Do you think IIT Guwahati certified course can help you in your career?
Introduction
Hello ninjas, We all had to verify that the mail ID logged in was ours by providing a password to our Gmail account at least once. This is authenticating our google accounts. But do you know how this authentication is achieved?
This article will discuss what hash functions in cryptography are. We will also learn the application of a hash function to provide data integrity in cryptography, a concept used in the authentication of messages.
About Cryptography
Cryptography is a concept or method that emerged to provide authenticity while transferring data. When everything is available on the internet in just one click, it is essential to differentiate between real and fake information or data.
Cryptography is similar to the Navajo code used by the military. They have symbols for every letter and word that can be used only if both personnel know the language. Similarly, in cryptography, we use an algorithm common to both sides to develop a message that cannot be read or understood without decoding.
As you can observe, we use an encryption algorithm to develop a cipher text by combining a code and a message. We use a decryption algorithm on the receiver end to decode the cipher text into a message. This enables us to achieve authenticity.
Anyone who knows the Navajo code can understand, decode the message and understand the information being transferred inside the army. Similarly, anyone with the decryption algorithm can decrypt the shared message document. Thus we use keys.
Keys are used with the encryptor and decryptor, as seen in the image above. Only the sender and receiver of the message are on the key. The message transferred cannot be encrypted or decrypted if the key is not used. It is like we have installed a lock on the message, and anyone with the key can only access it. This key can be public or private. This enables us to achieve confidentiality.
There are several ways to authenticate messages in cryptography. Three main ways are
Message encryption.
Message authentication code.
Hash functions.
In this article, we will discuss hash functions in cryptography which is the most widely used.
Hash Functions
Hash functions in cryptography are used to create authentic and confidential messages. Hash Functions in cryptography are used to generate a code to check the message's authenticity. In layman's language, we say that any document is hashed (passes through a hash function) to develop a hash value(code) using a hash function in cryptography.
The hash value is also called a message digest. As discussed in the previous section, we require a message, keys, and function in general to perform any type of authentication. Hash functions are a bit different.
H(M)= fixed length code (hash code h)
Where “H” is the hash function, “M” is the message, “h” is the hash value or code(message digest).
Working of Hash Functions
The working of a hash function depends on three main elements.
Hash function.
Message.
Hash code (message digest).
These three work together to provide authentication as follows.
The message goes through a hash function.
The function creates a hash code “h.”
The hash code and messages are combined.
We again use a hash function when the message is received to generate a hash code.
If it matches the received hash code, the message is authentic.
We might use encryptors and decryptors with or without keys to developing confidentiality and security.
A pictorial representation of this operation is given below.
As you can decipher by now, we need a function to create a hash code for the message for authentication.
Popular Hash Functions
We will look into some popular hash functions.
Message digest (MD)
It is widely used only to authenticate files rather than checking each line of the received message to check if it’s the same. It simply developed a hash code passed to both sides and used to check if the document is real or fake. It has five versions starting from MD2 to MD6. The most popular one is the MD5.
RIPEMD
It was developed by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel. It replaces 128-bit hash functions in cryptography, as its most popular versions are 160-bit and 250-bit hash functions. Its complete form is “RACE Integrity Primitives Evaluation Message Digest.”
Secure hash functions (SHA)
As the name suggests, it is one of the most secure hash functions among all the available hash functions in cryptography. It might take decades to crack the hash code developed by this function. SHA-2 and SHA-1 are the most widely used hash functions in cryptography.
Whirlpool
It is an advanced version of the Advanced Encryption Standard (AES). It uses square block operation. The most prevalent version is 512-bit. There are three versions released of this hash function in cryptography.
Practical Example
We will now look into a practical example of creating a hash code using the MD% hash function. We will check the authenticity of a file document by verifying the code. We will also see what will happen if we change some content inside the file that is being transferred.
The steps to be followed are given below.
Download the MD5 free version hash function in cryptography.
Make a file with whatever content.
Run the MD5. You will obtain the window shown below.
Either drag or browse the file to insert it into the input box.
The function will generate a hash code, as shown in the above picture.
We will then copy the code and paste it into the verification box. We will get a “Matched” message if the code is identical.
We use the code generated above if you make some changes in the file. You will receive a “NOT Matched” message.
You now know how a hash function in cryptography works.
Applications of Hash Functions
There are two significant applications of hash functions in cryptography.
Password storage
We can store the password in the usual way we generally do. But when storing crucial and confidential information, we need secure passwords. In such a case, we can store all the passwords in a file and generate a hash value to keep all our passwords secure.
Data integrity
Data integrity refers to checking if the data is real or not. We also check if the received data matches the original data. We will learn about this in detail in the next section.
Data Integrity
We compare data to a hash value to determine its integrity. We develop a hash value of a given data. We then later develop a hash value again and then check both the hash values to ensure data originality. Thus we achieve the primary application of hash functions in cryptography, authenticity.
We can check data integrity in cryptography using a total of six methods. We will discuss each one of them in detail. There are a few differences in all these methods, which you can easily recognize by looking at the technique flowcharts.
Method ONE
In this method, we use keys to encrypt and decrypt messages. We also use hash functions to develop hash values to check the authenticity of the data to achieve data integrity in cryptography.
Quick guide:
The message is passed through the hash function to develop the hash code “h.”
Append (mix) message and hash code “h.”
The appended message is passed through the encryptor and added a key to achieve confidentiality.
The message is converted into a cipher text with a hash code.
The cipher text is passed through the hash function to generate a hash code again.
The cipher text passed through the decryptor by using the key.
We receive a message with a hash code.
We compare the generated hash code to the received hash code.
If the codes match, we have received an authenticated message document.
We achieve both confidentiality and authenticity through this method.
Method TWO
In this method, we use keys to encrypt and decrypt hash codes to get encrypted and decrypted hash codes. We also use hash functions to develop hash values to check the authenticity of the data. We will achieve data integrity in cryptography.
Quick guide:
The message is passed through the hash function to develop the hash code “h.”
The message is passed through the encryptor to receive an encrypted hash code and add a key to achieve confidentiality.
Append (mix) message and hash code “E(h).”
The message with the encrypted hash code is then transferred.
The message is passed through the hash function to generate a hash code again.
The message passed through the decryptor as well by using the key.
We received the original encrypted hash code.
We compare the generated hash code to the received hash code.
If the codes match, we have received an authenticated message document.
We achieve authenticity only, not confidentiality, by this method. This is because the message is not converted into a cipher text, so it is readable by all.
Method THREE
The only difference between methods two and three is that we use a private key to encrypt hash codes and public keys to decrypt hash codes in method three of data integrity in cryptography. In this method, we use keys to encrypt and decrypt hash codes to get encrypted and decrypted hash codes. We also use hash functions to develop hash values to check the authenticity of the data.
Quick guide:
The message is passed through the hash function to develop the hash code “h.”
The message is passed through the encryptor to receive an encrypted hash code and add a private key to achieve confidentiality.
Append (mix) message and hash code “E(h).”
The message with the encrypted hash code is then transferred.
The message is passed through the hash function to generate a hash code again.
The message passed through the decryptor as well by using a public key.
We received the original encrypted hash code.
We compare the generated hash code to the received hash code.
If the codes match, we have received an authenticated message document.
We achieve authenticity only, not confidentiality, by this method. The processing time will be less as the message is not encrypted. This is also called asymmetric key cryptography. This is because the message is not converted into a cipher text, so it is readable by all.
Method FOUR
In this method, we use keys to encrypt and decrypt twice. We once used this algorithm to create encrypted and decrypted hash codes and then again to code and decode cipher text. We have used private and public keys to generate encrypted and decrypted hash codes and then used symmetric keys to encrypt and decrypt messages.
Quick guide:
The message is passed through the hash function to develop the hash code “h.”
The message is passed through the encryptor to receive an encrypted hash code and add a private key to achieve confidentiality.
Append (mix) message and hash code “E(h).”
The appended message is converted into a cipher text with a hash code.
The cipher text passed through the decryptor by using the key.
We receive a message with an encrypted hash code.
The message with the encrypted hash code is then transferred.
The message is passed through the hash function to generate a hash code again.
The message passed through the decryptor as well by using a public key.
We received the original encrypted hash code.
We compare the generated hash code to the received hash code.
If the codes match, we have received an authenticated message document.
We achieve both authenticity and confidentiality through this method. This is also called symmetric key cryptography.
Method FIVE
Instead of using keys, we use secret codes here and append them to the messages. The messages cannot be accessed without the secret code. It is a substitute for keys. We will achieve data integrity in cryptography.
Quick guide:
The message is appended (mixed) with a secret code that the sender and receiver both have.
The appended message is passed through a hash function to generate a hash code “h.”
The message and hash code is then appended.
We receive a message with a hash code.
The message is accessed using the same secret code.
The received message is passed through a hash function to generate a hash code “h” again.
We compare the generated hash code to the received hash code.
If the codes match, we have received an authenticated message document.
We achieve authenticity only, not confidentiality, by this method. The processing time will be less as the message is not encrypted. This is because the message is not converted into a cipher text, so it is readable by all.
Method SIX
In this method, we add an encryptor and decryptor to method five. This is done to ensure confidentiality.
Quick guide:
The message is appended (mixed) with a secret code that the sender and receiver both have.
The appended message is passed through a hash function to generate a hash code “h.”
The message and hash code is then appended.
The appended message is passed through the encryptor and added a key to achieve confidentiality.
The message is converted into a cipher text with a hash code.
The cipher text passed through the decryptor by using the key.
We receive a message with a hash code.
The message is accessed using the same secret code.
The received message is passed through a hash function to generate a hash code “h” again.
We compare the generated hash code to the received hash code.
If the codes match, we have received an authenticated message document.
We achieve both confidentiality and authenticity through this method. This is one of the most secure ways of data integrity in cryptography, as it is challenging to crack the message due to the key and secret code.
We have thoroughly discussed how to achieve data integrity in cryptography. Now let’s learn how to develop algorithms to verify hash codes.
Verifying Hash
We will look into an example using C# to verify a hash. We will develop an algorithm to check data integrity in cryptography.
Code
using System;
using System.Security.Cryptography;
using System.Text;
class VerifyHash
{
static void Main()
{
//Generate a hash value
byte[] senthash = { 236, 108, 376, 106, 15, 28, 88, 75, 289, 233, 22, 3, 14, 16, 120, 197, 194, 228, 130};
//String for the hash value
string messageForHash = "This is the original message!";
byte[] compareHash
//Convert string into Unicode array
UnicodeEncoding hashUnicode = new UnicodeEncoding();
//Convert string into array of bytes.
byte[] hashMessageBytes = hashUnicode.GetBytes(messageForHash);
//Create a new instance using the hash function SHA256
SHA256 newHash = SHA256.Create();
//Create the hash value from array of bytes.
compareHash = newHash.ComputeHash(hashMessageBytes);
bool same = true;
//Compare the values of the two-byte arrays.
for (int i = 0; i < sentHash.Length; i++)
{
if (sentHash[i] != compareHash[i])
{
same = false;
}
}
//To display if codes match or not
if (same)
{
Console.WriteLine("codes match.");
}
else
{
Console.WriteLine("codes do not match.");
}
}
}
Output
If the hash code or values match.
If the hash codes or values do not match.
Frequently Asked Questions
What is a session key?
A session key is a single-use key that can be sent with every message and encrypted with the recipient's public key. A session key protects communications between two computers, a user, a client, and a server.
What is DSA?
DSA stands for Digital Signature Algorithm. DSA is a cryptographic algorithm that creates keys, signs data, and authenticates signatures.
What is a blind signature scheme?
This digital signature hides the message's content before it is signed. This is used when the message author and the signer are different parties. Blind signature schemes can be implemented using RSA and DSA.
What is RSA?
RSA is a public key algorithm for key management in digital signatures. It computes a modulus that can be used as a key, along with the recipient's public key, to send an encrypted message using a large number of prime factors.
What distinguishes RSA from DSA?
While DSA is slower at verifying, it is faster at signing. DSA employs 1024 bits. RSA can handle 2048 bits or more. DSA can only be used for Encryption, whereas RSA can be used for Encryption and authentication.
Conclusion
In this article, we discussed what cryptography is and how the hash function in cryptography is used. We understood hash functions in detail by looking into practical examples. We also learned about hash function application as data integrity in cryptography using various methods and learned how to verify a hash code. We hope this blog has helped you enhance your knowledge of Signing and Encrypting in Cryptography. Do not stop learning! We recommend you read some of our Cryptography articles:
24+ registered 
