Download - Hash functions
![Page 1: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/1.jpg)
Hash FunctionsCS4501, Fall 2015
David Evans and Samee ZahurUniversity of Virginia
![Page 2: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/2.jpg)
Hash("I, Alice, hereby pay Bob an amount of 23 mBTC")
= 7abc39d0 2e0194bc d7e93192 bcdfe412
![Page 3: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/3.jpg)
Hash Functions in Signatures
= Signature algorithms require a fixed-size !
![Page 4: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/4.jpg)
Hash Functions in Signatures
= Signature algorithms can use a fixed-size
![Page 5: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/5.jpg)
Verifying Hashed Signatures
1. Compute 2. Run 3. Accept if passed
![Page 6: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/6.jpg)
Cannot have collisions!
![Page 7: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/7.jpg)
Hash("I, Alice, hereby pay Bob an amount of 23 mBTC")
= 7abc39d0 2e0194bc d7e93192 bcdfe412
![Page 8: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/8.jpg)
Arbitrary Strings
Fixed-size numbers
Infinitely large set
Collisions Unavoidable
Finite set
![Page 9: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/9.jpg)
Cannot have collisions!find
![Page 10: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/10.jpg)
Common Hash Properties1. Collision resistance
“It is hard to find any two , such that”2. Second preimage resistance
“For given , it is hard to find such that ”3. Preimage resistance (such functions are also called one-way)
“For a given , it is hard to find any such that ”
1 2 3⇒ ⇒
![Page 11: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/11.jpg)
Recap• Signing algorithms work on small inputs• We hash strings before signing them• We need collision-resistant hashes
![Page 12: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/12.jpg)
The Birthday Problem
![Page 13: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/13.jpg)
Find smallest number of people such that
Ways to pair 4 people
Ways to pair people
![Page 14: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/14.jpg)
How many common pairs?
Using : =
![Page 15: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/15.jpg)
I wish a year had more days …If we select items out of ,
number of repeats expected
We expect first repeat in trials
![Page 16: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/16.jpg)
I was born on 0x8ca8294be…H(some input) looks like random -bitsHow many trials before we find collision?
-bit hashes have possible outputs. On the order of trials.
![Page 17: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/17.jpg)
Real-life hash functionsName Output
Length (bits)Security status
MD5 128 Collisions foundSHA1 160 Can be broken in iterationsSHA2→ SHA-256
224-512→ 256
No known attacks
SHA3 224-512 No known attacks
Bitcoin typically uses SHA-256(SHA-256(transaction))
![Page 18: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/18.jpg)
Hash-function life cycle
New function
proposed
Security evaluated
Function standardized
Theoretical attacks
proposed
Attacks improved and are practical
![Page 19: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/19.jpg)
“Typical” timelinesMD5• First proposed: 1991• Published: 1992• First signs of trouble: 1996• Not collision resistant: 2004• Chosen-prefix collision: by 2007
SHA3• Competition started: 2007• Submission deadline: 2008• Elimination rounds: 2008-2010• 5 finalists announced: 2010• Kekkak algorithm selected as
winner: 2012
![Page 20: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/20.jpg)
Digital signatures
Jason Benjamin
Bitcoin transaction ID
Deduplication
Password storage
![Page 21: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/21.jpg)
Password Databases
Username Password
Jack.Clough 12password
Betty.Smith 8c2odkw
Username “Salt” Scrypt(password+salt)
Jack.Clough 150FE5Btiq… PaR6mPwHBj…
Betty.Smith t1Y1B67ulN… QrUaLRqFvc…
Insecure Better
![Page 22: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/22.jpg)
Partial verificationA block is a group of transactions in the Bitcoin ledger.Straightforward way:
Verification requires me to inspect all 1000 transactions in the block.
![Page 23: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/23.jpg)
Merkle Treeroot = 0x220c04634a…
p = H(a+b) = 0x2626113d5b…
q = H(c+d) = 0x305e321c3e…
H(T1) = a = 0x1763023d40…
H(T2) = a = 0x1c1c3a3831…
H(T3) = a = 0x2955461d31…
H(T4) = a = 0x160b445b5e…
![Page 24: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/24.jpg)
Recap• Hash functions used in lots of places:• Signatures• Unique global IDs: bitcoin transaction, Dropbox files• Password databases• File downloads
• Birthday attacks: hashes with -bit output can be expected to collide in iterations• Weak hashes can be broken faster: don’t use MD5, avoid SHA-1• Merkle trees enable partial verification
![Page 25: Hash functions](https://reader036.vdocuments.net/reader036/viewer/2022062822/587d525e1a28abee158b4df1/html5/thumbnails/25.jpg)
Coming up…• Problemset 1 due tomorrow: (8:29 PM)• Ori has office hours today (5 PM – 6:30 PM)• Next class topic: Bitcoin mining