Skip to content
blockchain
timeline of technology
web 3.0
elements of computing
cryptography
DLT
fabric network
web3dev
money definition...
More
Share
Explore

cryptographic hash function (CHF)

a mathematical algorithm that maps data of an arbitrary size (often called the "message")
to a bit array of a fixed size (the "hash value", "hash", or "message digest").
it is a one-way function, that is, a function for which it is practically infeasible to invert or reverse the computation.
cryptographic hash functions are a basic tool of modern cryptography.
a cryptographic hash function must be deterministic, meaning that the same message always results in the same hash.
ideally it should also have the following properties:
it is quick to compute the hash value for any given message
it is infeasible to generate a message that yields a given hash value
(i.e. to reverse the process that generated the given hash value)
it is infeasible to find two different messages with the same hash value
a small change to a message should change the hash value so extensively
that a new hash value appears uncorrelated with the old hash value (
avalanche effect
)
HASH(X) = Y
such that:
no other X’ can have HASH(X’) equal to Y, its one to one mapping.
the size of Y is fixed and the size of X can be arbitrary.
given Y you can not calculate X, its a one-way function!

in information-security contexts,
cryptographic hash values are sometimes called (digital) fingerprints, checksums, or just hash values
there are multiple standardized hash function implementations that are used, such as SHA256
most cryptographic hash functions are designed to take a string of any length as input and produce a fixed-length hash value.

hash (or Merkle) tree

a tree in which every "leaf" (node) is labelled with the cryptographic hash of a data block,
and every node that is not a leaf (called a branch, inner node, or inode)
is labelled with the cryptographic hash of the labels of its child nodes.
a hash tree allows efficient and secure verification of the contents of a large data structure.
hash trees can be used to verify any kind of data stored, handled and transferred in and between computers.
they can help ensure that data blocks received from other peers in a peer-to-peer network
are received undamaged and unaltered, and even to check that the other peers do not lie and send fake blocks.
hash trees are used in hash-based cryptography such as the Bitcoin and Ethereum peer-to-peer networks
the initial Bitcoin implementation of Merkle trees by Satoshi Nakamoto
applies the compression step of the hash function to an excessive degree, which is mitigated by using Fast Merkle Trees

public key cryptography

cryptographic system used for the encryption/decryption of data.
encrypted data can be decrypted with the required key.
you start by generating a special, related pair of keys (asymmetric key pairs). these keys can be generated in a pair only.
they are output from single execution of a key generation algorithm.
any key can lock or encrypt the data, to unlock or decrypt we need the other key.
the only way to decrypt and make the data readable is by having the corresponding key.
image.png
image.png

how can we transmit a secret message using PKC?

Alice, Bob and Chris are connected through a network on which everyone can read data being transferred.
each participant generates their own key pairs.
each party guards their private key and broadcasts the public key on the network.
image.png
if Alice wants to send a message to Bob but she does not want Chris to know about it,
Alice will encrypt the message with Bob’s public key and share through the network.
since the corresponding private key is only known to Bob, only Bob can decrypt it.

digital signatures using Public Key Cryptography

when Bob decrypts Alice message, how can he know for sure the message was sent by Alice and not Chris?
Alice can add a digital signature to the message by using her private key to encrypt it.
when the message is decrypted by her public key only, Bob can know for sure it came from Alice.
to make this more efficient, instead of signing the entire lengthy message
the sender computes a hash (digest) of message and signs that with his public key instead.
adding digital signature
Alice computes message digest by hashing the message she is about to send.
SHA256(“Meet me at 11:00 tomorrow”).
Alice calculates the message digest = HASH(message);
Alice signs the message digest by encrypting it with her private key.
Alice appends the signed digest with message and encrypts with Bob’s public key
Alice sends it over to Bob
verifying digital signature
Bob decrypts the message using his private key
Bob decrypts the digest using Alice’s’ public key
Bob computes digest of the message.
if it matches the digest he received as signatures it confirms that
message is not tampered with
message has been sent by Alice

Public Key Infrastructure

we have seen how Hash functions and asymmetric encryption can help digitally sign messages.
on an open or insecure internet, in order for a receiver (Bob) to verify a signature done by a sender (Alice),
he needs Alice’s public key beforehand.
for the entire secure communication system to work,
both parties (Bob and Alice) need to establish trust in each other’s public key while using the same open unsafe internet.
to help solve this issue we have the concept of a trusted authority in the middle that all network participants trust.
this trusted authority is called CA or certificate authority.
image.png

how it works with a CA

Alice gets a certificate (digitally signed public key) with the CA to prove her public key to others.
All other participants on the network will be able to trust the public key is Alice’s if they trust the CA.
the CA takes Alice through an approval/on-boarding/manual-verification process and issue a certificate.
the certificate itself is a list of certified attributes the entity issued to Alice.
this data is digitally signed by the CA using its own private key.
Alice shares this certificate as a proof of her public key to Bob.
since Bob has the CA in his trusted CA list (CA’s public key),
he can verify and trust the certificate shared by Alice and hence trust her public key.

chain of trust

established between Root CA and set of Intermediate CAs
as long as the issuing CA for the certificate of each of these Intermediate CAs is either the Root CA itself
or has a chain of trust to the Root CA.
image.png
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.