A) Hash Function:

A hash function in cryptography is a mathematical process that takes an input (like a

password or file) and converts it into a fixed-length string of characters, usually a
sequence of numbers and letters. This output is called a hash value or digest. The key
properties of hash functions make them crucial in security:
1. Fixed Size Output: Regardless of the input size, the hash function will always
produce a hash of the same length.
2. Deterministic: Every time you input the same data; you will get the same hash
output.
3. Collision-Resistant: It’s hard to find two different inputs that produce the same hash
value.
4. One-Way Function: It's easy to compute the hash from the input, but impossible to
reverse the process and retrieve the original input from the hash.
Where are hash functions used?
 Passwords: Instead of storing passwords directly, websites store the hash of the
password. When you log in, the system compares the hash of the entered password
with the stored hash.
Example: Password Hashing and Verification
 User Creates an Account: When you sign up on a website and create a password, the
website doesn't store your actual password. Instead, the system runs your password
through a hash function. For example, let’s say you create the password
myPassword123. The hash function converts this password into a fixed-length string,
something like:
 Hash("myPassword123") = a8726e4dfde32d99f9f4741d763b6dbb
 The website stores only the hash value (a8726e4dfde32d99f9f4741d763b6dbb) in its
database, not the plain password.
 User Logs In: Later, when you try to log in using myPassword123, the system doesn't
compare your password directly with what’s stored. Instead, the system hashes the
password you just entered (again using the same hash function):
 Hash("myPassword123") = a8726e4dfde32d99f9f4741d763b6dbb
 It then compares this newly computed hash value with the hash stored in the database.
 Comparison: If the hash of the password you entered matches the stored hash
(a8726e4dfde32d99f9f4741d763b6dbb), the system knows you entered the correct
password and allows you to log in. If the hashes don’t match, the system rejects the
login attempt because it knows the password was incorrect.
 Data Integrity: Hashes are used to ensure that data hasn’t been tampered with. For
example, when you download a file, you might be given a hash value. After
downloading, you compute the hash of the file and compare it with the provided hash
to make sure the file wasn't corrupted or altered.
Example: File Integrity Verification Using a Hash Value

 Original File: Let’s say a website offers a software package for download. Along
with the download link, the website also provides the hash value (digest) of the
original file, computed using a specific hash function (e.g., SHA-256).
 For example, the website might say:
 Download File: software-v1.2.zip
 SHA-256
 Hash:d2d2d2f78c4b5f1a5e2e76fb8f0ff8f7d8a1d8e5e2a5f1c8f8d5
b6c3e5d1a5d
 Download the File: You download the software-v1.2.zip file to your computer.
 Compute the Hash of the Downloaded File: After downloading, you use a tool or
command (depending on your operating system) to calculate the hash of the file using
the same hash function (in this case, SHA-256). In simple terms, think of a hash
function as a blender. You put ingredients in, blend it up, and get a smoothie (hash
value). You can't take the smoothie and turn it back into the exact same individual
ingredients, but every time you use the same ingredients and blend, you'll get the
same smoothie.

b) Birthday attack in hash functions?

A birthday attack is a type of cryptographic attack that exploits the mathematics behind the
birthday paradox. It's used to find collisions in hash functions more efficiently than trying
all possible inputs. Let's break this down:
What is the Birthday Paradox?
The birthday paradox is the surprising probability result that in a group of just 23 people,
there's about a 50% chance that two people share the same birthday. This is because you're
comparing all possible pairs, not just one specific pair.
How does the Birthday Paradox apply to Hash Functions?
In the context of hash functions, the birthday paradox suggests that if you hash enough
random inputs, you’re likely to find two different inputs that produce the same hash (a
collision) much sooner than expected.
 Collision: When two different inputs generate the same hash value.
Birthday Attack on Hash Functions
In a birthday attack, an attacker tries to find two different inputs that hash to the same value
(a collision). Instead of trying every possible input (which is computationally expensive), the
attacker uses the birthday paradox to reduce the number of attempts needed.
For example, if a hash function generates a 128-bit output, finding a collision by brute force
would take around 21282^{128}2128 attempts. However, the birthday attack reduces this to
around 2642^{64}264 attempts, making it much easier to find a collision.
Why is this a problem?
Hash functions are designed to be collision-resistant, meaning it should be very hard to find
two different inputs with the same hash. A successful birthday attack weakens this property,
potentially allowing attackers to create fake digital signatures, manipulate files, or break other
cryptographic systems.
Example:
Let’s say a hash function is used to verify the integrity of a document. An attacker could use a
birthday attack to create two versions of the document that produce the same hash. They
could present the valid version for verification and then substitute the malicious version later,
and it would still pass because the hash matches.
How to Defend Against Birthday Attacks:
1. Use Stronger Hash Functions: Hash functions with longer output lengths, like SHA-
256, make birthday attacks computationally impractical.
2. Avoid Weak Hash Functions: Older algorithms like MD5 and SHA-1 are vulnerable
to birthday attacks and should not be used for security-sensitive applications.
C) Requirements for Hash Functions:
For a hash function to be considered secure and useful in cryptography, it must satisfy several
key properties:
1. Deterministic: The same input should always produce the same hash output.
2. Fast Computation: The hash function should be fast to compute for any given input.
3. Pre-image Resistance: Given a hash output (digest), it should be computationally
infeasible to find the original input. This ensures that even if you know the hash, you
cannot reverse-engineer the input.
4. Second Pre-image Resistance: Given an input and its hash, it should be hard to find
a different input that produces the same hash. This prevents attackers from tampering
with data while producing the same hash.
5. Collision Resistance: It should be computationally infeasible to find two different
inputs that produce the same hash. This ensures that each unique input maps to a
unique hash value.
6. Fixed Output Size: The hash function should always produce a fixed-length output,
regardless of the input size. For example, SHA-256 always outputs 256 bits, even if
the input is large.
D) Applications of Hash Functions:
Hash functions are widely used in many areas of computing, especially in security. Here are
some key applications:
1. Password Storage:
 Use: When you create an account, websites typically store the hash of your password
instead of the password itself. When you log in, the site compares the hash of the
entered password with the stored hash.
  Benefit: This ensures that even if the database is compromised, the attackers can't
easily retrieve the original passwords.
2. Digital Signatures:
 Use: Digital signatures use hash functions to ensure the integrity and authenticity of a
message. The hash of a document is encrypted with the sender's private key, creating a
signature.
 Benefit: Anyone can verify the signature by decrypting it and comparing it with the
hash of the received document, ensuring that the document hasn't been tampered with.
3. Data Integrity (Checksums):
 Use: Hash functions can create a checksum or digest of data to ensure it hasn’t been
altered during transmission or storage.
 Benefit: When downloading software or files, users can verify the file’s integrity by
comparing its hash with the one provided by the source.
4. Cryptographic Protocols (SSL/TLS):
 Use: Hash functions are essential to secure protocols like SSL/TLS, which are used
for encrypting communications over the internet (such as HTTPS). They ensure data
integrity and secure key exchange.
 Benefit: They protect sensitive data, such as financial transactions and login
information, from being intercepted or tampered with.
5. Blockchain and Cryptocurrencies:
 Use: Cryptocurrencies like Bitcoin use hash functions in mining (proof of work) and
for creating links between blocks in the blockchain.
 Benefit: Hashing ensures that each block in the blockchain is linked to the previous
one, making it almost impossible to alter transaction data without affecting the entire
chain.
6. Message Authentication Codes (MACs):
 Use: Hash functions are often used in MACs to ensure that a message has not been
altered. The hash of the message, combined with a secret key, is sent with the
message.
 Benefit: Only the sender and recipient, who know the secret key, can compute and
verify the MAC, ensuring message authenticity and integrity.
7. Deduplication in Storage Systems:
 Use: Hash functions can identify duplicate files by hashing them and comparing the
hash values. If two files have the same hash, they are treated as duplicates, and only
one copy is stored.
 Benefit: This saves storage space and bandwidth.
8. Proof of Work (PoW):
 Use: Hash functions are used in Proof of Work mechanisms (like Bitcoin mining) to
validate transactions. Miners must solve a cryptographic puzzle by finding an input
that produces a specific hash.
 Benefit: It ensures that adding a block to the blockchain requires significant
computational effort, making the network secure.
9. URL Shortening:
 Use: Hash functions can create shortened, unique representations of long URLs.
 Benefit: Short URLs are easier to share, and the hash ensures that even slight changes
in the original URL produce a new shortened version.
10. File or Data Fingerprinting:
 Use: Hash functions are used to create a unique fingerprint for files. For example,
antivirus software uses hash values to identify known malware by comparing the hash
of the scanned file to a database of known malicious files.
 Benefit: It allows for quick identification of file duplicates or malware without
needing to scan the entire content.