Cryptographic Hash Functions : Applications of Cryptographic Hash Functions, Two Simple

Hash Functions, Requirements and Security Hash Functions Based on Cipher Block
Chaining, Secure Hash Algorithm (SHA), SHA-3.

Digital Signatures:
ElGamal Digital Signature Scheme, Schnorr Digital Signature, NIST Digital Signature
Algorithm.

Cryptographic Hash Functions:

 A hash function H accepts a variable-length block of data M as input and produces a

fixed-size hash value h = H(M).
 To preserve the integrity of the message, the message is passed through an
algorithm called a Cryptographic hash function. The function creates a compressed
image of the message that can be used like a fingerprint.


 A “good” hash function has the property that the results of applying the function to a
large set of inputs will produce outputs that are evenly distributed and apparently
random. In general terms, the principal object of a hash function is data integrity. A
change to any bit or bits in M results, with high
 probability, in a change to the hash value.
 The kind of hash function needed for security applications is referred to as a
cryptographic hash

function.

 A cryptographic hash function is an algorithm for which it is computationally

infeasible (because noattack is significantly more efficient than brute force) to find
either
 a data object that maps to a pre-specified hash result (the one-way property) or
 two data objects that map to the same hash result (the collision-free property).
 Because of these characteristics, hash functions are often used to determine
whether or not data has changed.

Working of Cryptography Hash Function

 Input Processing: Cryptographic hash functions process an input of any length—

whether text, file, or data stream—and subject it to a sequence of mathematical
operations. The input can range from several bytes to gigabytes of information.
 Fixed-Size Output Generation: No matter what the length of the input, the function
generates a fixed-size hash value, normally in the form of a hexadecimal string. This
uniform output size provides equality regardless of the inputs.
 Deterministic Operation: The hash function consistently computes the same hash for
the same input. Such a property enables uncompromising data authentication, as
any alteration in the input leads to a totally unique hash.
 Avalanche Effect: A minor alteration in the input, even the flipping of one bit,
significantly alters the resultant hash. The sensitivity ensures that collisions among
hashes (two inputs having the same hash) are highly unlikely.
 One-Way Computation: The algorithm is made irreversible in the sense that it is
computationally impossible to recover the original input from its hash value. This
one-way feature protects sensitive information such as passwords and digital
signatures.
 Collision Resistance: Hash functions used in cryptography are designed to minimize
the probability of two distinct inputs generating the same hash value, upholding the
integrity and trustworthiness of verification processes.

Properties of Cryptographic Hash Functions

 Deterministic: The same input always generates the exact same hash output,
ensuring consistent and reliable verification of data.
 Fast Computation: Cryptographic hash functions are designed to process inputs
quickly and efficiently, making them practical for handling large datasets and real-
time applications.
 Pre-image Resistance: It is computationally infeasible to reverse-engineer or retrieve
the original input data from its hash value, protecting sensitive information from
exposure.
 Second Pre-image Resistance: Given an input and its hash, it is extremely difficult to
find a different input that produces the same hash, preventing impersonation or
forgery.
 Collision Resistance: The function minimizes the chance that two distinct inputs will
produce identical hash values, ensuring unique data fingerprints for security and
integrity.
 Avalanche Effect: Even a tiny change in the input, such as flipping a single bit, causes
a significant and unpredictable change in the hash output, enhancing the function’s
sensitivity to data modifications.
Applications
 Data Integrity Verification: Comparing hash values of data before and after
transmission or storage reveals any unauthorized modifications.
 Password Storage: Storing password hashes instead of plain text protects passwords
even if the database is compromised.
 Digital Signatures: Hash functions create message digests for signing and verifying
digital documents.
 Message Authentication Codes (MACs): MACs combine hash functions and secret
keys to ensure message integrity and authenticity.
  Blockchain Technology: Hash functions are essential for linking blocks and ensuring
the immutability of blockchain records.

 Digital Forensics: Hash functions detect changes or tampering with digital evidence

Two simple hash functions

While not typically used in cryptography, understanding simple hash functions helps
grasp the concept. Two examples include:

1. Parity Bit: A single bit added to a block of data to detect single-bit errors. It only
detects if an odd number of bits have changed, failing if two bits flip.

2. Checksum: A sum of all data bits, used as a basic integrity check. However,
checksums are not robust against malicious manipulation.

Requirements and security

Cryptographic hash functions require specific properties for security and reliability:

 Deterministic: Same input always produces the same hash.

 Efficiency: Hash computation should be fast.

 Pre-image Resistance: Computationally infeasible to reverse a hash to find the

original input.

 Second Pre-image Resistance: Difficult to find a different input with the same hash
as a given input.

 Collision Resistance: Extremely difficult to find two distinct inputs that produce the
same hash.

 Avalanche Effect: Small input changes result in drastically different hash outputs.

Hash functions based on cipher block chaining (e.g., Davies-Meyer)

These functions use block ciphers in an iterative manner to generate hash values. The input
message is divided into blocks, and each block is combined with the previous chaining
variable using the block cipher and a compression function. The final chaining variable is the
hash value.

The Davies-Meyer construction is a common example, where the compression function

encrypts the chaining value with a message block as a key.

 Secure Hash Algorithm (SHA) and SHA-3

The Secure Hash Algorithm (SHA) is a family of cryptographic hash functions designed to
maintain data integrity and security. These algorithms convert data of arbitrary length into
a fixed-size string, known as a message digest or hash value. SHA functions are designed as
one-way functions, meaning it is computationally infeasible to reverse the process and
derive the original input data from its hash value.

Key characteristics and versions of SHA include:

 One-Way Function:

SHA algorithms are designed so that it is virtually impossible to reconstruct the

original data from its hash.

 Collision Resistance:

It is computationally infeasible to find two different inputs that produce the same
hash value.

 Deterministic:

The same input will always produce the same hash output.

 Sensitivity to Input Changes:

Even a minor change in the input data results in a significantly different hash value.

Versions of SHA:

 SHA-0:

The original version, published in 1993, but later found to have weaknesses.

 SHA-1:

A revision of SHA-0, producing a 160-bit hash. While widely used in the past, it is now
considered insecure due to identified vulnerabilities and is being phased out.

 SHA-2:

A family of algorithms including SHA-224, SHA-256, SHA-384, and SHA-512, which

produce hash values of varying lengths. SHA-256 and SHA-512 are commonly used
today.
 SHA-3 (Keccak):

The latest generation of SHA algorithms, selected by NIST in 2012 after a five-year
competition. SHA-3 offers a different internal structure compared to SHA-1 and SHA-
2, providing an alternative and potentially more secure option.

How SHA-1 Works

The block diagram of the SHA-1 (Secure Hash Algorithm 1) algorithm. Here’s a
detailed description of each component and process in the diagram:

 Components and Process Flow:

1. Message (M):

 The original input message that needs to be hashed.

2. Message Padding:

 The initial step where the message is padded to ensure its length is congruent
to 448 modulo 512. This step prepares the message for processing in 512-bit
blocks.

3. Round Word Computation (WtW_tWt):

 After padding, the message is divided into blocks of 512 bits, and each block
is further divided into 16 words of 32 bits. These words are then expanded
into 80 32-bit words, which are used in the subsequent rounds.

4. Round Initialize (A, B, C, D, and E):

 Initialization of five working variables (A, B, C, D, and E) with specific constant

values. These variables are used to compute the hash value iteratively.

5. Round Constants (KtK_tKt):

 SHA-1 uses four constant values (K1K_1K1, K2K_2K2, K3K_3K3, K4K_4K4),

each applied in a specific range of rounds:

o K1K_1K1 for rounds 0-19

o K2K_2K2 for rounds 20-39

o K3K_3K3 for rounds 40-59

o K4K_4K4 for rounds 60-79

6. Rounds (0-79):

 The main computation loop of SHA-1, divided into four stages (each
corresponding to one of the constants K1K_1K1 to K4K_4K4). In each round, a
 combination of logical functions and operations is performed on the working
variables (A, B, C, D, and E) using the words generated in the previous step.

7. Final Round Addition:

 After all 80 rounds, the resulting values of A, B, C, D, and E are added to the
original hash values to produce the final hash.

8. MPX (Multiplexing):

 Combines the results from the final round addition to form the final message
digest.

 Digital Signatures: Used to verify the authenticity and integrity of digital documents.

 Password Hashing: Storing hash values of passwords instead of the passwords

themselves to enhance security.

 SSL/TLS Certificates: Ensuring secure communication channels between clients and

servers on the internet.

 Data Integrity: Detecting any unauthorized modifications to data by comparing hash

values.

 Digital signatures

Digital signatures use public-key cryptography to verify the authenticity and integrity of
digital documents and messages.

A digital signature is a mathematical technique used to validate the authenticity and

integrity of a message, software, or digital document.

Key Generation Algorithms: Digital signatures are electronic signatures, which assure that
the message was sent by a particular sender. While performing digital transactions
authenticity and integrity should be assured, otherwise, the data can be altered or someone
can also act as if he were the sender and expect a reply.

 Signing Algorithms: To create a digital signature, signing algorithms like email

programs create a one-way hash of the electronic data which is to be signed. The
signing algorithm then encrypts the hash value using the private key (signature key).
This encrypted hash along with other information like the hashing algorithm is the
digital signature. This digital signature is appended with the data and sent to the
verifier. The reason for encrypting the hash instead of the entire message or
document is that a hash function converts any arbitrary input into a much shorter
fixed-length value. This saves time as now instead of signing a long message a shorter
hash value has to be signed and hashing is much faster than signing.

 Signature Verification Algorithms: The Verifier receives a Digital Signature along with
the data. It then uses a Verification algorithm to process the digital signature and the
 public key (verification key) and generates some value. It also applies the same hash
function on the received data and generates a hash value. If they both are equal,
then the digital signature is valid else it is invalid.

How Digital Signature Works

The steps followed in creating a digital signature are:

1. Message digest is computed by applying the hash function on the message and then
message digest is encrypted using the private key of the sender to form the digital
signature. (digital signature = encryption (private key of sender, message digest) and
message digest = message digest algorithm (message)).

2. A digital signature is then transmitted with the message. (message + digital signature
is transmitted)

3. The receiver decrypts the digital signature using the public key of the sender. (This
assures authenticity, as only the sender has his private key so only the sender can
encrypt using his private key which can thus be decrypted by the sender’s public
key).

4. The receiver now has the message digest.

5. The receiver can compute the message digest from the message (actual message is
sent with the digital signature).

6. The message digest computed by receiver and the message digest (got by decryption
on digital signature) need to be same for ensuring integrity.

Message digest is computed using one-way hash function, i.e. a hash function in which
computation of hash value of a message is easy but computation of the message from hash
value of the message is very difficult.

Digital Signature vs. Electronic Signature

A digital signature is a specific type of electronic signature that uses cryptographic

techniques such as public and private key pairs to verify the authenticity and integrity of a
message or document. On the other hand, an electronic signature is a broader term
including any electronic method that signifies agreement such as typing a name, clicking a
button or scanning a handwritten signature. While it may not offer the same level of security
or authentication as a digital signature, it is commonly used for non-sensitive transactions
and agreements.

Assurances About Digital Signatures

The definitions and words that follow illustrate the kind of assurances that digital signatures
offer.

 Authenticity: The identity of the signer is verified.

 Integration: Since the content was digitally signed, it hasn't been altered or
interfered with.

 Non-repudiation: demonstrates the source of the signed content to all parties. The
act of a signer denying any affiliation with the signed material is known as
repudiation.

 Notarization: Under some conditions, a signature in a Microsoft Word, Microsoft

Excel, or Microsoft PowerPoint document that has been time-stamped by a secure
time-stamp server is equivalent to a notarization.

Benefits of Digital Signatures

 Legal documents and contracts: Digital signatures are legally binding. This makes
them ideal for any legal document that requires a signature authenticated by one or
more parties and guarantees that the record has not been altered.

 Sales contracts: Digital signing of contracts and sales contracts authenticates the
identity of the seller and the buyer, and both parties can be sure that the signatures
are legally binding and that the terms of the agreement have not been changed.

 Financial Documents: Finance departments digitally sign invoices so customers can

trust that the payment request is from the right seller, not from a attacker trying to
trick the buyer into sending payments to a fraudulent account.

 Health Data: In the healthcare industry, privacy is paramount for both patient
records and research data. Digital signatures ensure that this confidential information
was not modified when it was transmitted between the consenting parties.

Drawbacks of Digital Signature

 Dependency on technology: Because digital signatures rely on technology, they are

susceptible to crimes, including hacking. As a result, businesses that use digital
signatures must make sure their systems are safe and have the most recent security
patches and upgrades installed.
  Complexity: Setting up and using digital signatures can be challenging, especially for
those who are unfamiliar with the technology. This may result in blunders and errors
that reduce the system's efficacy. The process of issuing digital signatures to senior
citizens can occasionally be challenging.

 Limited acceptance: Digital signatures take time to replace manual ones since
technology is not widely available in India, a developing nation.

 ElGamal Digital Signature Scheme

Based on the difficulty of discrete logarithms, this scheme involves generating a signature
using a private key and verifying it using the corresponding public key. The signature is a pair
of values calculated using the hash of the message and other parameters. While historically
significant, it's not as widely used today due to longer signature lengths compared to newer
schemes.

tion, integrity, and non-repudiation for digital messages. It generates a digital signature,
consisting of two numbers, that is then verified by the sender's public key to confirm the
message's originality. The security of the ElGamal scheme relies on the computational
difficulty of the discrete logarithm problem, and it serves as a foundation for other digital
signature schemes like the Digital Signature Algorithm (DSA).

Key Components

 Prime Modulus (q) and Primitive Root (alpha/g):

The scheme operates within a modular arithmetic system, starting with a large prime
number q and a primitive root alpha (or g) of q.

 Private Key (XA):

A randomly generated integer XA (1 ≤ XA < q-1) that is kept secret by the user.

 Public Key (YA):

Computed as YA = α^XA mod q, it is shared with others for signature verification.

Signature Generation (Sender's Side)

1. Hashing the Message: The sender computes a cryptographic hash H(m) of the
message m.

2. Choosing a Random k: A random integer k is chosen such that 1 ≤ k < q-1 and gcd(k,
q-1) = 1. This condition ensures that the multiplicative inverse of k can be found
modulo q-1.

3. Calculating S1: S1 is calculated as α^k mod q.

4. Calculating S2: S2 is calculated as (H(m) - XA * S1) * k⁻¹ mod (q-1), where k⁻¹ is the
modular multiplicative inverse of k.

5. Forming the Signature: The digital signature is the pair (S1, S2).

Signature Verification (Receiver's Side)

1. Computing V1 and V2: The receiver computes V1 = α^H(m) mod q

and V2 = YA^S1 * S1^S2 mod q.

2. Comparing V1 and V2: If V1 equals V2, the signature is valid.

 Schnorr Digital Signature

This scheme is known for its simplicity and efficiency, relying on the hardness of the discrete
logarithm problem. It generates concise signatures and has applications in various
cryptographic protocols and is considered to be six times faster than the ElGamal scheme.

 Schnorr signature is a digital signature produced by the Schnorr signature algorithm

that was described by Claus Schnorr.
 It is a digital signature scheme known for its simplicity, is efficient and generates
short signatures. It is one of the protocols used to implement "Proof Of Knowledge".
 In cryptography, a proof of knowledge is an interactive proof in which the prover
succeeds in 'convincing' a verifier that the prover knows something 'X'.
 For a machine to know 'X' is defined in terms of computation. A machine knows 'X' if
this 'X' can be computed. The Verifier either accepts or rejects the proof. The
signature proof is supposed to convince the Verifier that they are communicating
with a user who knows the private key corresponding to the public key. In other
words, the Verifier should be convinced that they are communicating with the Prover
without knowing the private key.

Schnorr Digital Signature to implement Zero Knowledge Proof : Let's take an example of
two friends Sachin and Sanchita. Sanchita has announced to the world that she has a public
key and can accept and receive information through it. Sachin thinks that Sanchita is lying.
Sanchita wants to prove her honesty without showing her private keys.
Consider the following parameters:

p, q, a, s, v, r, x, y

where,

"p" is any prime number

"q" is factor of p-1

“a” such that a^q = 1 mod p

"s" is the secret key or the private key (0<s<q).

"v" is the public key = a^-s mod q.

The public key “v” will be global and public knowledge along with p, q and a. However only
Sanchita will have the knowledge of the private key "s". Now Sanchita signs wants to sends
an encrypted message "M". She will follow the following steps to use Schnorr's signature:-

1. She will first choose a random number “r” such that 0<r<q.

2. She will now compute a value X such that: X= a^r mod p.

3. Now that she has computed the value of X, she is going concatenate this with the
original message (same as string concatenation). So, she is going to concatenate M
and X to get M||X. and she is going to store the hash of this value in e.

4. e = H(M||X) where H() is the hash function

y = (r + s*e) mod q

Now that all the computations are over, she is going to send the following to Sachin.

1. The message “M”.

2. The signatures e and y.

Along with this, Sachin has the following public piece of information:-

1. Sanchita's public key “v”.

2. The prime number that Sanchita choose “p”.

3. “q” which is the factor of “p-1” which Sanchita choose.

4. “a” such that a^q = 1 mod p, chosen by Sanchita.

Now, Sachin will have to compute X’ such that:

X’ = a^y * v^e mod p

We know that v = a^-s, let’s substitute that in the equation above and we get:
X’ = a^y * a^-se = a ^ (y-s*e)

Now we also know that,

y = r + s*e

Which means:

r = y-s*e

Let’s substitute this value in the equation above:

We get: X’ = a^r

As we have already seen above:

X= a^r

So technically:

X = X’

But Sachin doesn’t know the value of “X” because he never received that value. All that he
received are the following: The message M, the signatures (e and y) and the host of public
variables (public key “v”, p, q, and a). So he is going to solve for e by doing the following:

e = H ( M||X’)

Note that earlier we solved for e by doing:

H(M||X))

So, by that logic, if the two values of e come up to be the same then that means

X = X’

This follows all three Properties of Zero Knowledge Proof :

1. Completeness - Sachin was convinced of Sanchita's honesty because at the end X =

X’.

2. Soundness - The plan was sound because Sanchita only had one way to prove her
honesty and that was through her private key.

3. Zero Knowledge - Sachin never got to know about Sanchita's private key.

 NIST Digital Signature Algorithm (DSA)

DSA is a standard for digital signatures, using a public-key approach. It ensures the
authenticity and integrity of messages but does not provide confidentiality. DSA relies on the
computational difficulty of solving the discrete logarithm problem. The NIST standard has
evolved to recommend using stronger hash functions like SHA-256 and SHA-3 with DSA. It
offers advantages like strong authentication, integrity, and non-repudiation