Tuesday, October 26, 2021

Security Requirement of Hash Function


In hash function H accepts a variable length block of input data called as ‘M’ and produces the fixed size hash value can be represented as h = M(H).

Figure: Block Diagram of Hash Function

When hash function provides security, this is called cryptographic hash functions. Hash function protects the integrity of the message. If encryption process is applying on message with hash function, it is also providing authentication and confidentiality.

A hash function provides a property that has function applied on variable amount of data (M) and then it produces the fixed amount of output data. If any bit or bits changes in the data, then whole hash function output data will also change. Cryptographic has function is one-way function, which is practically infeasible to invert. The most popular hashing algorithm is MD5 and SHA.

Security Requirement of Hash Function

The first three properties are requirements for the practical application of a hash function.

The fourth property, preimage resistant, is the one-way property: it is easy to generate a code given a message, but virtually impossible to generate a message given a code. This property is important if the authentication technique involves the use of a secret value. However, if the hash function is not one way, an attacker can easily discover the secret value.

The fifth property, second preimage resistant, guarantees that it is impossible to find an alternative message with the same hash value as a given message. This prevents forgery when an encrypted hash code is used. If this property were not true, an attacker would be capable of the following sequence: First, observe or intercept a message plus its encrypted hash code; second, generate an unencrypted hash code from the message; third, generate an alternate message with the same hash code.

If the sixth property, collision resistant, is also satisfied, then it is referred to as a strong hash function. A strong hash function protects against an attack in which one party generates a message for another party to sign. For example, suppose Bob writes an IOU message, sends it to Alice, and she signs it. Bob finds two messages with the same hash, one of which requires Alice to pay a small amount and one that requires a large payment. Alice signs the first message, and Bob is then able to claim that the second message is authentic.

To learn more about Security Requirement of hash function, Click here

        Watch more videos click here.