Sie sind auf Seite 1von 8

Introduction to Cryptology

Week 4 Lecture 1
Sugata Gangopadhyay
Department of Computer Science and Engineering
Indian Institute of Technology Roorkee

Cryptographic Hash Functions


A
hash function

can be thought of as a function from a


(possibly infinite) set to a finite set, typically a set of all -bit
words . That is
.

Suppose is some data and is the hash value of .


If the hash function is secure then given the pair it should
be computationally infeasible to obtain , such that
Thus a hash function provides assurance of data integrity.

Hash Family
Instead of a single hash function it is possible to
consider a family of hash functions whose elements are
individual hash functions determined by keys belonging
to a predetermined key space.
Formal Definition: A hash family is a four-tuple where
the following conditions are satisfied:
is a set of possible messages.
is a finite set of possible message digests or authentication
tags.
, the key-space, is a finite set of possible keys.

Some notations and terminologies


can be finite or infinite. is always finite.
If is finite then a hash function is also called a compression function.
Elements of are called message digests or authentication tags.
The number of elements in
elements in , that is, .

is always greater than the number of

A pair is said to be a valid pair under the key if .

Some notations and terminologies


Let denote the set of all functions from to .
Suppose and .
.
Any hash family is called an -hash family.

Security of Hash Functions


If a hash function is to be considered secure, the
following problems must be difficult to solve assuming
that we have access to .
Preimage: Given , find such that .
Second Preimage: Given an element , find such that and .
Collision: Find such that and .

Security of Hash Functions


For a hash function
If Preimage cannot be efficiently solved, then it is said to be
a preimage resistant function or a one-way function.
If Second-Preimage cannot be efficiently solved, then it is
said to be a second preimage resistant function.
If Collision cannot be efficiently solved, then it is said to be a
collision resistant function.

Random Oracle Model


A mathematical model of an ideal hash function is
provided by the Random Oracle model which was
introduced by Bellare and Rogaway.
We say that a hash function satisfies the random oracle
model if given any as input to (i.e., given any query )
the image is equivalent to a random response chosen
uniformly from the set .
We also say that the hash function
random oracle.

behaves as a

We say that we have oracle access to a hash function if