquiry command with a pseudo-random number R.

(2)电子标签接收到询问指令后，从标签芯片内部EEPROM中读取密钥k1，进行运算S1＝hash(R，k1)，并返回M＝f(s1‖c，p)。其中f＝(x，p)表示将x用随机数p进行掩码，符号“‖”表示位串。(2) After the electronic tag receives the query command, it reads the key k1 from the EEPROM inside the tag chip, performs the operation S1=hash(R, k1), and returns M=f(s1∥c,p). Where f=(x, p) means to mask x with a random number p, and the symbol "∥" means a bit string.

(3)读卡器通过防冲突机制正确识别到电子标签响应的信息M后，将M和随机数R一起传送给终端PC。(3) After the card reader correctly recognizes the information M of the electronic tag response through the anti-collision mechanism, it transmits M and the random number R to the terminal PC together.

(4)终端对响应M进行判断，即认证电子标签。认证过程为：首先运行f^-1(s1‖c，p)，得到响应电子标签的UID信息、C，然后根据C从存储的信息中取得相应的k1，计算S2＝hash(R，k1)，判断S2是否等于S1。不等，则认为标签是伪标签，终止通信；相等，则认为标签合法，继续下一步操作。(4) The terminal judges the response M, that is, authenticates the electronic tag. The authentication process is as follows: first run f^-1 (s1∥c, p) to obtain the UID information and C of the response electronic tag, and then obtain the corresponding k1 from the stored information according to C, and calculate S2=hash(R, k1), Determine whether S2 is equal to S1. If they are not equal, the label is considered to be a pseudo-label, and the communication is terminated; if they are equal, the label is considered legal, and the next operation is continued.

(5)如果电子标签为合法电子标签，终端从数据库取出另一密钥k2，运算N1＝hash(k2，c)，并发送给读卡器。(5) If the electronic tag is a valid electronic tag, the terminal fetches another key k2 from the database, calculates N1=hash(k2, c), and sends it to the card reader.

(6)读卡器将N1传送给电子标签。(6) The card reader transmits N1 to the electronic tag.

(7)电子标签正确接收到N1后，从电子标签芯片内部EEPROM中读取另一密钥k2，然后进行运算N2＝hash(k2，c)，再比较N2与N1。相等，则通过认证，此时，交互认证完成，读卡器可以对电子标签进行一系列需要的操作。不等，则认证失败，电子标签不会对读卡器的其他指令进行响应。(7) After the electronic tag receives N1 correctly, it reads another key k2 from the EEPROM inside the electronic tag chip, and then performs the operation N2=hash(k2, c), and then compares N2 and N1. If they are equal, the authentication is passed. At this time, the interactive authentication is completed, and the card reader can perform a series of required operations on the electronic tag. If not, the authentication will fail, and the electronic tag will not respond to other commands of the card reader.

(8)在完成认证后，读卡器和标签双方以相同的方式更新密钥k1，k2。(8) After completing the authentication, both the card reader and the tag update the keys k1 and k2 in the same way.

本实例步骤(2)和步骤(5)均采用相同的散列函数如安全hash算法(SHA)或者hash算法MD5等进行散列运算，这样对于标签的低成本实现更具意义。In this example, steps (2) and (5) both use the same hash function such as secure hash algorithm (SHA) or hash algorithm MD5 to perform hash operations, which is more meaningful for low-cost implementation of tags.

Claims (2)

1. the safety certifying method in the radio-frequency recognition system, its step comprises:

(1) card reader sends the inquiry instruction of band pseudo random number R to electronic tag;

(2) after electronic tag receives the inquiry instruction, from the inner EEPROM of electronic label chip, read key k1, key k1 and pseudo random number R are carried out hash operations, S1 as a result and unique identifier C after encrypting are carried out mask with random number p, the data M that mask is obtained sends card reader to again;

(3) after card reader is correctly discerned data M behind the above-mentioned mask, send data M and pseudo random number R to terminal together;

(4) terminal is judged by following step data M and pseudo random number R:

(4.1) remove mask in the data M, obtain S1 as a result and unique identifier C after the hash operations;

(4.2) from the canned data of terminal, obtain corresponding key k1 according to unique identifier C;

(4.3) key k1 is carried out hash operations with pseudo random number R according to algorithm identical in the step (2), obtain data S2;

(4.4) data S2 and S1 are compared,, think that then label is legal, otherwise think that label is pseudo-label, stop communication if equate;

(5) if label is legal electronic tag, terminal is taken out another key k2 from database, and key k2 and unique identifier C are carried out hash operations, obtains data N1, and sends to card reader;

(6) card reader sends data N1 to electronic tag;

(7) after electronic tag receives data N1, from the inner EEPROM of electronic label chip, read another key k2, according to the identical algorithm of step (5) key k2 and unique identifier C are carried out hash operations then, obtain data N2; Comparing data N1 and N2 if equate, then pass through authentication again, and interactive authentication is finished; Otherwise authentification failure, electronic tag do not respond other instructions of this card reader;

(8) after finishing authentication, card reader and label both sides are new key k1 more in an identical manner, k2.

2. method according to claim 1 is characterized in that: step (5) adopts identical hash function to carry out hash operations with step (2).

Images