Which of the following is not a desirable property of a cryptographic hash function

Asked 1 year, 4 months ago

Viewed 1k times

$\begingroup$

I have created a hash function. If I am asked whether it conforms to the definition of a hash function, I only know that it should have a fixed-size output. I use multiplication and adding of every plaintext character with the random number I assigned.

Aside from the fixed-size output, what other characteristics must a hash function have, and why?

asked Jul 13, 2021 at 0:18

$\endgroup$

3

$\begingroup$

From a cryptographic standpoint, a hash function with fixed-size output:

• Must be a deterministic function: the same input must always generate the same output.
• Must accept input messages in a wide input set. Ideally that's should be arbitrary bitstring, but often is arbitrary bytestrings or character strings, perhaps up to some size.
• Baring special qualifier (like keyed or secret or random), must be public: every step and constant needed for the calculation of the output for any given input is known to all.
• Must compute it's result in time polynomial with the input size. That should be time roughly linear with the input size.
• Should have collision-resistance: it is computationally impossible to exhibit two distinct messages with the same output (this property implies second preimage resistance, which is that given a random input, it is computationally impossible to find another input yielding the same output). Notice that if there are $n$ possible outputs, there are generic attacks that break collision-resistance with about $\sqrt n$ evaluations of the function, thus collision-resistance implies $n$ is large (say, at least $2^{192}$ nowadays); if not, the definition of collision-resistance must be loosened to: the best method to exhibit two distinct messages with the same output is a generic attack.
• Should have (first) preimage-resistance: given the output for a random unknown input, it is computationally impossible to find that input (or another input with the same output) easier than by trying inputs. Notice that if there are $n$ possible outputs, there are generic attacks that break preimage-resistance with about $n$ evaluations of the function, thus preimage-resistance implies $n$ is large (say, at least $2^{96}$ nowadays); if not, the definition of preimage-resistance must be loosened.

More generally, a modern cryptographic hash should broadly behave as a random oracle, that is a box implementing a function, which output is random for every particular input. For large-enough output set, that implies collision-resistance, preimage resistance, and more:

• For unknown random input with any natural characteristic (that is, independent of the definition of the hash function; for example, input that consists of 40 decimal digits which sum is divisible by 10), the output should be computationally indistinguishable from uniformly random in the output set.
• Resistance to length-extension attack: given output for unknown input $M$, it should be impossible to compute output for input an extension of $M$ (that is $M\mathbin\|E$ for non-empty $E$) easier than by finding $M$ by trying inputs. Notice that still-common hashes such as SHA-256 do not have that later property.

answered Jul 13, 2021 at 7:10

fgrieu♦fgrieu

127k11 gold badges277 silver badges525 bronze badges

$\endgroup$

4

What Are Cryptographic Hash Functions?

A cryptographic hash function is a mathematical function used in cryptography. Typical hash functions take inputs of variable lengths to return outputs of a fixed length.

A cryptographic hash function combines the message-passing capabilities of hash functions with security properties.

Key Takeaways

• Hash functions are mathematical functions that transform or "map" a given set of data into a bit string of fixed size, also known as the "hash value."
• Hash functions are used in cryptography and have variable levels of complexity and difficulty.
• Hash functions are used for cryptocurrency, password security, and message security.

How Cryptographic Hash Functions Work

Hash functions are commonly used data structures in computing systems for tasks, such as checking the integrity of messages and authenticating information. While they are considered cryptographically "weak" because they can be solved in polynomial time, they are not easily decipherable.

Cryptographic hash functions add security features to typical hash functions, making it more difficult to detect the contents of a message or information about recipients and senders. 

In particular, cryptographic hash functions exhibit these three properties:

• They are “collision-free.” This means that no two input hashes should map to the same output hash. 
• They can be hidden. It should be difficult to guess the input value for a hash function from its output. 
• They should be puzzle-friendly. It should be difficult to select an input that provides a pre-defined output. Thus, the input should be selected from a distribution that's as wide as possible. 

The three properties outlined above are desirable but they cannot always be implemented in practice. For example, the disparity in sample spaces for input hashes and outputs ensures that collisions are possible. For example, in 2017, the MIT Digital Currency Initiative found collision vulnerability in IOTA.

Examples of Cryptographic Hash Functions

Cryptographic hash functions are widely used in cryptocurrencies to pass transaction information anonymously. For example, Bitcoin, the original and largest cryptocurrency, uses the SHA-256 cryptographic hash function in its algorithm. Similarly, IOTA, a platform for the Internet of Things, has its own cryptographic hash function, called Curl.

However, hashes have other applications in the real world. These are some of the most common cryptographic applications:

Password Verification

Storing passwords in a regular text file is dangerous, so nearly all sites store passwords as hashes. When a user inputs their password, it is hashed and the result is compared to the list of hashed values stored on the company's servers. This is not a fool-proof practice, however, as the Collection #1 trove of 21 million stolen passwords, discovered in 2019, demonstrates.

Signature Generation and Verification

Verifying signatures is a mathematical process used to verify the authenticity of digital documents or messages. A valid digital signature, where the prerequisites are satisfied, gives its receiver strong proof that the message was created by a known sender and that the message was not altered in transit. A digital signature scheme typically consists of three algorithms: a key generation algorithm; a signing algorithm that, given a message and a private key, produces a signature; and a signature verifying algorithm. Merkle Trees, a technology used in cryptocurrencies, is a kind of digital signature.

Verifying File and Message Integrity

Hashes can be used to make sure messages and files transmitted from sender to receiver are not tampered with during transit. The practice builds a "chain of trust." For example, a user might publish a hashed version of their data and the key so that recipients can compare the hash value they compute to the published value to make sure they align.

Which of the following is not a property of hash function?

Which of the following properties must a cryptographic hash function provide?

Which property of a cryptographic hash algorithm is desirable?

Which one of the following is not a characteristic of a cryptographic hash function?