CSE446 Lecture 2
CSE446 Lecture 2
H(.)
Blockchain e41ade90cd94…
Cryptographic hash function
• A cryptographic hash function is a general hash function that
should satisfy these properties
• collision-resistance
• preimage resistance
• hiding
• puzzle-friendliness
Cryptographic hash function
• A cryptographic hash function is a general hash function that
should satisfy these three properties
• collision-resistance
Must-have
• preimage resistance
• hiding
Desirable for certain blockchain systems
• puzzle-friendliness
We’ll look more closely at each of these properties to gain an understanding of why it’s useful to have
a function that behaves that way. The reader who has studied cryptography should be aware that the
treatment of hash functions in this book is a bit different from a standard cryptography textbook. The
puzzle‐friendliness property, in particular, is not a general requirement for cryptographic hash
functions, but one that will be useful for cryptocurrencies specifically.
Cryptographic hash
Property 1: Collision‐resistance. The firstfunction:
property that we needcollision
from a cryptographic resistance
hash function is
that it’s collision‐resistant. A collision occurs when two distinct inputs produce the same output. A
hash function H(.) is collision‐resistant if nobody can find a collision. Formally:
• A hash function is said to be collision resistant if it is infeasible
Collision‐resistance: A hash function H is said to be collision resistant if it is infeasible to find two
to find two
values, x andvalues,
y, such that xx≠ yand
, yet H(x)y, such
=H(y) . that x≠y,yet H(x)=H(y)
Figure 1.1 A hash collision. x and y are distinct values, yet when input into hash function H, they
produce the same output.
Notice that we said nobody can find a collision, but we did not say that no collisions exist. Actually, we
know for a fact that collisions do exist, and we can prove this by a simple counting argument. The
input space to the hash function contains all strings of all lengths, yet the output space contains only
strings of a specific fixed length. Because the input space is larger than the output space (indeed, the
Cryptographic hash function: collision resistance
• A hash function is said to be collision resistant if
it is infeasible to find two values, x and y,such
that x≠y,yet H(x)=H(y)
• Infeasible-> hard to find a collision, but not,Figure
no1.2 Because the number of inputs exceeds the number of outputs, we are guaranteed that
collisions exist there must be at least one output to which the hash function maps more than one input.
output string (the pigeonhole principle) The method above is guaranteed to find a collision. But if we pick random inputs and compute the
hash values, we’ll find a collision with high probability long before examining 2 + 1 inputs. In fact, if 256
130
we randomly choose just 2 + 1 inputs, it turns out there’s a 99.8% chance that at least two of them
• But it will be hard to find these are going to collide. The fact that we can find a collision by only examining roughly the square root of
the number of possible outputs results from a phenomenon in probability known as the birthday
paradox. In the homework questions at the end of this chapter, we will examine this in more detail.
https://miro.medium.com/max/1178/1*rj_4nlE4Qw_ok0P7A7chHA.png
This collision‐detection algorithm works for every hash function. But, of course, the problem with it is
that this takes a very, very long time to do. For a hash function with a 256‐bit output, you would have
to compute the hash function 2256 + 1 times in the worst case, and about 2128
times on average. That’s
Cryptographic hash function: collision resistance
• How to find a collision?
• Choose 2256 + 1 distinct Input for a hash function with 256 bit output
• Calculate hash for each input and check if the output matches with any
previous hash
• Since input sine > output size, there must be a match (collision)
• Try 2130 randomly chosen inputs, 99.8% chance that two of them will
collide
• Examining roughly the square root of the number of possible outputs (the
birthday paradox)
• The birthday paradox is that, counterintuitively, the probability of a shared
birthday exceeds 50% in a group of only 23 people
Cryptographic hash function: collision resistance
PC
=
Manipulation, if not
matched
Hash1
t
Cryptographic hash function: pre-image resistance
• H is a hash function
• For essentially all pre-specified outputs y, it is computationally
infeasible to find an x such that H(x) = y
• H is also called a one-way function
Selection x
(Argentina or Brasil)
Random
r || x H(r || x) a34cd87..
number, r
com
Argentina
Reveal
Question?
ANY QUESTION?