NoteVerse

Cryptographic Hash Functions

Comprehensive study notes, diagrams, and exam preparation for Cryptographic Hash Functions.

Cryptographic Hash Functions

Definition

A cryptographic hash function is a mathematical algorithm that maps data of arbitrary length to a fixed-length hash value in a way that is deterministic, fast to compute, and secure against practical attacks such as preimage attacks, second-preimage attacks, and collision attacks.

In simple terms, it is a one-way digital fingerprinting method for data.

Main Content

1. Core Properties of Cryptographic Hash Functions

Deterministic and fixed-length output

For the same input, the hash function always produces the same output, and the output length remains constant regardless of input size. For example, SHA-256 always produces a 256-bit hash, whether the input is a short word like cat or a large file of several gigabytes.

Preimage resistance, second-preimage resistance, and collision resistance

These are the three most important security properties. Preimage resistance means that given a hash, it should be infeasible to find the original input. Second-preimage resistance means that given one input, it should be infeasible to find another different input with the same hash. Collision resistance means it should be infeasible to find any two different inputs that produce the same hash.

Avalanche effect

A tiny change in input should cause a drastic and unpredictable change in the output hash. For example, changing one character in a password or document should completely alter the digest, making patterns impossible to exploit.

2. Security Requirements and Attack Resistance

Resistance to brute force and reverse engineering

A secure hash function should make exhaustive guessing impractical. Although attackers may try billions of guesses, a strong hash should still remain computationally secure when used correctly, especially with salts and password-hardening methods.

Collision resistance in practice

If collisions can be found efficiently, the hash function is unsuitable for important security uses such as digital signatures or certificate validation. Older hashes like MD5 and SHA-1 are no longer considered secure because collisions have been demonstrated in practice.

Unpredictability and output uniformity

A secure hash should distribute outputs evenly across the hash space so that no output values are more likely than others. This helps avoid patterns that attackers could exploit and ensures the hash behaves like a random function from the attacker’s perspective.

3. Common Cryptographic Hash Algorithms and Their Use

MD5, SHA-1, SHA-2, and SHA-3 families

MD5 and SHA-1 were widely used historically but are now insecure for collision-sensitive applications. SHA-2, especially SHA-256 and SHA-512, is currently widely used. SHA-3 is a newer standard based on a different internal design called sponge construction.

Real-world examples

SHA-256 is used in blockchain systems, file integrity verification, and secure communications. Password storage systems often use specialized password hashing algorithms like bcrypt, scrypt, Argon2, or PBKDF2, which are designed to be slower and more resistant to cracking than general-purpose hashes.

Hash length and security strength

Longer hashes generally provide stronger security against collisions and brute-force search. For example, a 256-bit hash offers far more security margin than a 128-bit hash, though the actual security also depends on the algorithm design, not only on output length.

Working / Process

1. Input message is prepared

The original data is taken as input. This can be a text string, file content, password, or any binary data. The input may first be encoded into bytes if necessary.

2. Internal processing transforms the message

The algorithm divides the message into blocks, applies padding if needed, and processes the blocks through multiple rounds of mathematical operations such as bitwise XOR, modular addition, shifts, permutations, and substitutions. These operations mix the data thoroughly.

3. Final digest is produced

After all blocks are processed, the algorithm outputs a fixed-size hash value. Even the smallest input change creates a drastically different digest. For example:

Input 1:  hello
Hash:     2cf24dba5fb0a...

Input 2:  Hello
Hash:     185f8db32271fe...

This shows that changing one letter changes the entire output.

A simple visual flow of the process:

Original Data
      |
      v
Padding / Preprocessing
      |
      v
Block Processing
      |
      v
Mixing / Rounds
      |
      v
Fixed-Length Hash Digest

Advantages / Applications

Data integrity verification

Hashes are used to check whether data has been altered. If a downloaded file’s hash matches the official hash published by the sender, the file is likely unchanged and authentic.

Password security

Instead of storing plaintext passwords, systems store hashes of passwords. When a user logs in, the entered password is hashed and compared to the stored hash. This protects users if the database is compromised, especially when salts and strong password-hashing algorithms are used.

Digital signatures, certificates, and blockchain

Hash functions are essential in digital signatures because they create a compact representation of large messages before signing. They are also used in public key certificates and blockchain systems to link blocks and ensure tamper detection.

Summary

  • Cryptographic hash functions convert data of any size into a fixed-size digest.
  • They are designed to be one-way, collision-resistant, and highly sensitive to input changes.
  • They are widely used for integrity checks, password protection, and digital security.

Important terms to remember
Hash digest, collision resistance, preimage resistance, second-preimage resistance, avalanche effect, SHA-256, SHA-3, salt

← Prev: Information-theoretic Secure MAC
Next: Ideal-Cipher Model →