CRPTOGRAPHY-CH3

Hash Functions & Digital Signatures – Overview

🔹 1. Hash Functions

What is a Hash Function?

A hash function is a mathematical algorithm that takes an input (or message) and produces a xed-
size string of bytes — typically called a hash value, digest

A hash function takes an input (message) and produces a xed-length hash value (digest). ✔ It is
a one-way function, meaning the original input cannot be derived from the hash. ✔ Even a small
change in the input results in a completely different hash.

, or message digest.

Key Properties of Cryptographic Hash Functions:

• Deterministic: Same input always gives the same output.

• Fast Computation: Easy to compute the hash for any input.

• Pre-image Resistance: Given a hash, it should be computationally infeasible to nd the

original input.

• Small Changes Change Output: Even a tiny change in input drastically changes the hash
(Avalanche effect).

• Collision Resistance: It should be very hard to nd two different inputs with the same hash.

Common Hash Algorithms:

• MD5 (deprecated due to weaknesses)

• SHA-1 (obsolete for secure uses)

• SHA-2 family (SHA-256, SHA-512)

• SHA-3 (newer standard)

Uses of Hash Functions:

• Data integrity veri cation (e.g., checksums)

• Password storage (hashed passwords)

• Digital signatures (part of signing process)

• Message authentication codes (MACs)

🔹 2. Digital Signatures

What is a Digital Signature?

fi
fi
fi
fi
fi
 CRPTOGRAPHY-CH3
A digital signature is a cryptographic technique that provides:

• Authentication: Veri es the sender’s identity.

• Integrity: Ensures the message has not been altered.

• Non-repudiation: The sender cannot deny sending the message.

How Digital Signatures Work (Simpli ed):

1. Hash the message using a hash function → get message digest.

2. Encrypt the hash with the sender’s private key → digital signature.

3. Send message + digital signature to the receiver.

4. Receiver decrypts the signature with sender’s public key to get the hash.

5. Receiver hashes the received message independently.

6. Compare both hashes — if they match, the message is authentic and unchanged.

Why Use Hashing in Digital Signatures?

• Ef ciency: Signing the entire message directly is slow.

• Fixed-size hash makes encryption/decryption easier and consistent.

🔸 Summary Table

Concept Purpose How It Works

Hash Create a unique digest of data One-way function producing xed-size output
Function
Digital Verify sender and message Encrypt message hash with private key; verify with
Signature integrity public key

What is Authentication Requirement?

Authentication requirements refer to the criteria and conditions that must be met to verify the identity of a user,
device, or system before granting access to resources or services.

🔑 Key Points of Authentication Requirements:

1. Identity Veri cation

Con rm that the entity (user, device, or system) is who or what it claims to be.

2. Authentication Factors
Typically, authentication relies on one or more of these:

◦ Something you know (password, PIN)

fi
fi
fi
fi
fi
fi
 CRPTOGRAPHY-CH3

◦ Something you have (security token, smart card)

◦ Something you are (biometrics: ngerprint, face recognition)

◦ Sometimes combinations of these (multi-factor authentication)

3. Security Level
Requirements depend on the sensitivity of the system or data:

◦ Low risk: simple password may suf ce.

◦ High risk: strong multi-factor authentication is required.

4. Usability and Convenience

Balancing security with ease of use to avoid frustrating legitimate users.

5. Resistance to Attacks
Requirements to defend against:

◦ Impersonation

◦ Replay attacks

◦ Man-in-the-middle attacks

◦ Credential theft

6. Non-repudiation
In some cases, the authentication mechanism must prevent users from denying their actions.

Example of Authentication Requirements in a System

Requirement Explanation
Use strong passwords Minimum length, complexity rules
Enforce multi-factor Require a password + SMS code or hardware
authentication token
Lock account after failed attempts Prevent brute-force attacks
Use secure transmission Encrypt authentication data (e.g., via TLS)
Biometric veri cation optional Fingerprint or face scan for high-security areas

What is an Authentication Function?

An authentication function is a process or algorithm used by a system to verify the identity of a user, device, or
entity trying to access resources.

Key Points about Authentication Functions:

• Purpose: To con rm that the entity requesting access is who they claim to be.

• Input: Typically includes credentials like passwords, biometric data, security tokens, or cryptographic proofs.
fi
fi
fi
fi
 CRPTOGRAPHY-CH3
• Output: A decision — usually authenticated (success) or not authenticated (failure).

Common Types of Authentication Functions:

Authentication Type How It Works

Password-based Compares entered password (usually hashed) with stored hash
Challenge-Response System sends a challenge; user/device must correctly respond
Compares scanned biometric data ( ngerprint, face) to stored
Biometric Matching
template
Token-based Veri es possession of a physical or software token
Cryptographic
Uses digital signatures, certi cates, or keys to prove identity
Authentication

Simpli ed Example: Password Authentication Function

1. User inputs username and password.

Message Authentication Code (MAC) in Cryptography

A Message Authentication Code (MAC) is a cryptographic technique used to ensure data integrity and
authenticity. It veri es that a message has not been altered and con rms the sender’s identity.

1. How MAC Works

✔ The sender generates a MAC value using a cryptographic algorithm and a shared secret key. ✔ The
MAC is appended to the message before transmission. ✔ The receiver recomputes the MAC using the same
key and compares it to the received MAC. ✔ If the values match, the message is authentic and unaltered;
otherwise, it may have been tampered with.

2. Types of MAC Algorithms

✔ HMAC (Hash-based MAC): Uses a cryptographic hash function (e.g., SHA-256) for authentication. ✔
CMAC (Cipher-based MAC): Uses block ciphers like AES for message authentication. ✔ GMAC (Galois
MAC): Optimized for high-speed authentication in network protocols.

3. Applications of MAC

✅ Secure Communications: Ensures message integrity in TLS, SSL, and VPNs. ✅ Digital Signatures:
Used in authentication protocols for verifying sender identity. ✅ Blockchain Security: Helps prevent
unauthorized modi cations in transactions. ✅ Data Integrity Checks: Ensures les and messages remain
unchanged during transmission.

MAC is essential for cryptographic security, preventing unauthorized modi cations and ensuring trusted
communication
fi
fi
fi
fi
fi
fi
fi
fi
fi
 CRPTOGRAPHY-CH3

Security of Hash Functions & Message Authentication Codes (MACs)

Hash functions and MACs are critical cryptographic tools used to ensure data integrity, authentication, and
security. Their security depends on collision resistance, key secrecy, and cryptographic strength.

1. Security of Hash Functions

✔ One-Way Property: Given a hash value, it should be computationally infeasible to reverse-engineer the original
input. ✔ Weak Collision Resistance: It should be hard to nd two different inputs that produce the same hash. ✔
Strong Collision Resistance: It should be impossible to nd any two inputs that hash to the same value. ✔ Length of
Hash Code: The security level depends on the bit length (e.g., SHA-256 is stronger than MD5).

🔹 Common Attacks on Hash Functions:

• Brute-Force Attacks: Attempting all possible inputs to nd a match.

• Birthday Attacks: Exploiting probability theory to nd collisions faster.

• Cryptanalysis: Using mathematical weaknesses to break the hash function.

2. Security of Message Authentication Codes (MACs)

✔ Key-Based Authentication: MACs use a secret key to verify message authenticity. ✔ Integrity Protection:
Ensures that a message has not been altered during transmission. ✔ Replay Attack Prevention: Prevents attackers
from resending old messages with valid MACs.

🔹 Common MAC Algorithms:

• HMAC (Hash-based MAC): Uses a hash function (e.g., SHA-256) for authentication.

• CMAC (Cipher-based MAC): Uses block ciphers like AES for message integrity.

• GMAC (Galois MAC): Optimized for high-speed authentication in network protocols.

🔹 Common Attacks on MACs:

• Key Recovery Attacks: Attempting to extract the secret key.

• Forgery Attacks: Trying to generate a valid MAC without knowing the key.

• Brute-Force Attacks: Testing all possible keys to nd a match.

3. Best Practices for Secure Hash Functions & MACs

✅ Use Strong Hash Functions: Prefer SHA-256 or SHA-3 over weaker algorithms like MD5. ✅ Use Long Keys
for MACs: Ensure 128-bit or higher key lengths for security. ✅ Implement Salting: Add random data to inputs
before hashing to prevent dictionary attacks. ✅ Regularly Update Cryptographic Standards: Follow NIST
recommendations for secure algorithms.

Hash functions and MACs are essential for cryptographic security, preventing unauthorized modi cations and
ensuring trusted communication
fi
fi
fi
fi
fi
fi
 CRPTOGRAPHY-CH3

MD5 – Message-Digest Algorithm

MD5 (Message-Digest Algorithm 5) is a widely used cryptographic hash function that produces a 128-bit
hash value from an input of any length. It was designed by Ronald Rivest in 1991 as an improvement over
MD4.

1. How MD5 Works

✔ Takes an input message and processes it into a xed-length 128-bit hash. ✔ Uses a series of bitwise
operations (AND, OR, XOR, NOT) to transform data. ✔ Applies padding to ensure the input length is a
multiple of 512 bits. ✔ Processes data in 4 rounds, using different functions for each round.

2. Applications of MD5

✅ Data Integrity Checks: Used to verify le integrity during downloads. ✅ Password Hashing:
Previously used for storing passwords (now considered insecure). ✅ Digital Signatures: Helps verify
authenticity in non-critical applications. ✅ Checksum Veri cation: Ensures data consistency in software
distribution.

3. Security Concerns

❌ Collision Vulnerabilities: Two different inputs can produce the same hash. ❌ Weak Against
Cryptanalysis: Susceptible to brute-force and birthday attacks. ❌ Not Recommended for Cryptographic
Security: Replaced by stronger algorithms like SHA-256.

MD5 is still used for non-cryptographic purposes, such as checksums and partitioning databases, but it
is no longer considered secure for encryption

SHA – Secure Hash Algorithm

SHA (Secure Hash Algorithm) is a family of cryptographic hash functions designed to ensure data
integrity and security. It is widely used in encryption, digital signatures, and blockchain technology.

1. How SHA Works

✔ Takes an input message and produces a xed-length hash value. ✔ One-way function: The original
input cannot be derived from the hash. ✔ Avalanche Effect: Even a small change in the input results in a
completely different hash.

🔹 Example:

• Hashing "Hello" with SHA-256 →

2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c...

• Hashing "hello" (lowercase) → 5d41402abc4b2a76b9719d911017c592

2. Types of SHA Algorithms

✔ SHA-1: Produces a 160-bit hash (deprecated due to security vulnerabilities). ✔ SHA-2: Includes
SHA-256, SHA-512, SHA-224, and SHA-384, offering stronger security. ✔ SHA-3: A modern alternative
with enhanced cryptographic strength.
fi
fi
fi
fi
 CRPTOGRAPHY-CH3

3. Applications of SHA

✅ Data Integrity: Ensures les and messages remain unchanged. ✅ Digital Signatures: Used in
authentication protocols. ✅ Blockchain Security: Helps verify transactions in Bitcoin and Ethereum. ✅
Password Hashing: Protects stored credentials in databases.

SHA is essential for cryptographic security, preventing unauthorized modi cations and ensuring trusted
communication.

HMAC – Hash-Based Message Authentication Code

HMAC (Hash-Based Message Authentication Code) is a cryptographic technique used to ensure data
integrity and authenticity. It combines a hash function with a secret key to verify that a message has not
been altered during transmission.

1. How HMAC Works

✔ The sender generates a MAC value using a cryptographic hash function and a shared secret key. ✔ The
MAC is appended to the message before transmission. ✔ The receiver recomputes the MAC using the same
key and compares it to the received MAC. ✔ If the values match, the message is authentic and unaltered;
otherwise, it may have been tampered with.

2. Key Features of HMAC

✔ Uses a Secret Key: Unlike regular hash functions, HMAC requires a shared secret key for
authentication. ✔ Resistant to Length Extension Attacks: Provides better security than simple hash
functions. ✔ Supports Multiple Hash Algorithms: Works with SHA-256, SHA-512, MD5, and other
cryptographic hashes.

3. Applications of HMAC

✅ Secure Communications: Used in TLS, SSL, and VPNs for message integrity. ✅ Digital Signatures:
Helps verify authenticity in authentication protocols. ✅ Blockchain Security: Ensures transaction integrity
in cryptocurrencies. ✅ API Authentication: Used in OAuth and secure API requests.

HMAC is essential for cryptographic security, preventing unauthorized modi cations and ensuring trusted
communication.

What is CMAC?
CMAC stands for Cipher-based Message Authentication Code. It is a cryptographic technique used to
provide message authentication and integrity by generating a xed-size authentication tag (MAC) from a
message using a symmetric key block cipher like AES.

Key Features of CMAC

✔ Stronger Security: Provides better protection than older MAC techniques like CBC-MAC. ✔ Fixed-
Length Output: Ensures consistency in authentication checks. ✔ Ef cient Computation: Works well in
fi
fi
fi
fi
fi
 CRPTOGRAPHY-CH3
hardware and software implementations. ✔ Resistant to Attacks: Prevents message forgery and substitution
attacks.

3. Applications of CMAC

✅ Secure Communications: Used in TLS, SSL, and VPNs for message integrity. ✅ Digital Signatures:
Helps verify authenticity in authentication protocols. ✅ Blockchain Security: Ensures transaction integrity
in cryptocurrencies. ✅ Embedded Systems: Used in IoT and secure hardware applications

Purpose of CMAC

• To verify that a message has not been altered (integrity).

• To con rm the message comes from someone who knows the secret key (authentication).

• CMAC is designed to be secure and ef cient, especially when a block cipher is already available.

How CMAC Works (Simpli ed):

1. Input: The message and a secret key.

2. The message is divided into blocks matching the block size of the cipher (e.g., 128 bits for AES).

3. A series of block cipher encryptions and mathematical operations (XOR, shifts) are applied on
these blocks.

4. The nal output is a xed-size MAC tag, usually the size of the cipher block.

5. This MAC tag is sent along with the message.

6. The receiver performs the same CMAC process with the shared secret key and compares the
resulting MAC tag with the received tag. If they match, the message is authentic and unaltered.

Why Use CMAC?

• Stronger than simple CBC-MAC: CMAC xes weaknesses of CBC-MAC when used with
variable-length messages.

• Based on standard block ciphers: It uses well-analyzed ciphers like AES, making it easy to
implement.

• Widely standardized: CMAC is speci ed in NIST Special Publication 800-38B.

Comparison with HMAC

Feature CMAC HMAC

Underlying
Block cipher (e.g., AES) Hash function (e.g., SHA-256)
Primitive
Ef cient if hardware supports block Ef cient with fast hash
Ef ciency
ciphers functions
Security Basis Security relies on block cipher strength
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
 CRPTOGRAPHY-CH3

What is DSS?
DSS stands for Digital Signature Standard. It is a federal standard for digital signatures, which
are used to verify the authenticity and integrity of digital messages or documents.

Purpose of DSS

• To provide a method for signing data electronically so the receiver can verify the sender's
identity and that the message hasn't been altered.

• To replace handwritten signatures in digital communications, providing security and trust.

Key Components of DSS:

1. Digital Signature Algorithm (DSA):

The main algorithm speci ed in DSS for generating and verifying digital signatures.

2. Hash Functions:
Before signing, the data is hashed (commonly using SHA-1 or SHA-2) to produce a xed-
size message digest.

3. Public and Private Keys:

DSS uses asymmetric cryptography with a private key for signing and a public key for
veri cation.

How DSS Works (Simpli ed):

1. The sender hashes the message using a secure hash function.

2. The hash is signed using the sender’s private key with the Digital Signature Algorithm.

3. The signature and message are sent to the receiver.

4. The receiver hashes the received message and uses the sender’s public key to verify the
signature.

5. If veri cation passes, the message is authentic and unaltered.

Applications of DSS

• Secure email

• Software distribution and updates

• Legal documents

• Financial transactions
fi
fi
fi
fi
fi
 CRPTOGRAPHY-CH3

🔐 What is ElGamal?

Schnorr