Cryptography Reference
In-Depth Information
Hash functions are probably the most versatile of all cryptographic primitives.
They are extremely useful and appear in all sorts of surprising applications. As a
standalone tool, they have few uses. However, no cryptographic designer should
ever leave home without one! Such is their ubiquity that when an unexpected
attack was announced in 2004 against several of the most widely deployed hash
functions, there was considerable concern. Their many important and varied uses
include:
As strong one-way functions
. Hash functions are sometimes used to 'encrypt'
highly confidential data that does not require 'decryption', such as passwords
(see Section 6.2.2).
To provide a weak notion of data integrity
. Hash functions can be used
to provide checks against accidental changes to data and, in certain cases,
deliberate manipulation of data (see Section 6.2.2). As such they are some-
times referred to as
modification detection codes
or
manipulation detection
codes
.
As components to build other cryptographic primitives
. Hash functions
can be used to construct different cryptographic primitives such as MACs
(see Section 6.3.4) and digital signature schemes with appendix (see
Section 7.3.4).
As a means of binding data
. Hash functions are often used within cryptographic
protocols to bind data together in a single cryptographic commitment.
As sources of pseudorandomness
. Hash functions are sometimes used to
pseudorandomly generate numbers for use in cryptography, with an important
example being the generation of cryptographic keys (see Section 10.3).
Note that the term 'hash function' has several other wider meanings in the field
of computer science. While we will use the term 'hash function' because our
context is clear, our hash functions are sometimes more specifically referred to as
cryptographic hash functions
.
6.2.1
Properties of a hash function
A
hash function
is a mathematical function (in other words, a process for
converting a numerical input value into a numerical output value) that has two
important practical properties and three security properties. Before we review
these properties, it is important to appreciate the following:
Hash functions do not have a key
. The security properties that a hash function
delivers are all provided without the hash function using a key. In this respect
they are unusual cryptographic primitives. Note that the term 'keyed hash
function' is sometimes used for a
message authentication code
, which we will
discuss in Section 6.3.
