Bitcoin and Cryptocurrency Technologies-Week 1 Cryptographic Hash Function
This series of articles are my notes of “Bitcoin and Cryptocurrency Technologies” online course.
Table of Content
Hash Function
Hash function is a mathematical function:H(X)=Y
- H: A hash function which takes an input value and calculates an output value
- X: Input of the hash function, it could be any data of any length
- Y: Output of the hash function: a fix-size bit(, it can be 256, 384, 516 …, Bitcoin uses 256)
Cryptographic Properties
A hash function which is used for cryptographic purposes should have these properties:
Collision Free
Definition:
A hash function H is said to be collision free if:
It’s infeasible to find two values X1 and X2, such that X1!=X2
Or in other words,
It’s infeasible to find two inputs which can produce the same outputs.
Explaination:
The collision does exist because the inputs can be any data and the outputs are only 2 to 256 possibilities.
But for a good hash function, it’s just impossible to find them in an acceptable time frame even use all the computers to solve this together on the earth.
We can use this property of hash functions to create a digest for a given data. By comparing the hash digests, we can tell if a big file is modified or corrupted during a transmission, which is often used in downloading a software.
Hiding
Definition:
A hash function H is hiding if:
when a secret value R is chosen from a highly spread-out distribution that, then given the hash result of H( R|X), it is infeasible to find X. | means concatenation of two strings.
The Problem We Want to Solve:
We want a hash function that it’s infeasible to find out the input by the output of a hash function.
The problem is that if there are only a few values of inputs, it will be very easy to figure out what the input is by the output by simply trying all the possible values of inputs and see if they match the output.
Solution:
Concatenating input with a random R which is randomly chosen from a highly spread-out distribution like this: H( R|X)
Explanation:
With R appended to the input, now it’s infeasible to figure out what input is by just traversing all the values because there’re too many possibilities.
R is used to hide the input, by using R, the Hash function can hide the input while exposing the output.
Two Uses of Hiding Property
1. Commitment
This use of hiding property is explained in the lecture.
Scenario:
We want to make a commitment, keep it as a secret, and reveal it later to others.
Requirements:
- The commitment can’t be seen until it’s revealed
- The commitment can’t be changed.
- Other people can verify the commitment once it’s revealed
Implementation:
hash(message|key)=commitment
- Message: the commitment we want to make, which may only have a few values.
- Key is a generated value from a spread-out distribution used to hide the message
- commitment: the hash of message concatenated with the key
Explanation:
- You want to make a commitment, the message, to others. It could be any message.
- You choose a generated key which is used to hide the message.
- You get the hash of the key message combination.
- You publish the hash result, which is the commitment, to others and keep the key and message only to yourself. So other people know you have made a commitment, but they don’t know what exactly it is.
- After a while, you decide to reveal the commitment, so you publish the key and message.
- Other people can use the hash function hash(message|key) to calculate the hash result, compare it with the hash(commitment) you previously published. If it’s the same, they can verify that you didn’t change the commitment you have made.
- Because a key is used to hide the message, other people can’t figure out what’s the message before you reveal it.
- Because of collision-free property, you can’t find a message’ such that hash(message’|key)=hash(message|key), so it’s impossible to change the committed message after publishing it.
2. Secure Password
Another common use of hiding property of hash is to secure passwords.
Scenario:
A website needs to verify the user password when user login. Instead of storing the password in the system, a more secure approach is just storing the hash of the password and compare the hash to verify the user. By this way, the user password won’t be at risk even the system is broken by attackers because the attackers can’t get the password by the hash.
But there’s still a problem, many people tend to use simple words as their passwords. Attackers can make a long list of common passwords used by people, calculate the hash of these passwords in advance, and use these hashes to attack the system to figure out what’s the password. It’s called a rainbow attack.
Solution:
Use a randomly generated ‘salt’ to safeguard the password.
hash(password|salt)=output
Explanation:
To solve this problem, we can append a generated random value to the password, this value is often called ‘salt’. Salt is saved along with the hashed password in the system. So the system can get the hash out of the combination of user password and salt, compare it with the stored hash to verify user identity.
By appending a salt to the password, attackers can no longer use a pre-calculated password-hash map to attack the system. Even two users happened to choose the same string as their passwords, the hashes stored in the system are different because their salts are different, which is randomly generated.
Example:
This example is excerpted from wikipedia
Username | Password | Salt value | String to be hashed | Hashed value = SHA256 (Password + Salt value) |
---|---|---|---|---|
user1 | password123 | E1F53135E559C253 | password123+E1F53135E559C253 | 72AE25495A7981C40622D49F9A52E4F1565C90F048F59027BD9C8C8900D5C3D8 |
user2 | password123 | 84B03D034B409D4E | password123+84B03D034B409D4E | B4B6603ABC670967E99C7E7F1389E40CD16E78AD38EB1468EC2AA1E62B8BED3A |
As the table above illustrates, different salt values will create completely different hashed values, even when the plaintext passwords are exactly the same. Additionally, dictionary attacks are mitigated to a degree as an attacker cannot practically precompute the hashes. However, a salt cannot protect against common or easily guessed passwords because the attacker can still combine the salt with all the possible password in the dictionary and try to match the hash of the combinations with the hashed value stored in the attached target. The salt just makes the attack more difficult because attackers need two additional steps: 1. find out the salt of the attacked target 2. Calculate the hash every time
Puzzle-Friendly
Definition:
A hash function H is said to be puzzle-friendly if:
Given an R which is chosen from a highly spread-out distribution and a target set Y.
Try to find a solution X such that *H(R|X) Y.
There is no solving strategy to find X much better than just trying every possible value of X.
Usage:
Puzzle-friendly property is used for Bitcoin mining. The miner needs to find out a specific number R, which is concatenated with the data of the block, and the hash of the combination should fall into a certain range. The first one who solves this puzzle can add the outstanding transaction into the blockchain and get Bitcoin as the reward.
Bitcoin Minding Puzzle: find R such that H(R|BlockData) ValidRange
SHA-256
SHA-256 is the hash function used in Bitcoin which has all the three needed properties.
Copyright © 趙化冰的網路日誌 2018 CC BY 4.0相關推薦
Bitcoin and Cryptocurrency Technologies-Week 1 Cryptographic Hash Function
This series of articles are my notes of “Bitcoin and Cryptocurrency Technologies” online course.Table of ContentHash FunctionHash function
比特幣與加密貨幣技術(Bitcoin and Cryptocurrency Technologies)學習筆記:(0) 目錄
宣告 筆者對此一無所知,僅僅由於好奇心驅動去了解常被大V用於割小韭菜比特幣技術是什麼玩意兒。由於經過我的轉述,知識已經被二次加工,所以強烈建議對此感興趣的朋友能自己去看看一手資料,相關材料和連結我也會給在下面,望能給各位學習者一點幫助。 r
Stanford Algorithms Design and Analysis Part 2 week 1
import java.io.BufferedReader;import java.io.DataInputStream;import java.io.FileInputStream;import java.io.FileNotFoundException;import java.io.IOException
Stanford機器學習課程(Andrew Ng) Week 1 Model and Cost Function --- 第二節 Cost Function
Cost Function 在學習線性迴歸之前,我們有必要補充代價函式的知識,來幫助我們弄清楚如何把最有可能的直線和我們的資料相擬合。 還是上節課的資料集,而假設函式也是這樣的一個最基本的線性函式形式 我們把θi稱為模型引數,而且
【Head First Servlets and JSP】筆記1
http header 多線程 轉換 throw 接收 找到 write ide 1、把Java放到HTML中,JSP應運而生。 2、Servlet本身並沒有main()方法,所以必須要有其他Java程序去調用它,這個Java程序就是Web容器(Container)
week 1--三級菜單
城市名稱 東勝 錯誤 。。 西安 包頭 else rip als zone = { "內蒙":{ "包頭":["東河區","昆都侖區","青山區","九原區"], "呼和浩特":["新城區","回民區","玉泉區","賽罕區"],
gym-101343I-Husam and the Broken Present 1
cnblogs bit using space namespace for bsp pri () 1 ///水題 2 #include <bits/stdc++.h> 3 using namespace std; 4 int main() 5 {
Week 1 # A A + B Problem II
res lines osi 可能 c代碼 turn contains inpu mean 原題描述: A - A + B Problem II I have a very simple problem for you. Given two integers A and B,
Week 1 # C 簡單計算器
字符 str 代碼 個數 return ++ 結果 mes tle 原題描述: C - 簡單計算器 讀入一個只包含 +, -, *, / 的非負整數計算表達式,計算該表達式的值。 Input測試輸入包含若幹測試用例,每個測試用例占一行,每行不超過200個字符,整數和運
Week 1 # E Parentheses Balance
stdio.h sin -m rect itl file 題目 max ret 原題描述: E - Parentheses Balance Parentheses Balance You are given a string consisting of par
Week 1 # D Rails
ava tun eth som class ... left 文件 als 原題描述: D - Rails Description There is a famous railway station in PopPush City. Country there is i
Week 1 # F Team Queue
ued nbsp input done put arch 接下來 max 不同 題目描述: F - Team Queue Time Limit: 2000/1000 MS (Java/Others) Memory Limit: 65536/32768 K (Java/O
Week 1 # K 排列2
pre 類型 同一行 不同 out 數據 位數 span spa 原題描述: Ray又對數字的列產生了興趣: 現有四張卡片,用這四張卡片能排列出很多不同的4位數,要求按從小到大的順序輸出這些4位數。 Input每組數據占一行,代表四張卡片上的數字(0<=數字<
Week 1 #H 建築搶修
pan ostream c代碼 for 遊戲 i++ g++ priority queue 原題描述: H - 建築搶修 小剛在玩JSOI提供的一個稱之為“建築搶修”的電腦遊戲:經過了一場激烈的戰鬥,T部落消滅了所有z部落的入侵者。但是T部落的基地裏已經有N個建築設施受
Unity Shaders and Effects Cookbook (4-1)(4-2)靜態立方體貼圖的創建與使用
sampler lba into 現實生活 rate valid ase pro 執行 開始學習第4章 - 著色器的反射看完了1、2節,來記錄一下。反射主要是利用了 Cubemap 立方體貼圖。認識Cubemap立方體貼圖。就如同名字所說。在一個立方體上有6張圖。就這樣
Machine Learning - week 1
坐標 如何選擇 dia ner lin spa wikipedia img 一半 Matrix 定義及基本運算 Transposing To "transpose" a matrix, swap the rows and columns. We put a "T" i
讀head first servlet and jsp有感(1)(轉)
上下 first 例如 端口 求和 ftp服務 運行 表單 app 一.web服務器:接收客戶請求,然後向客戶返回一些結果,註意web服務器在硬件上指物理主機,在軟件上指web服務器應用軟件,例如tomcat,jboss那種 web客戶,一般指瀏覽器(b/s模式)
717. 1-bit and 2-bit Characters 1、2位字符
[] 特殊字符 我們 return must 第一個 length tty and We have two special characters. The first character can be represented by one bit 0. The second
deeplearning.ai 構建機器學習項目 Week 1 聽課筆記
來源 enc develop 提高 oid 我們 隱藏 n) 機器學習 這門課是講一些分析機器學習問題的方法,如何更快速高效的優化機器學習系統,以及NG自己的工程經驗和教訓。 1. 正交化(Othogonalization) 設計機器學習系統時需要面對一個問題是:可