Cryptographic Hash Function (CHF)
Cryptographic hash function (CHF) is an equation used to verify the validity of data. Cryptographic hash functions are also used to secure transactions on the blockchain. These mathematical functions take an input and produce a fixed-length output unique to that input. [1][2]
Overview
Cryptography is the science and technique of securing information and communications to guarantee that only those for whom the information is intended can understand and process it. Hashing is the process through which plaintext data of any length is mapped into a unique ciphertext of fixed length known as a hash. A function that does hashing is a hash function.[1] [9]
A Hash Function is a function that converts a given numeric or alphanumeric key to a small practical integer value. The mapped integer value is used as an index in the hash table. In simple terms, a hash function maps a significant number or string to a small integer that can be used as the index in the hash table. The pair is of the form (key, value), where for a given key, one can find a value using some kind of a “function” that maps keys to values. The key for a given object can be calculated using a function called a hash function.[6]
All cryptographic hash functions are hash functions but not every hash function is a cryptographic hash function.[3][4]
A Cryptographic Hash Function (CHF) is a single direction work, making it extraordinarily difficult to reverse in order to recreate the information used to make it.[1]
Each block on the blockchain contains the previous block's hash, creating a nearly impossible chain to modify and a sound CHF should also be able to withstand to all known forms attacks on the hashing equation itself but also would withstand side-channel attacks, meaning assaults not on the equation itself but on how these equations are implemented.
The primary application of cryptographic hash functions is in ensuring data integrity. By generating a unique hash value for a piece of data, any tampering or changes to that data can be easily detected. This is particularly important in digital signatures, where a hash value is generated for a document or message, and then encrypted with the sender's private key. The recipient can then decrypt the signature using the sender's public key and verify the authenticity of the message.[8]
Cryptographic hash algorithms
Cryptographic hash functions (CHFs) are broadly classified into two classes. Unkeyed hash functions also known as Manipulation Detection Code (MDC) or Message Authentication Code (MAC) with single a parameter — an input message , and keyed hash functions with two distinct inputs — an input message and a secret key. Generally, the term hash functions refer to unkeyed hash functions.
The following are examples of cryptographic hash algorithms.
SHA (Secure Hash Algorithm) family
Published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS) . This family designates six different hash functions: SHA-0, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. The first four operate on 512-bit message blocks divided into 32-bit words and the last two on 1024-bit blocks divided into 64-bit words. Bitcoin, the original and largest cryptocurrency uses the SHA-256 hash function.[3][5]
SHA-256 it’s a NIST’s (National Institute of Standards and Technology) recommended and officially approved standard algorithm. Thanks to the possibility of verifying the content of data without showing it, it’s also used by many governments and public-sector agencies worldwide, including the U.S. and Australia.[4]
The MD (Message Digest) family
MD Comprises of MD2, MD4, MD5 and MD6 authored by Ronald Rivest for RSA security and was adopted as the Internet Standard RFC 1321 .[3]
RIPEMD (RACE Integrity Primitives Evaluation Message Digest)
A family of cryptographic hash functions based upon the design principles used in MD4 developed by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel at the COSIC research group at the Katholieke Universiteit Leuven. RIPEMD-160 produces a hash digest of 160 bits (20 bytes).[3]
Whirlpool
Designed by Vincent Rijmen and Paulo S. L. M. Barreto, this hash function is based on a substantially modified version of the Advanced Encryption Standard (AES). Whirlpool produces a hash digest of 512 bits (64 bytes).[3]
BLAKE
A hash function submitted to the NIST hash function competition by Jean-Philippe Aumasson, Luca Henzen, Willi Meier, and Raphael C.-W. Phan. It is based on Dan Bernstein’s ChaCha stream cipher, but a permuted copy of the input block, XORed with round constants, is added before each ChaCha round.[3]
Curl-P
A hash function formerly used in IOTA Signature Scheme (ISS). IOTA is a cryptocurrency designed for use with the Internet of Things (IoT) and automotive ecosystems. ISS is based on Winternitz One-Time Signatures but unlike traditional Winternitz, in IOTA users sign the hash of a message. Thus, the security of ISS relies on its cryptographic hash function, which was Curl-P-27.[3]
Use cases of CHF
Password Verification
When a user inputs their password, it is hashed, and the result is compared to the list of hashed values stored on the company's servers. However, this is not a fool-proof practice. Hackers have created databases of common passwords and their hashes, called rainbow tables, which make it easier for them to get into accounts.[7]
Signature Generation and Verification
Verifying signatures is a mathematical process used to verify the authenticity of digital documents or messages. A valid digital signature, where the prerequisites are satisfied, gives its receiver strong proof that a known sender created the message and that it was not altered in transit. A digital signature scheme typically consists of three algorithms: a key generation algorithm; a signing algorithm that, given a message and a private key, produces a signature; and a signature verifying algorithm.[7]
Verifying File and Message Integrity
Hashes can ensure messages and files transmitted from sender to receiver are not tampered with during transit. The practice builds a "chain of trust." For example, a user might publish a hashed version of their data and the key so that recipients can compare the hash value they compute to the published value to make sure they align.[7]