Scribd
Upload
15 views40 pages

Lecture 7 Hash Functions 1

The document discusses cryptographic hash functions, focusing on SHA-256 and its application in Bitcoin mining. It outlines the properties necessary for secure hash functions, the workings of SHA-256, and the double SHA-256 architecture used in Bitcoin. The conclusion highlights the energy consumption of Bitcoin mining due to double SHA-256 calculations and the ongoing research to improve efficiency.

Uploaded by

ydf068095
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views40 pages

Lecture 7 Hash Functions 1

The document discusses cryptographic hash functions, focusing on SHA-256 and its application in Bitcoin mining. It outlines the properties necessary for secure hash functions, the workings of SHA-256, and the double SHA-256 architecture used in Bitcoin. The conclusion highlights the energy consumption of Bitcoin mining due to double SHA-256 calculations and the ongoing research to improve efficiency.

Uploaded by

ydf068095
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 40

Cryptographic Hash Functions

Blockchain January 21, 2025 1


Outline
Cryptographic hash function
Properties of hash function
Details of SHA-256
Double SHA-256 Architecture for Bitcoin Mining
Conclusions

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 2


Introduction
A cryptographic hash function takes a message of
arbitrary length and creates a message digest of fixed
length.
For a particular message, the message digest, or hash
value, can be seen as the fingerprint of a message, i.e., a
unique representation of a message.
All cryptographic hash functions need to create a fixed-
size digest out of a variable-size message.
The best way to create such function is using iteration,
and used a necessary number of times.
The fixed-size input function is referred to as a
compression function.

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 3


Working Procedure

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 4


Motivation: Signing Long Messages

Problem 1: High Computational Load


Problem 2: Message Overhead
Problem 3: Security Limitations

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 5


Signing of long messages with a hash function

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 6


Security Requirements of Hash Function
There are three central properties which hash
functions need to possess in order to be secure:
Preimage resistance (or one-wayness)
Second preimage resistance (or weak collision
resistance)
Collision resistance (or strong collision
resistance)

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 7


Preimage Resistance
Hash functions need to
be one-way
Given a hash output z it
must be computationally
infeasible to find an
input message x such
that z = h(x).

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 8


Second Preimage Resistance

It is essential that two different


messages do not hash to the
same value.
It should be computationally
infeasible to create two
different messages x1≠x2 with
equal hash values h(x1) = h(x2).

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 9


Collision Resistance
It is computationally
infeasible to find two
different inputs x1≠x2
with h(x1) = h(x2).

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 10


Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 11
Design Goals
Cryptographic hash function must be
computationally infeasible to find data mapping to
specific hash (one-way property)
computationally infeasible to find two data to same
hash (collision-free property)

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 12


Birthday Attack
Due to the pigeonhole principle, collisions
always exist.
The question is how difficult it is to find them.
Our first guess is probably that this is as
difficult as finding second preimages, i.e., if the
hash function has an output length of 80 bits,
we have to check about 280 messages.
However, it turns out that an attacker needs
only about 240 messages due to the birthday
attack.

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 13


Birthday Paradox
Problem Statement: How many people are needed at a
party such that there is a reasonable chance that at least
two people have the same birthday?
Solution:

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 14


Contd…

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 15


Birthday Attack
Collision search for a hash function h() is exactly
the same problem as finding birthday collisions
among party attendees.
For a hash function there are not 365 values each
element can take but 2n, where n is the output
width of h().
In fact, it turns out that n is the crucial security
parameter for hash functions.
The question is how many messages (x1,x2, . . . ,xt)
does Eve need to hash until he has a reasonable
chance that h(xi) = h(x j) for some xi and xj that he
picked.

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 16


Contd…

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 17


Contd…

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 18


Remarks
The most important consequence of the
birthday attack is that the number of messages
we need to hash to find a collision is roughly
equal to the square root of the number of
possible output values

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 19


SHA-256
SHA‐256 which is based on Merkle-Damgård Construction, and it is
used in Bitcoin.
The Merkle-Damgård construction involves the use of a compression
function that takes a fixed-size input and produces a fixed-size
output.
This function is applied iteratively to process the entire input.
In the context of SHA-256, it processes input data in blocks of 512
bits and produces a fixed-size output of 256 bits.
In such cases, the message is divided
into many 512-bit data blocks. If the last block is smaller than 512
bits, padding is performed.

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 20


Contd…
Padding the Message: Append padding bits, consists of a
single 1-bit followed by the necessary number of 0-bits, so
that its length is congruent to 448 modulo 512.

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 21


Overview

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 22


Contd…
The SHA-256 algorithm computes intermediate hash
values for data blocks one by one
The hash result of the current block becomes the input
initial hash for hash computing of the next data block.
The result of the final data block is considered to be the
hash value of the entire message.
It includes two processes named the message expander
(ME) and message compressor (MC).
During the SHA-256 operation, the ME expands the
512-bit input message into 64 chunks of 32-bit data.
The MC compresses these 64 32-bit data chunks into a
256-bit hashed output.

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 23


Contd…

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 24


Message Expander (ME)
The ME process expands the 512-bit input message
into 64 chunks of 32-bit data Wj (0≤ j ≤ 63).
In the first 16 rounds, the ME parses the 512-bit
message into 16, 32-bit data chunks (denoted as Wj , j
= 0 to 15, where j is the round index).
In the final 48 rounds, the ME calculates 48 chunks of
32-bit data Wj (16≤ j ≤ 63) based on the following
equation:

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 25


Message Compressor (MC).
The MC process computes the 256-bit hash value from the
outputs of the ME process (64 chunks of Wj (0≤ j ≤ 63).
The process involves two main steps: loops and hash
updates.
In the loop step, eight values (denoted A; B; C; D; E; F; G; H)
are initialized by the initial hash values H0, H1,...,H7.
The loop values A; B; C; D; E; F; G; H are then computed and
updated through 64 loops.

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 26


Contd…
Setting the Initial Hash Value (H(0)) :

Note: These words were obtained by taking the first thirty-two bits of
the fractional parts of the square roots of the first eight prime numbers.

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 27


Contd…

The operations
within the
Compress function
of SHA256 are
divided into a total
of 64 cycles.

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 28


SHA-256 Constants

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 29


Round Operation

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 30


Another Figure-For Round Operation

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 31


Contd…

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 32


Symbols and Operations
The following symbols are used in the SHA specifications; each
operates on w-bit words.

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 33


Contd…

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 34


Functions
SHA-256 uses six logical functions, where each function
operates on 32-bit words, which are represented as x, y, and z.
The result of each function is a new 32-bit word.

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 35


Double SHA-256 Architecture for Bitcoin Mining

Figure: Overview architecture of double SHA-256 in Bitcoin Mining.

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 36


Contd…
In Bitcoin mining, the double SHA-256 algorithm is used to compute
the hash value of the bitcoin block header, which is a 1024-bit
message.
The 1024-bit message is split into two 512-bit message parts; then
SHA-2561 calculates a hash value of the first 512-bit message, and
SHA-2562 computes a hash value of the final 512-bit message.
Due to the double SHA-256 requirement, the 256-bit hash output
from SHA-2562 must be compressed into the final 256-bit hash by
using SHA-2563.
In the Bitcoin mining process, the final 256-bit hash output from
SHA-2563 is compared to the target value.
If the final hash is smaller than the target value, the valid 32-bit
nonce is specified, and a new Bitcoin block is successfully created.
Otherwise, the 32-bit nonce is increased by one and the double SHA-
256 circuit re-computes to find a new hash value.
This process is repeated until the 256-bit hash of SHA-2563 meets the
target requirement.

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 37


Conclusions
The main reason why the Bitcoin network uses
a lot of energy is because it has to calculate
double SHA-256 values.
Therefore, reducing the hardware cost and
energy consumption of the SHA-256 circuit is a
popular research trend.
To be applicable for Bitcoin mining, a SHA-256
circuit needs not only efficient hardware and
power cost but also a high processing rate.

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 38


References
Secure Hash Standard, Available at:
csrc.nist.gov/publications/fips/fips1804/fips180-4.pdf
H. L. Pham, T. H. Tran, T. D. Phan, V. T. Duong Le, D. K.
Lam and Y. Nakashima, "Double SHA-256 Hardware
Architecture With Compact Message Expander for
Bitcoin Mining," in IEEE Access, vol. 8, pp. 139634-
139646, 2020.

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 39


Thank You

Blockchain Dept. of CSE, IIT(ISM) Dhanbad January 21, 2025 40

You might also like