L2 - Cryptographic Basics Flashcards
When is a function a hash function?
- Compression: h maps an input x of arbitrary finite bit length to an output h(x) of fixed bit length n
h: {0,1}* β> {0,1}^n - Ease of computation: given h and x it is easy to compute h(x)
Cryptographic hash functions properities?
Preimage Resistance + Second Preimage Resistance
Collision Resistance
What is preimage resistance?
It is a property of cryptographic hash functions.
- it is infeasible to find the input to outputs (one-way function; h^-1 does not exist)
What is second preimage resistance?
- it is computationally infeasible to find a xβ which computes the same hash output
The attacker is handed a fixed π1 to which he has to find a different π2 with equal hash. In particular, he canβt choose π1.
Given x it is computationally infeasible to find any second input xβ
with x != xβ such that h(x) = h(xβ).
What is collision resistance?
In the second case (collision resistance), the attacker can freely choose both messages π1 and π2, with the only requirement that they are different (and hash to the same value).
A hash function h is said to be collision resistant if it is infeasible to find two values, x and y, such
that x != y, yet h(x) = h(y).
Difference between second preimage resistance and collision resistance
The difference is in the choice of π1.
(From this, it is also obvious that collision resistance implies second preimage resistance: An attacker can just choose an arbitrary π1 and compute a second preimage π2 to obtain a collision.)
Application of the second pre-image resistance property
Message digest
What is message digest?
A message digest is a cryptographic hash function containing a string of digits created by a one-way hashing formula.
Message digests are designed to protect the integrity of a piece of data or media to detect changes and alterations to any part of a message. They are a type of cryptography utilizing hash values that can warn the copyright owner of any modifications applied to their work.
What is an additional desired property in hash functions?
Hiding
What is hiding in hash functions?
A hash function h is said to be hiding if a secret value r is chosen at randomly, then given h(r||x), it is infeasible to find x.
What is a nonce?
Random number used only once. Used to prevent brute force attacks.
In what application can hiding be used?
A commitment scheme is a cryptographic primitive that allows one to commit to a chosen value (or chosen statement) while keeping it hidden to others, with the ability to reveal the committed value later. Commitment schemes are designed so that a party cannot change the value or statement after they have committed to it: that is, commitment schemes are binding.
Example:
Someone commits a hash of a message with a nonce. Then later he reveals the nonce and the message. Now everyone can verify that r and x indeed compute to the hash. But beforehand nobody could find x by brute force (try different x values to get the hash).
What does the search puzzle consist of?
- a hash function h (there are many different ones; I think each puzzle has its own one; it computes the puzzle results)
- a value id (is the puzzle-ID; makes solutions to the puzzle unique)
- target set Y (for a valid solution, the puzzle result must lie within the target set Y)
- Computation (The puzzle-ID is concatenated with a value x and hashed. x changes until the puzzle result lies within Y)
What are broken and what are safe hash algorithms?
- MD4, MD5, SHA-1 are broken
- SHA-2/SHA-3 are safe and SHA-3 is preferred
Hash pointer
- allows to verify that the information has not changed. Does not contain the information to the location of the data.
We should note that the hash stored in the hash pointer is the hash of the whole data of the previous block, which also includes the hash pointer to the block before that one. This makes itβs impossible to tamper a block in the blockchain without letting others know.