Hash functions – All you need to know


Unkeyed cryptographic hash functions are a type of a cryptographic algorithm that takes an input (often referred to as a message) and produces a fixed-size output called a hash value or digest. The key characteristic of an unkeyed hash function is that it operates without the use of a secret key.

Characteristics & Key Points

The key points about unkeyed cryptographic hash functions:

  1. Deterministic: Given the same input, the hash function will always produce the same output. Even a small change in the input will result in a significantly different hash value. This is also called the Avalanche-Effect.
  2. Fixed-size output: The hash function generates a fixed-length output, regardless of the size of the input. For example, the widely-used SHA-256 algorithm produces a 256-bit (32-byte) hash value.
  3. One-way function: It is computationally infeasible to reverse the process and determine the original input from the hash value alone. The hash function is designed to be a one-way function, providing a high level of collision resistance.
  4. Collision resistance: The likelihood of two different inputs producing the same hash value (a collision) should be extremely low. A secure hash function aims to minimize the probability of collisions.

Unkeyed hash functions are commonly used in various cryptographic applications, including data integrity verification, digital signatures, password hashing, and secure storage of sensitive information. They provide a convenient way to verify data integrity and ensure the authenticity of messages without requiring the use of a secret key.

Well known unkeyed hash functions

Several unkeyed hash functions have gained popularity over the years due to their security, efficiency, and widespread adoption. The most commonly used unkeyed hash functions are:

  1. SHA-1 (Secure Hash Algorithm 1): SHA-1 was widely used in the past but is now considered insecure for many applications due to vulnerabilities. It produces a 160-bit hash value.
  2. SHA-2 (Secure Hash Algorithm 2): SHA-2 includes multiple hash functions, such as SHA-224, SHA-256, SHA-384, and SHA-512. These are considered secure and are widely used. They produce hash values of different lengths (224, 256, 384, and 512 bits).
  3. SHA-3 (Secure Hash Algorithm 3): SHA-3 is the latest member of the Secure Hash Algorithm family. It was designed as a successor to SHA-2 and offers improved security. It includes hash functions like SHA3-224, SHA3-256, SHA3-384, and SHA3-512, which produce hash values of different lengths.
  4. MD5 (Message Digest Algorithm 5): MD5 was widely used in the past but is now considered insecure due to vulnerabilities. It produces a 128-bit hash value.
  5. BLAKE2: BLAKE2 is a cryptographic hash function that is faster than most other hash functions while providing strong security. It offers variations with different output sizes, such as BLAKE2b (up to 512 bits) and BLAKE2s (up to 256 bits).

The difference between keyed and unkeyed hash functions

As mentioned above, the main difference between keyed and unkeyed hash functions lies in the presence or absence of a secret key.

  1. Keyed Hash Functions: In keyed hash functions, an additional secret key is used along with the input message. The key is typically a fixed-length value known only to the sender and recipient. The key is combined with the message using a specific algorithm, and the resulting hash value depends not only on the input message but also on the secret key. This means that the same message, when hashed with different keys, will produce different hash values.
  2. Unkeyed Hash Functions: Unkeyed hash functions, as explained earlier, do not require a secret key. The hash function operates solely on the input message, without any additional key information. The resulting hash value is solely based on the properties and design of the hash function itself.

The use of a secret key in keyed hash functions introduces an additional layer of security, allowing for authentication, integrity verification, and message authentication codes (MACs). Keyed hash functions are often used in scenarios where data needs to be securely transmitted or stored, and where the authenticity and integrity of the data are crucial.

On the other hand, unkeyed hash functions are widely used for various purposes. These are data integrity checks, digital signatures, and password storage. They provide a fast and efficient way to generate fixed-size hash values that uniquely represent the input data, without the need for a secret key.

Well known keyed hash functions

Here are some examples of commonly used keyed hash functions.

  1. HMAC (Hash-based Message Authentication Code): HMAC is a widely used construction that combines a cryptographic hash function (such as SHA-256 or SHA-3) with a secret key. It provides a secure way to generate a keyed hash function. HMAC can provide integrity and authenticity of a message, allowing the receiver to verify that the message has not been tampered with and originated from the expected sender.
  2. CMAC (Cipher-based Message Authentication Code): CMAC is a block cipher-based message authentication code that uses a symmetric key. It is derived from the CBC-MAC construction and provides security against chosen plaintext and chosen ciphertext attacks. AES-CMAC is a popular variant that uses the AES block cipher.
  3. SipHash: SipHash is a family of keyed hash functions designed to be efficient and secure. It takes a 128-bit secret key and operates on 64-bit chunks of data. SipHash is known for its resistance against hash flooding attacks and is often used in applications where hash table security is important.
  4. GMAC (Galois Message Authentication Code): GMAC is a mode of operation for block ciphers that provides both confidentiality and authenticity. It uses a secret key and is commonly used in authenticated encryption schemes, such as AES-GCM (Galois/Counter Mode).

These are just a few examples of keyed hash functions. Each of these constructions combines a cryptographic hash function with a secret key to provide authentication and integrity for messages or data. The specific choice of a keyed hash function depends on the security requirements, performance considerations, and compatibility with the application or protocol being used.

More to explore

Cryptographic hash function, https://en.wikipedia.org/w/index.php?title=Cryptographic_hash_function&oldid=1163954720