College of Engineering

Salahaddin University-Erbil
Academic Year 2019-2020

Cryptography
Hash Functions

Student Name: Xaliss Jamal Omer

Student Code: SE2026
Class: 2nd Year / Group : B
Course Title: Linear Algebra
Department: Software and Informatics

Subject name: Linear Algebra

Lecturer name: Ghassan qattan

Std code Full name Class Group Marks

SE2026 Xaliss Jamal Omer 2 B

1
 ABSTRACT
Cryptographic hash function has become a vital part in many applications.
World of cryptocurrency trusts heavily on these cryptographic hash
functions. Other uses are digital signature, verifying unique or duplicate
records, also helpful in data sleaze. In secular, it takes an input, process it
and products a digest which is fixed size alphanumeric string, not
understandable by human being. There are some ancient and new versions
of cryptographic hash functions current.MD5 AND SHA1 are older ones
and SHA3, BLAKE2, TIGER is a few of the newer versions. during this
report we are visiting discuss these hash function, depending upon their
characteristics, vulnerabilities and strengths, one in every of them will be
decided to use for a data-oriented company. Essentially, the older one’s
MD-5 hashing algorithm remainders generally utilized however,
cryptographically defective because it can infer collision. MD-5 is broken
dueto collision, however not in respect of preimages or second preimages.

The main attack on MD-5 were done in 1996, this attack was done on the
density of MD-5 not on MD-5 itself. Hypothetical attack was created in
year 2004.

But in real the attacks done on MD-5 are way too slow to reduction its
value. SHA-1 hashing algorithm is cryptographically defective but the
properties which we need in password hashing algorithm are still applied. It

2
tortuously means whatever “password hashing algorithm” which are built
according to the SHA-1 are secure.

So, firms which are using this algorithm feel secure finds no reason to alter
to something new. SHA3 (keccak) fresher algorithm beaten other new
algorithm Blake during a competition hosted by national institute of
standards and technology, reason being not designed specifically for ASIC
mining. The newer versions are probably good and can be briefed within
the upcoming paragraphs. Depending upon my report , I would suggest
using SHA3 for the data-oriented company.

3
 TABLE OF CONTENTS

Abstract 2

Table of Contents 4

Introduction 5

Background & Review 7

Practice Problems on Hashing 10

Methods
12

Theory / Design / Outcomes

14

Conclusion
19

References
20

4
 INTRODUCTION

Cryptographic hash functions are essential building blocks that are used
inside many different cryptographic algorithms and protocols. There are a
number of critical applications in the field of information security. So,
some of the public algorithms that are known to be a cryptographic hash
function include SHA-1, SHA-3, BLAKE2, TIGER, MD5 which is
probably one of the most common one. MD5 also have some predecessors
namely MD4. There’s also a successor to MD5 known as MD6. But
essentially, MD5 is amongst the more popular ones.

Essentially, cryptographic hash function is a function which deviations the

input to an output which is hard to recognize. It deviations the input to the
fixed size alphanumeric string. And the output is named the string value,
digital fingerprints, digest, message or checksum.

There are three key characteristics of hash function specified down below:

1. For a given input, it is very easy to modify it through hash function.

2. For the generated output, it is very difficult to calculate an
alphanumeric string.
3. For two slightly different message, their hash will be totally
different.

Input of any distance can be fed to the hash function and it will produce
alphanumeric text of fixed length which acts as a signature for the
providing input. Afterward, the person who gets the message digest doesn’t
know the real message, however the person who originally knew the
message can only tell the digest is made from the same message or not.
5
A cryptographic hash function must be as random as could sensibly be
expected, while it is as yet deterministic and calculatable effectively. From
a cryptographic viewpoint, a cryptographic hash work is considered
uncertain if below mentioned points are measurable:

1. Find a message (already not seen) that relays to a given hash value.

2. Find ” collision ” that have a like hash value for two unique messages.

The above two methods can be used by the attacker to modify the original
message with an authorized message. Rather, two unique messages whose
digests (hash value) are comparable ought to be not found. Visibly, the
attacker learns somewhat like one snippet of data, the digest itself, which
enables the attacker to perceive whether a similar message occurred. MD5
and SHA-1 are the two most usually utilized hash functions for various
standards and applications. Security faults are appearing, there could be a
imaginable scientific shortcoming, and a more grounded hash functions is
recommended. In 2007, the National Institute of Standards and Technology
gave a test to work on hash called SHA-3, outcome were really remarkable,
lot of algorithms are available today with better functionality.

6
 BACKGROUND & REVIEW

What is Hashing?
Let’s try to imagine a fantasy state here. Suppose, you want to send a
message/file to someone and it is of absolutely authoritative that it reaches
its intended receiver in the exact same format. How would you do it? One
option is to send it multiple times and verify that it wasn’t tampered with.
But, what if the message is too long? What if the file measures in
Gigabytes? It would be utterly absurd, unworkable and quite frankly boring
to verify every single letter, right? Well, that’s where Hashing arises into
play.
Using a chosen hash algorithm, data is crushed to a fixed size. Let’s
understand this with an example. If we take the sentence “Donkeys live a
long time” and smear the joaat hash algorithm to it, we will get 6e04f289.
This value is recognized as a hash.
Hashes are highly suitable when you want to recognize or compare files or
databases. Rather than linking the data in its original form, it’s much easier
for computers to relate the hash values. Whether it’s storing passwords, or
in computer illustrations, or in SSL certificates…Hashing does it all.
Essentially, Hashing is defined by two distinct characteristics
– irreversibility and inimitability. Irreversibility points to the fact that once
you hash somewhat, there is no way back. Unlike Encryption and
Encoding, you can’t simply de-hash a message/data. Unique, because no
two hash values are ever the similar for two different pieces of data. If two
hashes are initiate to be the same for two different pieces of data, it’s
termed a ‘hash collision’ and that algorithm becomes useless.

7
As we discussed, a hash function lies at the core of a hashing algorithm.
But, to get the hash value of a pre-set distance, you first need to divide the
input data into fixed sized blocks. This is because a hash function receipts
in data at a fixed-length. These blocks are called ‘data blocks.’ This is
established in the image below.

The size of the data blocks varies from one algorithm to another. But for a
particular algorithm, it remnants the same. For example, SHA-1 takings in
the message/data in blocks of 512-bit only. So, if the message is precisely
of 512-bit length, the hash function runs only once (80 rounds in case of
SHA-1).

Likewise, if the message is 1024-bit, it’s divided into two blocks of 512-bit
and the hash function is run twice.

8
Still, 99 percent of the time, the message won’t be in the multiples of 512-
bit. For such cases (almost all cases), a method called padding is used.
Using a padding method, the entire message is divided into fixed-size data
blocks.

The hash function is recurrent as many times as the number of data blocks.
This is how it’s done:

As shown overhead, the blocks are processed one at a time. The output of
the first data block is fed as input lengthways with the second data block.
Consequently, the output of the second is fed along with the third block and
so on. Thus, we are creation the final output the joint value of all the
blocks. If you modification one bit anywhere in the message, the entire
hash value changes. This is called the 'avalanche effect.'

Popular Hashing Algorithms

 Message Digest (MD) Algorithm
 Secure Hash Algorithm (SHA)
 RACE Integrity Primitives Estimation Message Digest (RIPEMD)
 Whirlpool
 RSA

9
Practice Problems on Hashing

Q1/ Given the resulting input (4322, 1334, 1471, 9679, 1989, 6171, 6173,
4199) and the hash function x mod 10, which of the resulting statements
are true?
i. 9679, 1989, 4199 hash to the same value
ii. 1471, 6171 has to the same value
iii. All elements hash to the same value
iv. Each element hashes to a different value
(A) i only
(B) ii only
(C) i and ii only
(D) iii or iv

Solution: Using given hash function h(x) = x mod 10

h(9679) = 9679 % 10 = 9
h(1989) = 1989 % 10 = 9
h(4199) = 4199 % 10 = 9
h(1471) = 1471 % 10 = 1
h(6171) = 6171 % 10 = 1

As we can see, 9679, 1989 and 4199 hash to same value 9. Also, 1471 and
6171 hash to same value 1. Therefore, statement (i) and (ii) are correct
which match with option (C).

10
Q2/ Which one of the resulting hash functions on integers will distribute
keys most uniformly over 10 buckets numbered 0 to 9 for i ranging from 0
to 2020?
(A) h(i) =i^2 mod 10
(B) h(i) =i^3 mod 10
(C) h(i) = (11 ∗ i^2) mod 10
(D) h(i) = (12 ∗ i) mod 10

Solution: In uniform delivery, the function evenly distributes keys into

slots of hash table.
For given hash functions, we have calculated hash values for keys 0 to 9 as:

As we can see from the table, i^3 mod10 is allocating evenly from indexes
0 to 9. Other functions have not utilized all indexes.

11
 METHODS

Hash usage examples:

Hash functions have a large style of security uses, such as:

Message Authentication

Mechanism or service accustomed verify the integrity of a message;

ensures that the data received is that the same because the message sent
(without modification, insertion, deletion or replay).

Digital signatures

The summary value of a message is encoded with the sender’s private key,
any user who has the general public key can verify the integrity of the
message that's related to the digital signature.

Password file

A summary of a password is stored in a file of the operating system instead

of storing the password, just in case the password file is violated, the
attacker will only be ready to obtain the hash of the password.

12
Detection of intruders and viruses

For each F file of the system, the hash H(F) is additionally stored, if there's
any change in F, it'll be perceived;

Blockchain

The data within the blockchain are “hashes” in each block. If the block
changes, ie someone tried to alter what number bitcoins, for instance, they
had or how much they should send, the hash value would vary and
everybody could detect that something has changed.

The hash value of the previous block is used to calculate the hash value of
this block, creating a link between the blocks.

Examples of algorithms through a link to their hash implementations are:

SHA-1; insecure

SHA-256;

MD5; insecure

13
 THEORY / DESIGN / OUTCOMES

Hash function is used for number of applications, non only for the
cryptography. It also contains practical applications such as authentication,
digital signature, message integrity check, cryptocurrency, data corruption
and various other application.

1-MD5 HASH FUNCTION 

MD5 is one of the commonly utilized hashing algorithm created by Ronald
Rivest in 1991. MD5 is a successor of MD4. MD-5 is broken due to
crashes, yet not in deference of pre-image or second pre-image. It products
128 bits, a stable length hash value. In 1996 attacks on MD-5 were
dispersed.

MD5 ALGORITHM:

The following process shows the working of MD5 algorithm: 

1. Make message digest.

2. Append message digest to pure text.
3. Send to receiver.
4. Receiver will again generate message digest.
5. Make message digest and appended message digest 4 & 1 will be
compared.

14
 If both message digest are same means, there is no change done during the
transmission. Plain text is treated in 512 bit & blocks. If the distance is less
than 512 some padding bits are to be appended.

Following shows the process for

hashing:

1. Append padding bits.

2.  Append 64-bit representation of plain text.

Now plain text distance = multiples of 512 bits

3. Initialize the MD buffer (use to store the o/p of each buffer is of size 32 bits)

Output of message digest = 128 bits

Buffer required = 4 buffers (A, B, C, D).

4. Process each of 512 bits.

5. Output (message digest in buffers).

 GOOD POINTS OF MD5

 It runs fast computation.

 Latest one is collision confrontation.
 Being old, it is still in widespread use
 It runs a one-way hash
15
BAD POINTS OF MD5

 Has identified for security errors and vulnerabilities

 Works really well but is fewer secure than the SHA-1 algorithm

2-SHA-3 HASH FUNCTION:

SHA-3 (Secure Hash Algorithm 3) is the most new member from the
Secure Hash Algorithm group, designed by NIST on August 5, 2015.
Although part of a like algorithm, SHA-3 is unique in relation to the MD5-
like building of SHA-1 and SHA-2. SHA-3 is a subsection of the more
wide cryptographic family Keccak planned by Guido Bertoni, Joan
Daemen, Michaël Peeters, and Gilles Van Assche. Keccak’s creators have
planned extra uses for the function, not (yet) established by NIST, a
confirmed encryption framework, a “tree” hashing plan for quick hashing
on certain architectures, AEAD ciphers Keyak and Ketje.

GOOD POINTS OF SHA-3:

 Fast in hardware
 Huge security margin because of high rounds.

BAD POINTS OF SHA-3:

 Slow in software
 Because of its speed attacker can try on lots of software uniform if
salt is applied.

16
3-BLAKE2 HASH FUNCTION:

The cryptographic hash function BLAKE2, an improved version of the

SHA-3, finally BLAKE improved the speed in programming. An improved
BLAKE2 comes with the following properties:

• Quicker than MD5 on 64-bit Intel platforms

• 32% less RAM required than BLAKE

• Minimal padding, which is faster to implement.

• Direct help, with no above, of

     Parallelism for very quick hashing on multicore or SIMD CPUs

     Tree hashing for apprise or update of huge file

     Prefix-MAC for authentication that is less complex and faster than
HMAC

     Personalization for characterizing a unlike hash function for every

application

17
GOOD POINTS OF BLAKE2:

 1.3 to 1.7 times quicker in software

 Best for 512-bit digest
 Lower round count but still recall the expected security
 Blake2b superior special for password based key derivation function.

4-TIGER HASH FUNCTION:

This hash function was designed in 1995 by ROSS ANDERSON and ELI
BIHAM mainly for 64-bit platforms. The tiger hash value contains of 192
bits. Other abridged versions of the tiger hash functions are Tiger/128 and
Tiger/160. These versions can be used with protocols difficult a particular
hash size. The summary size are as follows 192,128,160 and there are 24
rounds in this algorithm. Tiger 2 optional is a optional where a byte is first
appended to the hexadecimal value of =0X80, just like in MD5, MD4 and
0X01. Else the two variants are perfectly identical.

18
 CONCLUSION

In this report, Hash Functions has been briefly explained. How unlike hash
algorithm came in being when attacks on such algorithms became
common. All algorithm has some good points and some bad points. Get
together all the bits and pieces I would advise using BLAKE2 hash
function for the data-oriented company. As it is an improved version of
SHA3 hash function and significantly quicker than MD5. It is also existing
for 32- and 64-bit platforms. It is noticeably quicker in both software and
hardware. Also, it is resilient to collision attack which MD5 is not. Though
there are some theoretical claims that cryptographic hash functions lands
into inadvertent collision. Hence it is just theoretical only. Because in the
long term it hasn’t occurred to RIPEMD, SHA-256, TIGER. So, it cannot
be said that BLAKE2 will have intended collision as it is lot stronger than
above mentioned hash functions.

19
 REFERENCES

1) Moffat, D. J., & Hughes, J. P. (2012). U.S. Patent No. 8,218,759.

Washington, DC: U.S. Patent and Trademark Office.
2) Cryptographic hash function. (2019). Retrieved
from https://www.investopedia.com/news/cryptographic-hash-
functions/
3) Wang, X., & Yu, H. (2005, May). How to break MD5 and other hash
functions. In Annual international conference on the theory and
applications of cryptographic techniques (pp. 19-35). Springer,
Berlin, Heidelberg.
4) Deepakumara, J., Heys, H. M., & Venkatesan, R. (2001). FPGA
implementation of MD5 hash algorithm. In Electrical and Computer
Engineering, 2001. Canadian Conference on (Vol. 2, pp. 919-924).
IEEE.
5) SHA3-256 Online. (2019). Retrieved
from https://emn178.github.io/online-tools/sha3_256.html
6) function? W. (2019). Why is SHA-3 a Sponge function? Retrieved
from https://crypto.stackexchange.com/questions/56346/why-is-sha-
3-a-sponge-function
7) BLAKE2? W., & Frame, R. (2019). What advantages does
Keccak/SHA-3 have over BLAKE2? Retrieved
from https://crypto.stackexchange.com/questions/31674/what-
advantages-does-keccak-sha-3-have-over-blake2
8) BLAKE (hash function). (2019). Retrieved
from https://docs.decred.org/research/blake-256-hash-function/
9) Aumasson, J. (2019). Why Replace SHA-1 with BLAKE2?
Retrieved
from https://research.kudelskisecurity.com/2017/03/06/why-replace-
sha-1-with-blake2/
20
21