Hash Signatures: Difference between revisions

Hash Functions and Digital Signatures are the tools used to ensure the Integrity and Authenticity of digital information. While encryption is about keeping secrets, hashing is about "Digital Fingerprints." A hash function takes any amount of data and turns it into a short, unique string of characters. If even one letter of the data changes, the hash changes completely. Digital signatures combine this fingerprinting with Public-Key Cryptography to prove that a file hasn't been tampered with and that it really came from the person who claimed to send it. They are the "Seal of Trust" for the digital world.

Remembering

• Hash Function — An algorithm that converts an input of any size into a fixed-size string of characters (e.g., SHA-256).
• Digest — The output of a hash function; the "Fingerprint" of the data.
• Collision — A rare and dangerous event where two different inputs produce the same hash output.
• SHA-256 — The most common secure hash algorithm today (used in Bitcoin and SSL).
• One-Way Property — It is easy to create a hash from data, but impossible to recreate the data from a hash.
• Avalanche Effect — A property where a small change in input (like one bit) causes a massive change in the output.
• Salt — Random data added to a password before hashing to prevent "Rainbow Table" attacks.
• Digital Signature — A mathematical scheme for demonstrating the authenticity of a digital message.
• Non-Repudiation — The inability of a sender to deny that they sent a message (because only their private key could have signed it).
• Message Authentication Code (MAC) — A hash that uses a secret key to prove that a message hasn't been changed by a hacker.
• Merkle Tree — A structure of hashes used to efficiently verify the integrity of large datasets (like a blockchain).
• MD5 / SHA-1 — Older hash functions that are now considered "Broken" because computers can find collisions too easily.

Understanding

Hashing is understood through Fingerprinting, while signatures are about Ownership.

1. The Three Rules of a Good Hash:

• Deterministic: The same input must always produce the same hash.
• Efficient: It must be fast to calculate.
• Pre-image Resistant: You can't "Reverse" the hash. If you see `a1b2c3`, you have no way to know if it came from a 10GB movie or the word "Hello."

2. The Digital Signature Process: To sign a 100-page contract: 1. Alice Hashes the contract to get a short "Digest." 2. Alice Encrypts the digest with her Private Key. This is the "Signature." 3. Bob receives the contract and the signature. 4. Bob Decrypts the signature with Alice's Public Key to get the digest. 5. Bob Hashes the contract himself. 6. If the two digests match, Bob knows: (A) The contract wasn't changed, and (B) Only Alice could have signed it.

3. Why not sign the whole file?: Public-key math is very slow. Signing a 1GB video would take minutes. Hashing the 1GB video takes seconds, and signing the tiny 256-bit hash takes milliseconds. This is why we always "Hash then Sign."

Rainbow Tables: These are pre-computed lists of common passwords and their hashes. If a hacker steals a database of hashes, they can just look them up. This is why we use Salt—adding a random string like "x9!z" to every password so that every "123456" results in a completely different, unique hash.

Applying

Modeling 'The Integrity Check' (How Hashing works): <syntaxhighlight lang="python"> import hashlib

def get_file_fingerprint(data_string):

   """
   Creates a SHA-256 hash of a string.
   """
   return hashlib.sha256(data_string.encode()).hexdigest()

original = "Pay Alice $100" tampered = "Pay Alice $900"

print(f"Original Hash: {get_file_fingerprint(original)}") print(f"Tampered Hash: {get_file_fingerprint(tampered)}")

1. Note how the two hashes are completely different,
2. even though only one digit changed!

</syntaxhighlight>

Signature Landmarks

Blockchain (Bitcoin) → Every block contains the hash of the previous block; if you change one transaction in history, every hash in the future "breaks," making it impossible to cheat.

Software Updates → When your phone downloads an update, it checks the digital signature to ensure it really came from Apple or Google and not a virus.

Git (Version Control) → Every commit in Git is named after its hash; this ensures that your source code can never be silently corrupted.

Password Storage → Websites never store your actual password; they only store the hash. When you log in, they hash your input and see if it matches the stored fingerprint.

Analyzing

The Concept of "Collision Resistance": There are an infinite number of possible files, but only a finite number of possible 256-bit hashes. This means that mathematically, two files must share a hash. However, a "Secure" hash function makes it so difficult to find those two files that it would take all the computers on Earth billions of years to do it. Analyzing the "Math of Collisions" is how we decide when to retire an old hash like SHA-1.

Evaluating

Evaluating a hash/signature system: (1) Bit-Strength: Is the hash long enough (e.g., 256 bits is the standard, 128 is too weak)? (2) Algorithmic Security: Has anyone found a "shortcut" to find collisions faster than brute force? (3) Timestamping: Does the signature include a "Time" to prove when it was signed (to prevent someone from reusing an old signature)? (4) Key Revocation: If Alice's private key is stolen, is there a way to "Cancel" all her old signatures?

Creating

Future Frontiers: (1) Quantum-Resistant Hashes: Unlike RSA, most hash functions are already quite safe from quantum computers, but we are making them even stronger to be sure. (2) Homomorphic Hashing: Hashes that allow you to "add" two pieces of data and get a hash that is the sum of their individual hashes (useful for cloud storage). (3) Zero-Knowledge Signatures: Proving you signed a document without revealing which member of a group you are. (4) Post-Quantum Digital Signatures: Using "Lamport Signatures" or other PQC methods to ensure our software updates stay safe in a quantum future.