Other than password hashes, are there other uses for non-reversible crypto
up vote
25
down vote
favorite
Hashing is useful for checking that an input matches expectations without giving away the stored expected version - so confirming passwords etc.
But are there other use cases? In general, cryptographic storage so data is retrievable seems to be the norm.
hash one-way-function
|
show 3 more comments
up vote
25
down vote
favorite
Hashing is useful for checking that an input matches expectations without giving away the stored expected version - so confirming passwords etc.
But are there other use cases? In general, cryptographic storage so data is retrievable seems to be the norm.
hash one-way-function
8
Data Integrity, Key Derivation Function.
– kelalaka
Dec 5 at 11:20
9
Message signing.
– gammatester
Dec 5 at 11:23
6
...ratcheting, commitment schemes, proofs of work, Lamport signatures...
– Ilmari Karonen
Dec 5 at 11:42
2
You could use it in counter mode to build a stream cipher. This is in some ways just an echo of someone else's answer about using it to create a CSPRNG, since the stream cipher answer uses this non-reversible crypto in that very way.
– WDS
Dec 5 at 13:01
1
For those answering on comments, can I ask a favour: please leave them as answer posts. Comments will go and are not for this purpose.
– Rory Alsop
Dec 6 at 18:17
|
show 3 more comments
up vote
25
down vote
favorite
up vote
25
down vote
favorite
Hashing is useful for checking that an input matches expectations without giving away the stored expected version - so confirming passwords etc.
But are there other use cases? In general, cryptographic storage so data is retrievable seems to be the norm.
hash one-way-function
Hashing is useful for checking that an input matches expectations without giving away the stored expected version - so confirming passwords etc.
But are there other use cases? In general, cryptographic storage so data is retrievable seems to be the norm.
hash one-way-function
hash one-way-function
edited Dec 6 at 15:45
Martin Bonner
1439
1439
asked Dec 5 at 11:10
Rory Alsop
4241819
4241819
8
Data Integrity, Key Derivation Function.
– kelalaka
Dec 5 at 11:20
9
Message signing.
– gammatester
Dec 5 at 11:23
6
...ratcheting, commitment schemes, proofs of work, Lamport signatures...
– Ilmari Karonen
Dec 5 at 11:42
2
You could use it in counter mode to build a stream cipher. This is in some ways just an echo of someone else's answer about using it to create a CSPRNG, since the stream cipher answer uses this non-reversible crypto in that very way.
– WDS
Dec 5 at 13:01
1
For those answering on comments, can I ask a favour: please leave them as answer posts. Comments will go and are not for this purpose.
– Rory Alsop
Dec 6 at 18:17
|
show 3 more comments
8
Data Integrity, Key Derivation Function.
– kelalaka
Dec 5 at 11:20
9
Message signing.
– gammatester
Dec 5 at 11:23
6
...ratcheting, commitment schemes, proofs of work, Lamport signatures...
– Ilmari Karonen
Dec 5 at 11:42
2
You could use it in counter mode to build a stream cipher. This is in some ways just an echo of someone else's answer about using it to create a CSPRNG, since the stream cipher answer uses this non-reversible crypto in that very way.
– WDS
Dec 5 at 13:01
1
For those answering on comments, can I ask a favour: please leave them as answer posts. Comments will go and are not for this purpose.
– Rory Alsop
Dec 6 at 18:17
8
8
Data Integrity, Key Derivation Function.
– kelalaka
Dec 5 at 11:20
Data Integrity, Key Derivation Function.
– kelalaka
Dec 5 at 11:20
9
9
Message signing.
– gammatester
Dec 5 at 11:23
Message signing.
– gammatester
Dec 5 at 11:23
6
6
...ratcheting, commitment schemes, proofs of work, Lamport signatures...
– Ilmari Karonen
Dec 5 at 11:42
...ratcheting, commitment schemes, proofs of work, Lamport signatures...
– Ilmari Karonen
Dec 5 at 11:42
2
2
You could use it in counter mode to build a stream cipher. This is in some ways just an echo of someone else's answer about using it to create a CSPRNG, since the stream cipher answer uses this non-reversible crypto in that very way.
– WDS
Dec 5 at 13:01
You could use it in counter mode to build a stream cipher. This is in some ways just an echo of someone else's answer about using it to create a CSPRNG, since the stream cipher answer uses this non-reversible crypto in that very way.
– WDS
Dec 5 at 13:01
1
1
For those answering on comments, can I ask a favour: please leave them as answer posts. Comments will go and are not for this purpose.
– Rory Alsop
Dec 6 at 18:17
For those answering on comments, can I ask a favour: please leave them as answer posts. Comments will go and are not for this purpose.
– Rory Alsop
Dec 6 at 18:17
|
show 3 more comments
5 Answers
5
active
oldest
votes
up vote
62
down vote
accepted
Data integrity is another usage. For example, when you want to send/download data, you want to make sure that the data is not modified or transmitted/downloaded correctly. To achieve this the data hashed and the hash value sent/downloaded on another channel. One may see examples of this file verification on Linux ISO download pages. Of course, hashing is not enough to protect you against some attacks. Therefore you need digital signatures.
Another one, when digitally signing the document, we first hash the document then sign the hash value. This is more efficient than signing the whole document.
Keyed-Hash Message Authentication Code (HMAC) is a message authentication code (MAC) that involves a Cryptographic hash function and a Cryptographic key.
Key Derivation Functions are also using hash functions to derive a key from your password plus various random sources.
Key Stretching: making a possibly weak password more robust against brute-force attacks. PNKDF2, bcrypt, Argon2 use key stretching.
Ratcheting: forward key chaining with no backward availability.
A special case of hash usage is the Merkle-Tree to verify the integrity of data with low bandwidth.
In Blockchains: hashes are a fundamental part of the blockchains.
Proof-of-work systems:
A Proof-of-Work (PoW) system (or protocol, or function) is an economic measure to deter denial of service attacks and other service abuses such as spam on a network by requiring some work from the service requester, usually meaning processing time by a computer.
Bitcoin mining and Hashcash use Proof-of-work systems.
Constructing Stream Ciphers as in ChaCha2 in TLS 1.3. This construction uses CTR mode of operation.
Public Key Cryptography: Trapdoor one-way functions are easy to compute hard to invert without special information. Most of the public key cryptosystems are based on Trapdoor one-way functions.
Commitment schemes allow committing a value while keeping others hidden and give the ability to reveal at a later time.
Lamport signature or Lamport one-time signature scheme can use one-way functions in which usually cryptographic hash functions are preferred.
Secure Random Number Generators such as Hash_DRBG use hash functions to improve and stretch the output from a true random number generator
Data integrity doesn't require non-reversible crypto. For example, CRCs are widely used for error detection but are easily reversible.
– nwellnhof
Dec 5 at 17:44
9
@nwellnhof CRC and checksums are used to detect transmission errors, but aren't generally considered strong enough to detect intentional modification, which can easily be done in a way that preserves the integrity code.
– Barmar
Dec 5 at 18:03
1
All of these, expect perhaps a few "Secure Random Number Generators, Ratcheting, Proof-of-work systems" seems like variations on a "password". Still a nice list.
– chux
Dec 7 at 6:36
2
@chux I'm not sure who uses a "complete copy of avengers: infinity war" as a "password": that is the kind of thing you verify with "data integrity". The OP's "password" focused on not giving away the actual password; here, it is "not having to transmit the actual file twice", which is a very different thing.
– Yakk - Adam Nevraumont
Dec 7 at 19:05
2
We should also add Hashed-Timelock Contracts (HTLC) for cross chain atomic swaps (although it could be considered a commitment scheme). Additionally, Zero knowledge proofs from hash functions (i.e., zkStark and Ligero) and also note that Lamport’s scheme has multi-time variations such as XMSS, BPQS and Sphincs.
– Konstantinos Chalkias
Dec 7 at 23:46
add a comment |
up vote
22
down vote
Applications for one-way-functions in cryptography
Hash-collisions may happen in rare cases, but are mostly disregarded here.
Data integrity
Integrity
A quick way to ensure integrity of data is to compare two hashes, where one is a previously calculated hash and the other is the newly calculated hash of the data, which is presumed to be unmodified. If the previous hash matches with the new one, then the data has in fact not been changed.
Comparing two hashes is computationally very efficient compared to "bit-by-bit" comparison of large data.
Authenticity
Downloadable files often have a checksum (usually SHA256) for that same file published as well. This way you can also compute the checksum after downloading the file. If the checksums match then you know that the file hasn't been modified, i.e. adding backdoors, viruses, worms, etc.
Passwords
I won't go into detail here, because you mainly asked for other applications than password-hashing. The main advantage of one-way-functions concerning passwords is obviously, that you don't have to store the passwords as plaintext and still can authenticate users.
Digital signatures
The function of digital signatures is basically the same as signatures on paper with ink. They ensure the authenticity of the source not of the file. They are very commonly used in Emails, this way the receiver of a message can verify that the sender is in fact the person who wrote the Email.
Proof-of-work
A popular example of proof-of-work is the mining of bitcoins, where miners have to calculate a certain hash-value. This way it's relatively easy to verify a certain value (in the example of bitcoin-mining you "verify" the integrity of the decentralized nodes in the P2P bitcoin network) but very hard to do the same work for a possible attacker.
Cryptographically secure pseudorandom number generators
CSPRNG's have a relatively wide use in cryptography, i.e:
- key generation
- salts
CSPRNGs in contrast to "normal" PSNGs must have the requirement of being one-way-functions (which again is not yet proven if such generators exist).
Key derivation function
A KDF is used to retrive several (at least one) secret keys from a master-secret-key. Keyed cryptographic hash functions are popular examples of pseudorandom functions used for key derivation.
5
Tiny little niggle: CSPRNGs can't make OTPs.
– Paul Uszak
Dec 5 at 21:40
2
@PaulUszak is absolutely correct. When you use a CSPRNG for an OTP, you just have a stream cipher.
– forest
Dec 7 at 4:16
1
Thanks for the comment, I corrected my answer.
– AleksanderRas
Dec 7 at 7:48
add a comment |
up vote
5
down vote
There is a body of theorems that shows that a one-way function is sufficient to build many, many types of symmetric cryptography schemes. As the link puts it:
The existence of a one-way function implies the existence of many other useful concepts, including:
- Pseudorandom generators
- Pseudorandom function families
- Bit commitment schemes
- Private-key encryption schemes secure against adaptive chosen-ciphertext attack
- Message authentication codes
- Digital signature schemes (secure against adaptive chosen-message attack)
The existence of one-way functions also implies that there is no natural proof for $mathrm{P} ≠ mathrm{NP}$.
So yeah, useful.
add a comment |
up vote
4
down vote
Hash functions are ubiquitous in cryptography. No matter to even try to list all applications...
Just one example: signature schemes which are constructed only out of a hash -function (https://en.wikipedia.org/wiki/Hash-based_cryptography)
add a comment |
up vote
2
down vote
Hashing also has many non crypto uses. They are still used as a method for avoiding unbalanced indexes and tables, or queue allocation, and scheduling, as well as check digit calculations and fingerprinting (mda5 is still commonly used for download verification).
The intent is even distribution, hence the term "Hash" as we are stirring up the mix to even things out, to avoid hot spots and balance resources.
1
One-wayness is not necessary for this type of "hash", so I don't think this answers the posed question.
– Maeher
Dec 7 at 13:20
The OP explicitly asks for "other" use cases, where this is *not" the requirement.
– mckenzm
Dec 8 at 21:27
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "281"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f64588%2fother-than-password-hashes-are-there-other-uses-for-non-reversible-crypto%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
62
down vote
accepted
Data integrity is another usage. For example, when you want to send/download data, you want to make sure that the data is not modified or transmitted/downloaded correctly. To achieve this the data hashed and the hash value sent/downloaded on another channel. One may see examples of this file verification on Linux ISO download pages. Of course, hashing is not enough to protect you against some attacks. Therefore you need digital signatures.
Another one, when digitally signing the document, we first hash the document then sign the hash value. This is more efficient than signing the whole document.
Keyed-Hash Message Authentication Code (HMAC) is a message authentication code (MAC) that involves a Cryptographic hash function and a Cryptographic key.
Key Derivation Functions are also using hash functions to derive a key from your password plus various random sources.
Key Stretching: making a possibly weak password more robust against brute-force attacks. PNKDF2, bcrypt, Argon2 use key stretching.
Ratcheting: forward key chaining with no backward availability.
A special case of hash usage is the Merkle-Tree to verify the integrity of data with low bandwidth.
In Blockchains: hashes are a fundamental part of the blockchains.
Proof-of-work systems:
A Proof-of-Work (PoW) system (or protocol, or function) is an economic measure to deter denial of service attacks and other service abuses such as spam on a network by requiring some work from the service requester, usually meaning processing time by a computer.
Bitcoin mining and Hashcash use Proof-of-work systems.
Constructing Stream Ciphers as in ChaCha2 in TLS 1.3. This construction uses CTR mode of operation.
Public Key Cryptography: Trapdoor one-way functions are easy to compute hard to invert without special information. Most of the public key cryptosystems are based on Trapdoor one-way functions.
Commitment schemes allow committing a value while keeping others hidden and give the ability to reveal at a later time.
Lamport signature or Lamport one-time signature scheme can use one-way functions in which usually cryptographic hash functions are preferred.
Secure Random Number Generators such as Hash_DRBG use hash functions to improve and stretch the output from a true random number generator
Data integrity doesn't require non-reversible crypto. For example, CRCs are widely used for error detection but are easily reversible.
– nwellnhof
Dec 5 at 17:44
9
@nwellnhof CRC and checksums are used to detect transmission errors, but aren't generally considered strong enough to detect intentional modification, which can easily be done in a way that preserves the integrity code.
– Barmar
Dec 5 at 18:03
1
All of these, expect perhaps a few "Secure Random Number Generators, Ratcheting, Proof-of-work systems" seems like variations on a "password". Still a nice list.
– chux
Dec 7 at 6:36
2
@chux I'm not sure who uses a "complete copy of avengers: infinity war" as a "password": that is the kind of thing you verify with "data integrity". The OP's "password" focused on not giving away the actual password; here, it is "not having to transmit the actual file twice", which is a very different thing.
– Yakk - Adam Nevraumont
Dec 7 at 19:05
2
We should also add Hashed-Timelock Contracts (HTLC) for cross chain atomic swaps (although it could be considered a commitment scheme). Additionally, Zero knowledge proofs from hash functions (i.e., zkStark and Ligero) and also note that Lamport’s scheme has multi-time variations such as XMSS, BPQS and Sphincs.
– Konstantinos Chalkias
Dec 7 at 23:46
add a comment |
up vote
62
down vote
accepted
Data integrity is another usage. For example, when you want to send/download data, you want to make sure that the data is not modified or transmitted/downloaded correctly. To achieve this the data hashed and the hash value sent/downloaded on another channel. One may see examples of this file verification on Linux ISO download pages. Of course, hashing is not enough to protect you against some attacks. Therefore you need digital signatures.
Another one, when digitally signing the document, we first hash the document then sign the hash value. This is more efficient than signing the whole document.
Keyed-Hash Message Authentication Code (HMAC) is a message authentication code (MAC) that involves a Cryptographic hash function and a Cryptographic key.
Key Derivation Functions are also using hash functions to derive a key from your password plus various random sources.
Key Stretching: making a possibly weak password more robust against brute-force attacks. PNKDF2, bcrypt, Argon2 use key stretching.
Ratcheting: forward key chaining with no backward availability.
A special case of hash usage is the Merkle-Tree to verify the integrity of data with low bandwidth.
In Blockchains: hashes are a fundamental part of the blockchains.
Proof-of-work systems:
A Proof-of-Work (PoW) system (or protocol, or function) is an economic measure to deter denial of service attacks and other service abuses such as spam on a network by requiring some work from the service requester, usually meaning processing time by a computer.
Bitcoin mining and Hashcash use Proof-of-work systems.
Constructing Stream Ciphers as in ChaCha2 in TLS 1.3. This construction uses CTR mode of operation.
Public Key Cryptography: Trapdoor one-way functions are easy to compute hard to invert without special information. Most of the public key cryptosystems are based on Trapdoor one-way functions.
Commitment schemes allow committing a value while keeping others hidden and give the ability to reveal at a later time.
Lamport signature or Lamport one-time signature scheme can use one-way functions in which usually cryptographic hash functions are preferred.
Secure Random Number Generators such as Hash_DRBG use hash functions to improve and stretch the output from a true random number generator
Data integrity doesn't require non-reversible crypto. For example, CRCs are widely used for error detection but are easily reversible.
– nwellnhof
Dec 5 at 17:44
9
@nwellnhof CRC and checksums are used to detect transmission errors, but aren't generally considered strong enough to detect intentional modification, which can easily be done in a way that preserves the integrity code.
– Barmar
Dec 5 at 18:03
1
All of these, expect perhaps a few "Secure Random Number Generators, Ratcheting, Proof-of-work systems" seems like variations on a "password". Still a nice list.
– chux
Dec 7 at 6:36
2
@chux I'm not sure who uses a "complete copy of avengers: infinity war" as a "password": that is the kind of thing you verify with "data integrity". The OP's "password" focused on not giving away the actual password; here, it is "not having to transmit the actual file twice", which is a very different thing.
– Yakk - Adam Nevraumont
Dec 7 at 19:05
2
We should also add Hashed-Timelock Contracts (HTLC) for cross chain atomic swaps (although it could be considered a commitment scheme). Additionally, Zero knowledge proofs from hash functions (i.e., zkStark and Ligero) and also note that Lamport’s scheme has multi-time variations such as XMSS, BPQS and Sphincs.
– Konstantinos Chalkias
Dec 7 at 23:46
add a comment |
up vote
62
down vote
accepted
up vote
62
down vote
accepted
Data integrity is another usage. For example, when you want to send/download data, you want to make sure that the data is not modified or transmitted/downloaded correctly. To achieve this the data hashed and the hash value sent/downloaded on another channel. One may see examples of this file verification on Linux ISO download pages. Of course, hashing is not enough to protect you against some attacks. Therefore you need digital signatures.
Another one, when digitally signing the document, we first hash the document then sign the hash value. This is more efficient than signing the whole document.
Keyed-Hash Message Authentication Code (HMAC) is a message authentication code (MAC) that involves a Cryptographic hash function and a Cryptographic key.
Key Derivation Functions are also using hash functions to derive a key from your password plus various random sources.
Key Stretching: making a possibly weak password more robust against brute-force attacks. PNKDF2, bcrypt, Argon2 use key stretching.
Ratcheting: forward key chaining with no backward availability.
A special case of hash usage is the Merkle-Tree to verify the integrity of data with low bandwidth.
In Blockchains: hashes are a fundamental part of the blockchains.
Proof-of-work systems:
A Proof-of-Work (PoW) system (or protocol, or function) is an economic measure to deter denial of service attacks and other service abuses such as spam on a network by requiring some work from the service requester, usually meaning processing time by a computer.
Bitcoin mining and Hashcash use Proof-of-work systems.
Constructing Stream Ciphers as in ChaCha2 in TLS 1.3. This construction uses CTR mode of operation.
Public Key Cryptography: Trapdoor one-way functions are easy to compute hard to invert without special information. Most of the public key cryptosystems are based on Trapdoor one-way functions.
Commitment schemes allow committing a value while keeping others hidden and give the ability to reveal at a later time.
Lamport signature or Lamport one-time signature scheme can use one-way functions in which usually cryptographic hash functions are preferred.
Secure Random Number Generators such as Hash_DRBG use hash functions to improve and stretch the output from a true random number generator
Data integrity is another usage. For example, when you want to send/download data, you want to make sure that the data is not modified or transmitted/downloaded correctly. To achieve this the data hashed and the hash value sent/downloaded on another channel. One may see examples of this file verification on Linux ISO download pages. Of course, hashing is not enough to protect you against some attacks. Therefore you need digital signatures.
Another one, when digitally signing the document, we first hash the document then sign the hash value. This is more efficient than signing the whole document.
Keyed-Hash Message Authentication Code (HMAC) is a message authentication code (MAC) that involves a Cryptographic hash function and a Cryptographic key.
Key Derivation Functions are also using hash functions to derive a key from your password plus various random sources.
Key Stretching: making a possibly weak password more robust against brute-force attacks. PNKDF2, bcrypt, Argon2 use key stretching.
Ratcheting: forward key chaining with no backward availability.
A special case of hash usage is the Merkle-Tree to verify the integrity of data with low bandwidth.
In Blockchains: hashes are a fundamental part of the blockchains.
Proof-of-work systems:
A Proof-of-Work (PoW) system (or protocol, or function) is an economic measure to deter denial of service attacks and other service abuses such as spam on a network by requiring some work from the service requester, usually meaning processing time by a computer.
Bitcoin mining and Hashcash use Proof-of-work systems.
Constructing Stream Ciphers as in ChaCha2 in TLS 1.3. This construction uses CTR mode of operation.
Public Key Cryptography: Trapdoor one-way functions are easy to compute hard to invert without special information. Most of the public key cryptosystems are based on Trapdoor one-way functions.
Commitment schemes allow committing a value while keeping others hidden and give the ability to reveal at a later time.
Lamport signature or Lamport one-time signature scheme can use one-way functions in which usually cryptographic hash functions are preferred.
Secure Random Number Generators such as Hash_DRBG use hash functions to improve and stretch the output from a true random number generator
edited Dec 6 at 17:13
user7761803
1223
1223
answered Dec 5 at 11:27
kelalaka
4,84121837
4,84121837
Data integrity doesn't require non-reversible crypto. For example, CRCs are widely used for error detection but are easily reversible.
– nwellnhof
Dec 5 at 17:44
9
@nwellnhof CRC and checksums are used to detect transmission errors, but aren't generally considered strong enough to detect intentional modification, which can easily be done in a way that preserves the integrity code.
– Barmar
Dec 5 at 18:03
1
All of these, expect perhaps a few "Secure Random Number Generators, Ratcheting, Proof-of-work systems" seems like variations on a "password". Still a nice list.
– chux
Dec 7 at 6:36
2
@chux I'm not sure who uses a "complete copy of avengers: infinity war" as a "password": that is the kind of thing you verify with "data integrity". The OP's "password" focused on not giving away the actual password; here, it is "not having to transmit the actual file twice", which is a very different thing.
– Yakk - Adam Nevraumont
Dec 7 at 19:05
2
We should also add Hashed-Timelock Contracts (HTLC) for cross chain atomic swaps (although it could be considered a commitment scheme). Additionally, Zero knowledge proofs from hash functions (i.e., zkStark and Ligero) and also note that Lamport’s scheme has multi-time variations such as XMSS, BPQS and Sphincs.
– Konstantinos Chalkias
Dec 7 at 23:46
add a comment |
Data integrity doesn't require non-reversible crypto. For example, CRCs are widely used for error detection but are easily reversible.
– nwellnhof
Dec 5 at 17:44
9
@nwellnhof CRC and checksums are used to detect transmission errors, but aren't generally considered strong enough to detect intentional modification, which can easily be done in a way that preserves the integrity code.
– Barmar
Dec 5 at 18:03
1
All of these, expect perhaps a few "Secure Random Number Generators, Ratcheting, Proof-of-work systems" seems like variations on a "password". Still a nice list.
– chux
Dec 7 at 6:36
2
@chux I'm not sure who uses a "complete copy of avengers: infinity war" as a "password": that is the kind of thing you verify with "data integrity". The OP's "password" focused on not giving away the actual password; here, it is "not having to transmit the actual file twice", which is a very different thing.
– Yakk - Adam Nevraumont
Dec 7 at 19:05
2
We should also add Hashed-Timelock Contracts (HTLC) for cross chain atomic swaps (although it could be considered a commitment scheme). Additionally, Zero knowledge proofs from hash functions (i.e., zkStark and Ligero) and also note that Lamport’s scheme has multi-time variations such as XMSS, BPQS and Sphincs.
– Konstantinos Chalkias
Dec 7 at 23:46
Data integrity doesn't require non-reversible crypto. For example, CRCs are widely used for error detection but are easily reversible.
– nwellnhof
Dec 5 at 17:44
Data integrity doesn't require non-reversible crypto. For example, CRCs are widely used for error detection but are easily reversible.
– nwellnhof
Dec 5 at 17:44
9
9
@nwellnhof CRC and checksums are used to detect transmission errors, but aren't generally considered strong enough to detect intentional modification, which can easily be done in a way that preserves the integrity code.
– Barmar
Dec 5 at 18:03
@nwellnhof CRC and checksums are used to detect transmission errors, but aren't generally considered strong enough to detect intentional modification, which can easily be done in a way that preserves the integrity code.
– Barmar
Dec 5 at 18:03
1
1
All of these, expect perhaps a few "Secure Random Number Generators, Ratcheting, Proof-of-work systems" seems like variations on a "password". Still a nice list.
– chux
Dec 7 at 6:36
All of these, expect perhaps a few "Secure Random Number Generators, Ratcheting, Proof-of-work systems" seems like variations on a "password". Still a nice list.
– chux
Dec 7 at 6:36
2
2
@chux I'm not sure who uses a "complete copy of avengers: infinity war" as a "password": that is the kind of thing you verify with "data integrity". The OP's "password" focused on not giving away the actual password; here, it is "not having to transmit the actual file twice", which is a very different thing.
– Yakk - Adam Nevraumont
Dec 7 at 19:05
@chux I'm not sure who uses a "complete copy of avengers: infinity war" as a "password": that is the kind of thing you verify with "data integrity". The OP's "password" focused on not giving away the actual password; here, it is "not having to transmit the actual file twice", which is a very different thing.
– Yakk - Adam Nevraumont
Dec 7 at 19:05
2
2
We should also add Hashed-Timelock Contracts (HTLC) for cross chain atomic swaps (although it could be considered a commitment scheme). Additionally, Zero knowledge proofs from hash functions (i.e., zkStark and Ligero) and also note that Lamport’s scheme has multi-time variations such as XMSS, BPQS and Sphincs.
– Konstantinos Chalkias
Dec 7 at 23:46
We should also add Hashed-Timelock Contracts (HTLC) for cross chain atomic swaps (although it could be considered a commitment scheme). Additionally, Zero knowledge proofs from hash functions (i.e., zkStark and Ligero) and also note that Lamport’s scheme has multi-time variations such as XMSS, BPQS and Sphincs.
– Konstantinos Chalkias
Dec 7 at 23:46
add a comment |
up vote
22
down vote
Applications for one-way-functions in cryptography
Hash-collisions may happen in rare cases, but are mostly disregarded here.
Data integrity
Integrity
A quick way to ensure integrity of data is to compare two hashes, where one is a previously calculated hash and the other is the newly calculated hash of the data, which is presumed to be unmodified. If the previous hash matches with the new one, then the data has in fact not been changed.
Comparing two hashes is computationally very efficient compared to "bit-by-bit" comparison of large data.
Authenticity
Downloadable files often have a checksum (usually SHA256) for that same file published as well. This way you can also compute the checksum after downloading the file. If the checksums match then you know that the file hasn't been modified, i.e. adding backdoors, viruses, worms, etc.
Passwords
I won't go into detail here, because you mainly asked for other applications than password-hashing. The main advantage of one-way-functions concerning passwords is obviously, that you don't have to store the passwords as plaintext and still can authenticate users.
Digital signatures
The function of digital signatures is basically the same as signatures on paper with ink. They ensure the authenticity of the source not of the file. They are very commonly used in Emails, this way the receiver of a message can verify that the sender is in fact the person who wrote the Email.
Proof-of-work
A popular example of proof-of-work is the mining of bitcoins, where miners have to calculate a certain hash-value. This way it's relatively easy to verify a certain value (in the example of bitcoin-mining you "verify" the integrity of the decentralized nodes in the P2P bitcoin network) but very hard to do the same work for a possible attacker.
Cryptographically secure pseudorandom number generators
CSPRNG's have a relatively wide use in cryptography, i.e:
- key generation
- salts
CSPRNGs in contrast to "normal" PSNGs must have the requirement of being one-way-functions (which again is not yet proven if such generators exist).
Key derivation function
A KDF is used to retrive several (at least one) secret keys from a master-secret-key. Keyed cryptographic hash functions are popular examples of pseudorandom functions used for key derivation.
5
Tiny little niggle: CSPRNGs can't make OTPs.
– Paul Uszak
Dec 5 at 21:40
2
@PaulUszak is absolutely correct. When you use a CSPRNG for an OTP, you just have a stream cipher.
– forest
Dec 7 at 4:16
1
Thanks for the comment, I corrected my answer.
– AleksanderRas
Dec 7 at 7:48
add a comment |
up vote
22
down vote
Applications for one-way-functions in cryptography
Hash-collisions may happen in rare cases, but are mostly disregarded here.
Data integrity
Integrity
A quick way to ensure integrity of data is to compare two hashes, where one is a previously calculated hash and the other is the newly calculated hash of the data, which is presumed to be unmodified. If the previous hash matches with the new one, then the data has in fact not been changed.
Comparing two hashes is computationally very efficient compared to "bit-by-bit" comparison of large data.
Authenticity
Downloadable files often have a checksum (usually SHA256) for that same file published as well. This way you can also compute the checksum after downloading the file. If the checksums match then you know that the file hasn't been modified, i.e. adding backdoors, viruses, worms, etc.
Passwords
I won't go into detail here, because you mainly asked for other applications than password-hashing. The main advantage of one-way-functions concerning passwords is obviously, that you don't have to store the passwords as plaintext and still can authenticate users.
Digital signatures
The function of digital signatures is basically the same as signatures on paper with ink. They ensure the authenticity of the source not of the file. They are very commonly used in Emails, this way the receiver of a message can verify that the sender is in fact the person who wrote the Email.
Proof-of-work
A popular example of proof-of-work is the mining of bitcoins, where miners have to calculate a certain hash-value. This way it's relatively easy to verify a certain value (in the example of bitcoin-mining you "verify" the integrity of the decentralized nodes in the P2P bitcoin network) but very hard to do the same work for a possible attacker.
Cryptographically secure pseudorandom number generators
CSPRNG's have a relatively wide use in cryptography, i.e:
- key generation
- salts
CSPRNGs in contrast to "normal" PSNGs must have the requirement of being one-way-functions (which again is not yet proven if such generators exist).
Key derivation function
A KDF is used to retrive several (at least one) secret keys from a master-secret-key. Keyed cryptographic hash functions are popular examples of pseudorandom functions used for key derivation.
5
Tiny little niggle: CSPRNGs can't make OTPs.
– Paul Uszak
Dec 5 at 21:40
2
@PaulUszak is absolutely correct. When you use a CSPRNG for an OTP, you just have a stream cipher.
– forest
Dec 7 at 4:16
1
Thanks for the comment, I corrected my answer.
– AleksanderRas
Dec 7 at 7:48
add a comment |
up vote
22
down vote
up vote
22
down vote
Applications for one-way-functions in cryptography
Hash-collisions may happen in rare cases, but are mostly disregarded here.
Data integrity
Integrity
A quick way to ensure integrity of data is to compare two hashes, where one is a previously calculated hash and the other is the newly calculated hash of the data, which is presumed to be unmodified. If the previous hash matches with the new one, then the data has in fact not been changed.
Comparing two hashes is computationally very efficient compared to "bit-by-bit" comparison of large data.
Authenticity
Downloadable files often have a checksum (usually SHA256) for that same file published as well. This way you can also compute the checksum after downloading the file. If the checksums match then you know that the file hasn't been modified, i.e. adding backdoors, viruses, worms, etc.
Passwords
I won't go into detail here, because you mainly asked for other applications than password-hashing. The main advantage of one-way-functions concerning passwords is obviously, that you don't have to store the passwords as plaintext and still can authenticate users.
Digital signatures
The function of digital signatures is basically the same as signatures on paper with ink. They ensure the authenticity of the source not of the file. They are very commonly used in Emails, this way the receiver of a message can verify that the sender is in fact the person who wrote the Email.
Proof-of-work
A popular example of proof-of-work is the mining of bitcoins, where miners have to calculate a certain hash-value. This way it's relatively easy to verify a certain value (in the example of bitcoin-mining you "verify" the integrity of the decentralized nodes in the P2P bitcoin network) but very hard to do the same work for a possible attacker.
Cryptographically secure pseudorandom number generators
CSPRNG's have a relatively wide use in cryptography, i.e:
- key generation
- salts
CSPRNGs in contrast to "normal" PSNGs must have the requirement of being one-way-functions (which again is not yet proven if such generators exist).
Key derivation function
A KDF is used to retrive several (at least one) secret keys from a master-secret-key. Keyed cryptographic hash functions are popular examples of pseudorandom functions used for key derivation.
Applications for one-way-functions in cryptography
Hash-collisions may happen in rare cases, but are mostly disregarded here.
Data integrity
Integrity
A quick way to ensure integrity of data is to compare two hashes, where one is a previously calculated hash and the other is the newly calculated hash of the data, which is presumed to be unmodified. If the previous hash matches with the new one, then the data has in fact not been changed.
Comparing two hashes is computationally very efficient compared to "bit-by-bit" comparison of large data.
Authenticity
Downloadable files often have a checksum (usually SHA256) for that same file published as well. This way you can also compute the checksum after downloading the file. If the checksums match then you know that the file hasn't been modified, i.e. adding backdoors, viruses, worms, etc.
Passwords
I won't go into detail here, because you mainly asked for other applications than password-hashing. The main advantage of one-way-functions concerning passwords is obviously, that you don't have to store the passwords as plaintext and still can authenticate users.
Digital signatures
The function of digital signatures is basically the same as signatures on paper with ink. They ensure the authenticity of the source not of the file. They are very commonly used in Emails, this way the receiver of a message can verify that the sender is in fact the person who wrote the Email.
Proof-of-work
A popular example of proof-of-work is the mining of bitcoins, where miners have to calculate a certain hash-value. This way it's relatively easy to verify a certain value (in the example of bitcoin-mining you "verify" the integrity of the decentralized nodes in the P2P bitcoin network) but very hard to do the same work for a possible attacker.
Cryptographically secure pseudorandom number generators
CSPRNG's have a relatively wide use in cryptography, i.e:
- key generation
- salts
CSPRNGs in contrast to "normal" PSNGs must have the requirement of being one-way-functions (which again is not yet proven if such generators exist).
Key derivation function
A KDF is used to retrive several (at least one) secret keys from a master-secret-key. Keyed cryptographic hash functions are popular examples of pseudorandom functions used for key derivation.
edited Dec 7 at 7:47
answered Dec 5 at 12:31
AleksanderRas
1,6301525
1,6301525
5
Tiny little niggle: CSPRNGs can't make OTPs.
– Paul Uszak
Dec 5 at 21:40
2
@PaulUszak is absolutely correct. When you use a CSPRNG for an OTP, you just have a stream cipher.
– forest
Dec 7 at 4:16
1
Thanks for the comment, I corrected my answer.
– AleksanderRas
Dec 7 at 7:48
add a comment |
5
Tiny little niggle: CSPRNGs can't make OTPs.
– Paul Uszak
Dec 5 at 21:40
2
@PaulUszak is absolutely correct. When you use a CSPRNG for an OTP, you just have a stream cipher.
– forest
Dec 7 at 4:16
1
Thanks for the comment, I corrected my answer.
– AleksanderRas
Dec 7 at 7:48
5
5
Tiny little niggle: CSPRNGs can't make OTPs.
– Paul Uszak
Dec 5 at 21:40
Tiny little niggle: CSPRNGs can't make OTPs.
– Paul Uszak
Dec 5 at 21:40
2
2
@PaulUszak is absolutely correct. When you use a CSPRNG for an OTP, you just have a stream cipher.
– forest
Dec 7 at 4:16
@PaulUszak is absolutely correct. When you use a CSPRNG for an OTP, you just have a stream cipher.
– forest
Dec 7 at 4:16
1
1
Thanks for the comment, I corrected my answer.
– AleksanderRas
Dec 7 at 7:48
Thanks for the comment, I corrected my answer.
– AleksanderRas
Dec 7 at 7:48
add a comment |
up vote
5
down vote
There is a body of theorems that shows that a one-way function is sufficient to build many, many types of symmetric cryptography schemes. As the link puts it:
The existence of a one-way function implies the existence of many other useful concepts, including:
- Pseudorandom generators
- Pseudorandom function families
- Bit commitment schemes
- Private-key encryption schemes secure against adaptive chosen-ciphertext attack
- Message authentication codes
- Digital signature schemes (secure against adaptive chosen-message attack)
The existence of one-way functions also implies that there is no natural proof for $mathrm{P} ≠ mathrm{NP}$.
So yeah, useful.
add a comment |
up vote
5
down vote
There is a body of theorems that shows that a one-way function is sufficient to build many, many types of symmetric cryptography schemes. As the link puts it:
The existence of a one-way function implies the existence of many other useful concepts, including:
- Pseudorandom generators
- Pseudorandom function families
- Bit commitment schemes
- Private-key encryption schemes secure against adaptive chosen-ciphertext attack
- Message authentication codes
- Digital signature schemes (secure against adaptive chosen-message attack)
The existence of one-way functions also implies that there is no natural proof for $mathrm{P} ≠ mathrm{NP}$.
So yeah, useful.
add a comment |
up vote
5
down vote
up vote
5
down vote
There is a body of theorems that shows that a one-way function is sufficient to build many, many types of symmetric cryptography schemes. As the link puts it:
The existence of a one-way function implies the existence of many other useful concepts, including:
- Pseudorandom generators
- Pseudorandom function families
- Bit commitment schemes
- Private-key encryption schemes secure against adaptive chosen-ciphertext attack
- Message authentication codes
- Digital signature schemes (secure against adaptive chosen-message attack)
The existence of one-way functions also implies that there is no natural proof for $mathrm{P} ≠ mathrm{NP}$.
So yeah, useful.
There is a body of theorems that shows that a one-way function is sufficient to build many, many types of symmetric cryptography schemes. As the link puts it:
The existence of a one-way function implies the existence of many other useful concepts, including:
- Pseudorandom generators
- Pseudorandom function families
- Bit commitment schemes
- Private-key encryption schemes secure against adaptive chosen-ciphertext attack
- Message authentication codes
- Digital signature schemes (secure against adaptive chosen-message attack)
The existence of one-way functions also implies that there is no natural proof for $mathrm{P} ≠ mathrm{NP}$.
So yeah, useful.
answered Dec 5 at 18:23
Luis Casillas
9,44711337
9,44711337
add a comment |
add a comment |
up vote
4
down vote
Hash functions are ubiquitous in cryptography. No matter to even try to list all applications...
Just one example: signature schemes which are constructed only out of a hash -function (https://en.wikipedia.org/wiki/Hash-based_cryptography)
add a comment |
up vote
4
down vote
Hash functions are ubiquitous in cryptography. No matter to even try to list all applications...
Just one example: signature schemes which are constructed only out of a hash -function (https://en.wikipedia.org/wiki/Hash-based_cryptography)
add a comment |
up vote
4
down vote
up vote
4
down vote
Hash functions are ubiquitous in cryptography. No matter to even try to list all applications...
Just one example: signature schemes which are constructed only out of a hash -function (https://en.wikipedia.org/wiki/Hash-based_cryptography)
Hash functions are ubiquitous in cryptography. No matter to even try to list all applications...
Just one example: signature schemes which are constructed only out of a hash -function (https://en.wikipedia.org/wiki/Hash-based_cryptography)
answered Dec 5 at 14:16
Mihas Koypish
1115
1115
add a comment |
add a comment |
up vote
2
down vote
Hashing also has many non crypto uses. They are still used as a method for avoiding unbalanced indexes and tables, or queue allocation, and scheduling, as well as check digit calculations and fingerprinting (mda5 is still commonly used for download verification).
The intent is even distribution, hence the term "Hash" as we are stirring up the mix to even things out, to avoid hot spots and balance resources.
1
One-wayness is not necessary for this type of "hash", so I don't think this answers the posed question.
– Maeher
Dec 7 at 13:20
The OP explicitly asks for "other" use cases, where this is *not" the requirement.
– mckenzm
Dec 8 at 21:27
add a comment |
up vote
2
down vote
Hashing also has many non crypto uses. They are still used as a method for avoiding unbalanced indexes and tables, or queue allocation, and scheduling, as well as check digit calculations and fingerprinting (mda5 is still commonly used for download verification).
The intent is even distribution, hence the term "Hash" as we are stirring up the mix to even things out, to avoid hot spots and balance resources.
1
One-wayness is not necessary for this type of "hash", so I don't think this answers the posed question.
– Maeher
Dec 7 at 13:20
The OP explicitly asks for "other" use cases, where this is *not" the requirement.
– mckenzm
Dec 8 at 21:27
add a comment |
up vote
2
down vote
up vote
2
down vote
Hashing also has many non crypto uses. They are still used as a method for avoiding unbalanced indexes and tables, or queue allocation, and scheduling, as well as check digit calculations and fingerprinting (mda5 is still commonly used for download verification).
The intent is even distribution, hence the term "Hash" as we are stirring up the mix to even things out, to avoid hot spots and balance resources.
Hashing also has many non crypto uses. They are still used as a method for avoiding unbalanced indexes and tables, or queue allocation, and scheduling, as well as check digit calculations and fingerprinting (mda5 is still commonly used for download verification).
The intent is even distribution, hence the term "Hash" as we are stirring up the mix to even things out, to avoid hot spots and balance resources.
answered Dec 5 at 23:57
mckenzm
1491
1491
1
One-wayness is not necessary for this type of "hash", so I don't think this answers the posed question.
– Maeher
Dec 7 at 13:20
The OP explicitly asks for "other" use cases, where this is *not" the requirement.
– mckenzm
Dec 8 at 21:27
add a comment |
1
One-wayness is not necessary for this type of "hash", so I don't think this answers the posed question.
– Maeher
Dec 7 at 13:20
The OP explicitly asks for "other" use cases, where this is *not" the requirement.
– mckenzm
Dec 8 at 21:27
1
1
One-wayness is not necessary for this type of "hash", so I don't think this answers the posed question.
– Maeher
Dec 7 at 13:20
One-wayness is not necessary for this type of "hash", so I don't think this answers the posed question.
– Maeher
Dec 7 at 13:20
The OP explicitly asks for "other" use cases, where this is *not" the requirement.
– mckenzm
Dec 8 at 21:27
The OP explicitly asks for "other" use cases, where this is *not" the requirement.
– mckenzm
Dec 8 at 21:27
add a comment |
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f64588%2fother-than-password-hashes-are-there-other-uses-for-non-reversible-crypto%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
8
Data Integrity, Key Derivation Function.
– kelalaka
Dec 5 at 11:20
9
Message signing.
– gammatester
Dec 5 at 11:23
6
...ratcheting, commitment schemes, proofs of work, Lamport signatures...
– Ilmari Karonen
Dec 5 at 11:42
2
You could use it in counter mode to build a stream cipher. This is in some ways just an echo of someone else's answer about using it to create a CSPRNG, since the stream cipher answer uses this non-reversible crypto in that very way.
– WDS
Dec 5 at 13:01
1
For those answering on comments, can I ask a favour: please leave them as answer posts. Comments will go and are not for this purpose.
– Rory Alsop
Dec 6 at 18:17