Blockchain and Applications

MODULE-2

Dr. Poornima B V
Assistant Professor,
Computer Science and Engineering,
Sahyadri College of Engineering and Management,
Adyar, Mangalore-575007.
Email: [email protected]
1
Introduction
 Cryptography is the science of making information secure in the
presence of adversaries.
 Cryptography is primarily used to provide a confidentiality
service.
 Securing a blockchain ecosystem requires many different
cryptographic primitives, such as hash functions, symmetric key
cryptography, digital signatures, and public key cryptography.
 In addition to a confidentiality service, cryptography also
provides other security services such as integrity, authentication
(entity authentication and data origin authentication), and non-
repudiation also accountability
Cryptography

A model of the generic encryption and decryption

 Explanations of concepts such as entity, sender, receiver,
adversary, key, and channel
1. Entity: Either a person or system that sends, receives, or performs
operations on data
2. Sender: This is an entity that transmits the data
3. Receiver: This is an entity that takes delivery of the data
4. Adversary: This is an entity that tries to circumvent the security
service
5. Key: A key is data that is used to encrypt or decrypt other data
6. Channel: Channel provides a medium of communication between
entities
Symmetric Encryption:

Uses the same key for both encryption and decryption.

Fast and efficient but requires secure key distribution.
Examples: AES, DES, 3DES.

Asymmetric Encryption:

Uses two keys: a public key for encryption and a private key for decryption.
Public key is shared openly, while the private key is kept secret.
It’s slower than symmetric encryption but enables secure communication
without key distribution issues.
Examples: RSA, ECC (Elliptic Curve Cryptography).
 Hash Function:
Converts input data into a fixed-length string of characters (hash)
which represents the data uniquely.
It is one-way and cannot be reversed to retrieve the original input.
Used for data integrity and storing passwords securely.
Examples: SHA-256, MD5.
Cryptographic primitives
 A keyless cryptographic primitive refers to cryptographic techniques or
methods that do not require the use of a secret key for their operation.
 These primitives rely on other mechanisms like mathematical properties,
algorithms, or the structure of the data itself.
EX1.
Hash functions are keyless because they don't require any secret key for their
operation.
They take an input (message) and produce a fixed-size hash output (digest). The
output is meant to uniquely represent the input, and it is computationally
difficult to revert the hash back to the original input.
Examples: SHA-256, MD5, SHA-1.
Keyless Feature: Hash functions generate a unique output based solely on the
input, without any secret key.
Random Number Generation:
 While some cryptographic systems require keys for random
number generation (e.g., for key generation), non-cryptographic
random number generators do not require any keys.
 These can generate pseudo-random numbers based on an initial
seed value, not necessarily linked to a secret key.
 Keyless Feature: The random number generation process
doesn't depend on a secret key, though it might depend on an
initial seed.
Symmetric Key Primitives
Symmetric Encryption:
•The process of encrypting data using the same key for both encryption and decryption.
•Examples:
• AES (Advanced Encryption Standard): Widely used for securing sensitive data.
• DES (Data Encryption Standard): Older, less secure than AES.
• RC4 (Rivest Cipher 4): A stream cipher, though no longer recommended due to
vulnerabilities.
 Message Authentication Codes (MAC):
 A MAC is used to verify both the integrity and authenticity of a message. It is a
cryptographic checksum generated by a secret key.
 Examples:
 HMAC (Hash-based Message Authentication Code): Combines a hash function with a
secret key to provide data integrity and authenticity.
 CMAC (Cipher-based Message Authentication Code): Uses block ciphers like AES to
generate the MAC.
 Stream Ciphers:
 Encrypt data one bit (or byte) at a time using a key stream, which
is combined with plaintext to produce ciphertext.
 There are two types of stream ciphers:
synchronous stream ciphers and asynchronous stream ciphers:
Synchronous stream ciphers are those where the keystream is
dependent only on the key.
Asynchronous stream ciphers have a keystream that is also
dependent on the encrypted data
 Block Ciphers:
 Encrypt data in fixed-size blocks (typically 64 or 128 bits) using
the same key for both encryption and decryption.
 Block ciphers are encryption algorithms that break up the text to
be encrypted (plaintext) into blocks of a fixed length and apply
the encryption block-by-block. Block ciphers are generally built
using a design strategy known as a Feistel cipher.
 A key advantage of using a Feistel cipher is that encryption and
decryption operations are almost identical and only require a
reversal of the encryption process to achieve decryption. DES is a
prime example of Feistel-based ciphers
 Various modes of operation for block ciphers are Electronic Code
Book (ECB), Cipher Block Chaining (CBC), Output Feedback
(OFB) mode, and Counter (CTR) mode.
 These modes are used to specify the way in which an encryption
function is applied to the plaintext.
 Block encryption mode: In block encryption mode, the plaintext
is divided into blocks of fixed length depending on the type of
cipher used. Then the encryption function is applied to each
block.
 Electronic Code Book (ECB) is a basic mode of operation in which
the encrypted data is produced as a result of applying the
encryption algorithm one-by-one to each block of plaintext.
 In Cipher Block Chaining (CBC) mode, each block of plaintext is
XOR'd with the previously-encrypted block. CBC mode uses the
Initialization Vector (IV) to encrypt the first block. It is
recommended that the IV be randomly chosen:
 The Counter (CTR) mode effectively uses a block cipher as a
stream cipher. In this case, a unique nonce is supplied that is
concatenated with the counter value to produce a keystream:
Cryptographic hash mode
 Advanced Encryption Standard
 During AES algorithm processing, a 4 x 4 array of bytes known as
the state is modified using multiple rounds.
 Full encryption requires 10 to 14 rounds, depending on the size
of the key. The following table shows the key sizes and the
required number of rounds:
 Once the state is initialized with the input to the cipher, four operations are
performed in four stages to encrypt the input. These stages are:
AddRoundKey, SubBytes, ShiftRows, and MixColumns:
1. In the AddRoundKey step, the state array is XOR'd with a subkey, which is
derived from the master key
2. SubBytes is the substitution step where a lookup table (S-box) is used to
replace all bytes of the state array
3. The ShiftRows step is used to shift each row to the left, except for the first
one, in the state array to the left in a cyclic and incremental manner
4. Finally, all bytes are mixed in the MixColumns step in a linear fashion,
column-wise
 The preceding steps describe one round of AES
 In the final round (either 10, 12, or 14, depending on the key
size), stage 4 is replaced with AddRoundKey to ensure that the
first three steps cannot be simply reversed.
 Asymmetric Key Primitives

Digital Signatures:
•Used to authenticate the identity of the sender and ensure the integrity of the
message. The sender signs the data with their private key, and the recipient can
verify it using the sender's public key.
•Examples:
• RSA-based digital signatures.
• ECDSA (Elliptic Curve Digital Signature Algorithm): A more efficient digital
signature algorithm based on elliptic curve cryptography.
• DSA (Digital Signature Algorithm): Another algorithm used for generating
digital signatures.
  A digital signature is a cryptographic technique used to verify the
authenticity of a message or document. It ensures that the
message was sent by the claimed sender and that it hasn’t been
altered during transmission.

Step-by-Step Process of Digital Signature

Key Generation:
Eve (the signer) has a pair of keys:
Private Key (PRIV_Eve): Used to sign the message. This key is kept secret.
Public Key (PUB_Eve): Used by others to verify the signature. This key is shared.
 Creating a Digital Signature (Signing):
Eve wants to send a document to Frank. Before sending it, Eve generates a
digital signature for the document to prove she is the sender.
Eve creates a hash of the document (a unique fingerprint of the message).
Example document: "Important contract document.“
Hash of the document: Hash("Important contract document.") = H1
Eve then encrypts the hash (H1) with her private key (PRIV_Eve).
Digital signature: Digital Signature = ENC(PRIV_Eve, H1)
Eve sends the document along with the digital signature to Frank.
 Verifying the Signature (Verification):When Frank receives the
document, he wants to verify that it was indeed signed by Eve
and hasn’t been tampered with.
 Frank uses Eve’s public key (PUB_Eve) to decrypt the digital
signature.
 Decrypted signature: Decrypted(H1) = DEC(PUB_Eve, Digital
Signature)
 Frank now gets the hash value H1.
 Frank also hashes the document he received:Hash of the
received document: Hash("Important contract document.") = H1
 Frank compares the two hashes:If the hashes match, Frank can
be confident that the document hasn’t been altered and that it
was indeed signed by Eve (because only Eve could have created
the signature using her private key).
Summary
 1. Eve creates a digital signature by encrypting the hash of the
document with her private key.
 2. Frank receives the document and the signature.
 3. Frank uses Eve’s public key to decrypt the signature and get
the original hash.
 4. Frank compares the decrypted hash with the hash of the
received document.
 5. If the hashes match, the signature is verified, and the
document is authentic.
 Public Key Ciphers
Public key ciphers, use a pair of keys: a public key and a private key.
The public key is shared openly and can be used by anyone to
encrypt data, while the private key is kept secret by the owner and
is used to decrypt the data.
Example: Sending a Secure Message Using Public Key CipherKey
Generation:
 John generates a pair of keys: a public key and a private key.
 John’s Public Key: PUB_John
 John’s Private Key: PRIV_John
 John keeps his private key (PRIV_John) secret, but he shares his
public key (PUB_John) with Charlie.
 Encryption (Charlie to John):
 Charlie wants to send a secure message to John. He uses John’s
public key (PUB_John) to encrypt his message.
 Example message: “JOhn, let's meet at 5 PM today.“
 Charlie uses PUB_John to encrypt the message:
 Encrypted message: Encrypted(“John, let's meet at 5 PM today.")
= ENC(PUB_John, “John, let's meet at 5 PM today.")
 Transmission: Charlie sends the encrypted message to John. Even
though anyone could intercept the encrypted message, they
can’t read it because they don’t have John’s private key.
 Decryption (John):John receives the encrypted message and uses
his private key (PRIV_John) to decrypt it.
 Decrypted message: Decrypted("Encrypted message") =
DEC(PRIV_John, ENC(PUB_John, “JOhn, let's meet at 5 PM
today."))
 John now sees the original message: “John, let's meet at 5 PM
today."
Services Provided by Cryptography
1. Confidentiality
2. Integrity
3. Authentication
4. Entity Authentication
5. Data Origin Authentication
6. Non-Repudiation
7. Accountability
Asymmetric cryptography
 Asymmetric cryptography refers to a type of cryptography where
the key that is used to encrypt the data is different from the key that
is used to decrypt the data.
 This is also known as public key cryptography.
 It uses both public and private keys to encrypt and decrypt data,
respectively.
 Various asymmetric cryptography schemes are in use, including
RSA, DSA, and ElGammal.
An overview of public key cryptography

Encryption/decryption using public/private keys

 The preceding diagram illustrates how a sender encrypts data P
using the recipient's public key and encryption function E and
producing an output encrypted data C which is then transmitted
over the network to the receiver.
 Once it reaches the receiver, it can be decrypted using the
receiver's private key by feeding the C encrypted data into
function D, which will output plaintext P.
 This way, the private key remains on the receiver's side, and
there is no need to share keys in order to perform encryption
and decryption, which is the case with symmetric encryption.
 The following diagram shows how the receiver uses public key
cryptography to verify the integrity of the received message.
 In this model, the sender signs the data using their private key
and transmits the message across to the receiver.
 Once the message is received, it is verified for integrity by the
sender's public key
Model of a public-key cryptography signature scheme
 The preceding diagram shows that sender digitally signs the
plaintext P with his private key using signing function S and
produces data C which is sent to the receiver who verifies C using
sender public key and function V to ensure the message has
indeed come from the sender.
 Security mechanisms offered by public key cryptosystems include
key establishment, digital signatures, identification, encryption,
and decryption.
Security mechanisms offered by public key cryptosystems

1. Key establishment,
2. Digital signatures,
3. Identification,
4. Encryption,
5. Decryption.
Public and Private keys
Email Encryption:
 Public Key: When you want to send someone an encrypted
email, you need their public key. This public key can be shared
openly.
 Private Key: The recipient uses their private key to decrypt the
message. The private key is kept secret and never shared. Only
the person who owns the private key can decrypt the message.
Cryptocurrency (Bitcoin, Ethereum):
 Public Key: When you want to receive cryptocurrency, you give
someone your public key (or address). This is like sharing your
bank account number.
 Private Key: To access and spend your cryptocurrency, you use
your private key. This key should be kept secret, as it proves
ownership of the funds. Anyone who possesses your private key
can spend your cryptocurrency.
Mathematical functions public key cryptography algorithms

1. Integer Factorization
2. Discrete Logarithm
3. Elliptic Curves
Integer factorization
 Integer factorization schemes are based on the fact that large
integers are very hard to factor. RSA is the prime example of this
type of algorithm
 Integer factorization is the process of breaking down a large number into
smaller numbers (called factors) that, when multiplied together, result in the
original number.
 Example: Consider the number 15. It can be broken down (factored) into two
smaller numbers: 3 and 5, because:15=3×5
 Now, imagine trying to factor a really large number, say n = 123456789.
 This could involve finding out which smaller numbers multiply together to give
n, which is difficult for very large numbers.
 This concept is important in cryptography, particularly in RSA encryption,
where it is hard to factorize large numbers, making the encryption secure.
Discrete logarithm
 A discrete logarithm scheme is based on a problem in modular arithmetic.
 It is easy to calculate the result of modulo function, but it is computationally
impractical to find the exponent of the generator.
 In other words, it is extremely difficult to find the input from the result. This
is a one-way function.
 For example, consider the following equation: 3 pow2 mod 10 = 9
 Now, given 9, the result of the preceding equation finding 2 which is the
exponent of the generator 3 in the preceding question, is extremely hard to
determine.
 This difficult problem is commonly used in the Diffie Hellman key exchange
and digital signature algorithms.
 Discrete Logarithm Problem
The Discrete Logarithm Problem is about solving for x in an equation like:

Where:
 g is the base or generator (a number chosen in advance).
 x is the exponent (the value we want to find).
 p is the modulus (a number that defines the size of the numbers we're
working with).
 y is the result (the output).
 The Discrete Logarithm is essentially finding the exponent x given the base
g, the modulus p, and the result y.
Elliptic curves
 An elliptic curve is an algebraic cubic curve over a field, which can be defined
by the following equation.

Here, a and b are integers whose values are elements of the field on which
the elliptic curve is defined. Elliptic curves can be defined over real
numbers, rational numbers, complex numbers, or finite fields.
 Elliptic Curves provide a more efficient and secure way to
perform cryptographic operations.
 They work by adding points on the curve and multiplying points
by scalars.
 What is Elliptic Curve Cryptography (ECC)?
 Elliptic Curve Cryptography relies on the elliptic curve equation:
 y^2 = x^3 + ax + b where a and b are constants that define the curve.
 The points on the curve form a group under a defined operation called point
addition, and this group structure is key to the security of ECC.

Key Concepts in ECC:

 Elliptic Curve: A set of points satisfying the equation y^2 = x^3 + ax + b
 Point on the Curve: A pair (x,y) that satisfies the curve equation.
 Point Addition: The process of adding two points P and Q on the elliptic curve to
get a third point R.
 Scalar Multiplication: Multiplying a point P on the elliptic curve by a scalar k
(i.e., adding P to itself k times). This is the core operation in ECC and is
computationally difficult to reverse.
 For cryptographic purposes, an elliptic curve over prime finite
fields is used instead of real numbers. Additionally, the prime
should be greater than 3. Different curves can be generated by
varying the value of a and/or b.
 The most prominently used cryptosystems based on elliptic
curves are the Elliptic Curve Digital Signature Algorithm (ECDSA)
and the Elliptic Curve Diffie-Hellman (ECDH) key exchange.
Public and private keys
 A private key, as the name suggests, is a randomly generated
number that is kept secret and held privately by its users. Private
keys need to be protected and no unauthorized access should be
granted to that key.
 Private keys can be of various lengths depending on the type and
class of algorithms used. For example, in RSA, typically a key of
1024-bits or 2048-bits is used. The 1024-bit key size is no longer
considered secure, and at least a 2048-bit key size is
recommended
 A public key is freely available and published by the private key
owner. Anyone who would then like to send the publisher of the
public key an encrypted message can do so by encrypting the
message using the published public key and sending it to the
holder of the private key.
 You have a mailbox (public key) and a key to the mailbox (private
key).
 Public Key = Your mailbox (everyone can drop letters into it).
 Private Key = The key to open the mailbox (only you have this
key, so only you can read the letters).
 Someone wants to send you a secret letter (message).
 They use your mailbox (the public key) to send the letter.
 Anyone can drop a letter into the mailbox (since the mailbox is
public), but no one can open it except you.
 You receive the letter (message).
 You use your key (the private key) to open the mailbox and read
the letter.
 Only you can open the mailbox because only you have the
private key.
•Public Key (Mailbox): Used by anyone who wants to send you a message
securely.
•Private Key (Key to the Mailbox): Used by you to read the secure message,
and only you have it.
RSA
 RSA was invented in 1977 by Ron Rivest, Adi Shamir, and Leonard
Adelman, hence the name Rivest–Shamir Adleman (RSA).
 This type of public key cryptography is based on the integer
factorization problem, where the multiplication of two large prime
numbers is easy, but it is difficult to factor it (the result of multiplication,
product) back to the two original numbers.
 An RSA key pair is generated by performing the following steps:
1. Modulus generation: Select p and q, which are very large
prime numbers Multiply p and q, n=p.q to generate modulus n
 2. Generate co-prime: Assume a number called e.
 e should satisfy a certain condition; that is, it should be greater
than 1 and less than (p-1) (q-1).
 In other words, e must be a number such that no number other
than 1 can divide e and (p-1) (q-1).
 This is called co-prime, that is, e is the co-prime of (p-1) (q-1).
 Generate the public key:
 The modulus generated in step 1 and co-prime e generated in
step 2 is a pair together that is a public key.
 This part is the public part that can be shared with anyone;
however, p and q need to be kept secret.
 Generate the private key:
 The private key, called d here, is calculated from p, q, and e.
 The private key is basically the inverse of e modulo (p-1) (q-1).
 In the equation form, it is this as follows:
 ed = 1 mod (p-1) (q-1)
The RSA Algorithm
Elliptic Curve Cryptography
 Elliptic Curve Cryptography (ECC) is based on the discrete logarithm
problem founded upon elliptic curves over finite fields (Galois fields).
 The main benefit of ECC over other types of public key algorithms is
that it requires a smaller key size while providing the same level of
security as, for example, RSA.
 Two notable schemes that originate from ECC are ECDH for key
exchange and ECDSA for digital signatures.
Mathematics behind ECC

 An elliptic curve is basically a type of polynomial equation known

as the Weierstrass equation, which generates a curve over a
finite field.
 The most commonly-used field is where all the arithmetic
operations are performed modulo a prime p. Elliptic curve
groups consist of points on the curve over a finite field.
 An elliptic curve is defined in the following equation:
 Here, A and B belong to a finite field Zp or Fp (prime finite field)
along with a special value called the point of infinity. The point of
infinity (∞) is used to provide identity operations for points on
the curve.
 The condition is described in the following equation, which is a
standard requirement that needs to be met. More precisely, this
ensures that the curve is non-singular
Point addition
 Point addition is shown in the following diagram. This is a
geometric representation of point addition on elliptic curves.
 In this method, a diagonal line is drawn through the curve that
intersects the curve at two points P and Q, as shown in the
diagram, which yields a third point between the curve and the
line.
 This point is mirrored as P+Q, which represents the result of the
addition as R.
 This is shown as P+Q in the following diagram
 The group operation denoted by the + sign for addition yields the
following
 In this case, two points are added to compute the coordinates of
the third point on the curve: P + Q = R
 More precisely, this means that coordinates are added, as shown
in the following equation: (x1, y1) + (x2, y2) = (x3, y3)
 The equation of point addition is as follows:
X3 = s2- x1 - x2 mod p
y3 = s (x1 - x3) - y1 mod p
S in the preceding equation depicts the line going through P and Q.
Point doubling
 The other group operation on elliptic curves is called point doubling. This is a
process where P is added to itself.
 In this method, a tangent line is drawn through the curve, as shown in the
following graph.
 The second point is obtained, which is at the intersection of the tangent line
drawn and the curve.
 This point is then mirrored to yield the result, which is shown as
2P = P + P:
 In the case of point doubling, the equation becomes:
Summary of ECC

 In very simple terms, an elliptic curve is a curve on a graph defined by

an equation like this:
 y^2 = x^3 + ax + b Where a and b are constants, and the curve has some
specific properties that make it useful for cryptography.
 The key thing about elliptic curves is that the points on these curves
have special mathematical properties that can be used for encryption
and security.
 In elliptic curve cryptography, point addition and point doubling are
operations that help in creating public keys and performing cryptographic
tasks. These operations work with points on the elliptic curve.

Point Addition:
Point addition is like adding two points on the curve to get a third point, still on
the curve.
•Imagine you have two points, P and Q, on the elliptic curve.
•To "add" them, you draw a straight line through both P and Q. This line will
intersect the curve at a third point.
•Now, you reflect this point across the x-axis, and this new reflected point is the
result of P+Q
Point Doubling:
 Point doubling is a special case of point addition where you add a point
to itself.
 You take a single point P on the curve and double it. In terms of
geometry, you draw the tangent line at P (a line that touches the curve
at only one point, P).
 This tangent line will intersect the curve at a second point. Reflecting
that point over the x-axis gives the result of doubling the point.
Discrete logarithm problem in ECC
 The discrete logarithm problem in ECC is based on the idea that, under
certain conditions, all points on an elliptic curve form a cyclic group.
 On an elliptic curve, the public key is a random multiple of the generator
point, whereas the private key is a randomly chosen integer used to
generate the multiple.
 In other words, a private key is a randomly selected integer, whereas the
public key is a point on the curve.
 The discrete logarithm problem is used to find the private key (an
integer) where that integer falls within all points on the elliptic curve.
 Consider an elliptic curve E, with two elements P and T. The discrete
logarithmic problem is to find the integer d, where 1 <= d <= #E, such
that:

Here, T is the public key (a point on the curve), and d is the private key.
#E represents the order of the elliptic curve, which means the number of points
that are present in the cyclic group of the elliptic curve.
ECC Diffie–Hellman Key Exchange
 Diffie-Hellman (DH) Key Exchange is a cryptographic protocol that allows
two parties to securely exchange a shared secret over an insecure
channel without directly sharing the secret.
 Key Points:
 Purpose: The goal is for two parties (say, Alice and Bob) to agree on a
shared secret key that they can use to encrypt and decrypt messages,
even though their communication channel is insecure (e.g., the internet).
 How It Works:
 Both parties agree on some public parameters (a large prime
number and a base value).
 Each party generates a private key (a secret random number),
and then they compute their public key by applying a
mathematical formula to the base and private key.
 They exchange their public keys over the insecure channel.
 Using their private key and the other party’s public key, both
parties can independently compute the same shared secret.
 Security: The security of Diffie-Hellman relies on the difficulty of
solving the discrete logarithm problem—i.e., given a number, it’s
hard to find the exponent used to generate it.
 Elliptic Curve Cryptography (ECC) uses points on a curve for
encryption.
 Point Addition is adding two points to get another point on the
curve.
 Point Doubling is adding a point to itself to get a new point on
the curve. These operations form the foundation of creating
secure keys and encrypting messages in ECC.
ECC Diffie–Hellman Key Exchange
Hash functions

 Hash functions are used to create fixed-length digests of

arbitrarily-long input strings.
 Hash functions are keyless, and they provide the data integrity
service.
 They are usually built using iterated and dedicated hash function
construction techniques.
 Various families of hash functions are available, such as MD, SHA-
1, SHA-2, SHA-3, RIPEMD, and Whirlpool.
 Hash functions are commonly used for digital signatures and
Message Authentication Codes (MACs), such as HMACs.
 Some applications use hash functions as a means for generating
Pseudo-random Numbers Generator (PRNGs).
Properties of Hash Functions
1. Compression of arbitrary messages into fixed-length digest
2. Easy to compute
3. Preimage resistance
4. Second preimage resistance
5. Collision resistance
6. Message Digest
Properties of Hash Functions
Secure Hash Algorithms

 SHA-0: This is a 160-bit function introduced by NIST in 1993.

 SHA-1: SHA-1 was introduced in 1995 by NIST as a replacement for
SHA-0. This is also a 160-bit hash function. SHA-1 is used commonly in
SSL and TLS implementations. It should be noted that SHA-1 is now
considered insecure, and it is being deprecated by certificate authorities.
Its usage is discouraged in any new implementations.
 SHA-2: This category includes four functions defined by the number of
bits of the hash: SHA-224, SHA-256, SHA-384, and SHA-512.
 SHA-3: This is the latest family of SHA functions. SHA-3-224, SHA-3-
256, SHA-3-384, and SHA-3-512 are members of this family. SHA-3 is
a NIST-standardized version of Keccak. Keccak uses a new approach
called sponge construction instead of the commonly used Merkle-
Damgard transformation.
Secure Hash Algorithms

 RIPEMD: RIPEMD is the acronym for RACE Integrity Primitives

Evaluation Message Digest. It is based on the design ideas used to build
MD4. There are multiple versions of RIPEMD, including 128-bit, 160-
bit, 256-bit, and 320-bit.
 Whirlpool: This is based on a modified version of the Rijndael cipher
known as W. It uses the Miyaguchi-Preneel compression function, which
is a type of one-way function used for the compression of two fixed
length inputs into a single fixed-length output. It is a single block length
compression function.
Applications of Cryptographic Hash Functions
1. Message Authentication
2. Digital Signatures
Message Authentication
 Message authentication is a mechanism or service used to verify the
integrity of a message.
 Message authentication assures that data received are exactly as
sent (i.e., there is no modification, insertion, deletion, or replay).
 When a hash function is used to provide message authentication,
the hash function value is often referred to as a message digest.
 The sender computes a hash value as a function of the bits in the
message and transmits both the hash value and the message.
 The receiver performs the same hash calculation on the message
bits and compares this value with the incoming hash value.
 If there is a mismatch, the receiver knows that the message (or
possibly the hash value) has been altered
Attack Against Hash Function
Variety of ways in which a hash code can be used
Digital Signatures
Design of SHA-256

 Block size is 512-bits, and it has a word size of 32-bits. The output
is a 256-bit digest.
 The compression function processes a 512-bit message block and a
256-bit intermediate hash value. There are two main components of
this function: the compression function and a message schedule.
1. Pre-processing:
1. Padding of the message is used to adjust the length of a block to
512-bits if it is smaller than the required block size of 512-bits.
2. Parsing the message into message blocks, which ensures that the
message and its padding is divided into equal blocks of 512-bits.
3. Setting up the initial hash value, which consists of the eight 32-bit
words obtained by taking the first 32-bits of the fractional parts of the
square roots of the first eight prime numbers. These initial values are
randomly chosen to initialize the process, and they provide a level of
confidence that no backdoor exists in the algorithm.
2. Hash computation:
4. Each message block is then processed in a sequence, and it requires
64 rounds to compute the full hash output. Each round uses slightly
different constants to ensure that no two rounds are the same.
5. The message schedule is prepared.
6. Eight working variables are initialized.
7. The intermediate hash value is calculated.
8. Finally, the message is processed, and the output hash is produced:
One round of a SHA-256 compression function

In the preceding diagram, a, b, c, d, e, f, g, and h are the registers. Maj and Ch

are applied bitwise. Σ0 and Σ1 performs bitwise rotation. Round constants are
Wj and Kj, which are added, mod 232.
 SHA-256 EXAMPLES

Input Hash value

b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee90
hello world
88f7ace2efcde9

GeeksForGe 112e476505aab51b05aeb2246c02a11df03e1187e886f7c55d
eks 4e9935c290ade

0a979e43f4874eb24b740c0157994e34636eed0425688161c
K1t4fo0V
c58e8b26b1dcf4e
 There are two primary applications of hashing:

•Password Hashes: In most website servers, it converts user passwords into a hash
value before being stored on the server. It compares the hash value re-calculated during
login to the one stored in the database for validation.
There are two primary applications of hashing:

•Integrity Verification: When it uploads a file to a website, it also shared its hash as
a bundle. When a user downloads it, it can recalculate the hash and compare it to
establish data integrity.
Merkle trees
Financial markets and trading
 Financial markets enable trading of financial securities such as bonds,
equities, derivatives and currencies. There are broadly three types of
markets: money markets, credit markets, and capital markets:
 Money markets: These are short-term markets where money is lent to
companies or banks to do interbank lending. Foreign exchange or FX is
another category of money markets where currencies are traded.
 Credit markets: These consist mostly of retail banks where they borrow
money from central banks and loan it to companies or households in the
form of mortgages or loans.
 Capital markets: These facilitate the buying and selling of financial
instruments, mainly stocks and bonds. Capital markets can be divided into
two types: primary and secondary markets. Stocks are issued directly by
the companies to investors in primary markets, whereas in secondary
markets, investors resell their securities to other investors via stock
exchanges. Various electronic trading systems are used by exchanges
today to facilitate the trading of financial instruments.
Trading
 A market is a place where parties engage in exchange. It can be either a physical
location or an electronic or virtual location.
 Various financial instruments, including equities, stocks, foreign exchange,
commodities, and various types of derivatives are traded at these marketplaces.
 Recently, many financial institutions have introduced software platforms to
trade various types of instruments from different asset classes.
 Trading can be defined as an activity in which traders buy or sell various
financial instruments to generate profit and hedge risk.
 Investors, borrowers, hedgers, asset exchangers, and gamblers are a few types of
traders.
 There are various ways to transact trades, such as through brokers or directly on
an exchange or Over-The-Counter (OTC) where buyers and sellers trade
directly with each other instead of using an exchange.
 Brokers are agents who arrange trades for their customers. Brokers act on a
client's behalf to deal at a given price or the best possible price.