Other than password hashes, are there other uses for non-reversible crypto











up vote
25
down vote

favorite
10












Hashing is useful for checking that an input matches expectations without giving away the stored expected version - so confirming passwords etc.



But are there other use cases? In general, cryptographic storage so data is retrievable seems to be the norm.










share|improve this question




















  • 8




    Data Integrity, Key Derivation Function.
    – kelalaka
    Dec 5 at 11:20






  • 9




    Message signing.
    – gammatester
    Dec 5 at 11:23






  • 6




    ...ratcheting, commitment schemes, proofs of work, Lamport signatures...
    – Ilmari Karonen
    Dec 5 at 11:42






  • 2




    You could use it in counter mode to build a stream cipher. This is in some ways just an echo of someone else's answer about using it to create a CSPRNG, since the stream cipher answer uses this non-reversible crypto in that very way.
    – WDS
    Dec 5 at 13:01






  • 1




    For those answering on comments, can I ask a favour: please leave them as answer posts. Comments will go and are not for this purpose.
    – Rory Alsop
    Dec 6 at 18:17















up vote
25
down vote

favorite
10












Hashing is useful for checking that an input matches expectations without giving away the stored expected version - so confirming passwords etc.



But are there other use cases? In general, cryptographic storage so data is retrievable seems to be the norm.










share|improve this question




















  • 8




    Data Integrity, Key Derivation Function.
    – kelalaka
    Dec 5 at 11:20






  • 9




    Message signing.
    – gammatester
    Dec 5 at 11:23






  • 6




    ...ratcheting, commitment schemes, proofs of work, Lamport signatures...
    – Ilmari Karonen
    Dec 5 at 11:42






  • 2




    You could use it in counter mode to build a stream cipher. This is in some ways just an echo of someone else's answer about using it to create a CSPRNG, since the stream cipher answer uses this non-reversible crypto in that very way.
    – WDS
    Dec 5 at 13:01






  • 1




    For those answering on comments, can I ask a favour: please leave them as answer posts. Comments will go and are not for this purpose.
    – Rory Alsop
    Dec 6 at 18:17













up vote
25
down vote

favorite
10









up vote
25
down vote

favorite
10






10





Hashing is useful for checking that an input matches expectations without giving away the stored expected version - so confirming passwords etc.



But are there other use cases? In general, cryptographic storage so data is retrievable seems to be the norm.










share|improve this question















Hashing is useful for checking that an input matches expectations without giving away the stored expected version - so confirming passwords etc.



But are there other use cases? In general, cryptographic storage so data is retrievable seems to be the norm.







hash one-way-function






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 6 at 15:45









Martin Bonner

1439




1439










asked Dec 5 at 11:10









Rory Alsop

4241819




4241819








  • 8




    Data Integrity, Key Derivation Function.
    – kelalaka
    Dec 5 at 11:20






  • 9




    Message signing.
    – gammatester
    Dec 5 at 11:23






  • 6




    ...ratcheting, commitment schemes, proofs of work, Lamport signatures...
    – Ilmari Karonen
    Dec 5 at 11:42






  • 2




    You could use it in counter mode to build a stream cipher. This is in some ways just an echo of someone else's answer about using it to create a CSPRNG, since the stream cipher answer uses this non-reversible crypto in that very way.
    – WDS
    Dec 5 at 13:01






  • 1




    For those answering on comments, can I ask a favour: please leave them as answer posts. Comments will go and are not for this purpose.
    – Rory Alsop
    Dec 6 at 18:17














  • 8




    Data Integrity, Key Derivation Function.
    – kelalaka
    Dec 5 at 11:20






  • 9




    Message signing.
    – gammatester
    Dec 5 at 11:23






  • 6




    ...ratcheting, commitment schemes, proofs of work, Lamport signatures...
    – Ilmari Karonen
    Dec 5 at 11:42






  • 2




    You could use it in counter mode to build a stream cipher. This is in some ways just an echo of someone else's answer about using it to create a CSPRNG, since the stream cipher answer uses this non-reversible crypto in that very way.
    – WDS
    Dec 5 at 13:01






  • 1




    For those answering on comments, can I ask a favour: please leave them as answer posts. Comments will go and are not for this purpose.
    – Rory Alsop
    Dec 6 at 18:17








8




8




Data Integrity, Key Derivation Function.
– kelalaka
Dec 5 at 11:20




Data Integrity, Key Derivation Function.
– kelalaka
Dec 5 at 11:20




9




9




Message signing.
– gammatester
Dec 5 at 11:23




Message signing.
– gammatester
Dec 5 at 11:23




6




6




...ratcheting, commitment schemes, proofs of work, Lamport signatures...
– Ilmari Karonen
Dec 5 at 11:42




...ratcheting, commitment schemes, proofs of work, Lamport signatures...
– Ilmari Karonen
Dec 5 at 11:42




2




2




You could use it in counter mode to build a stream cipher. This is in some ways just an echo of someone else's answer about using it to create a CSPRNG, since the stream cipher answer uses this non-reversible crypto in that very way.
– WDS
Dec 5 at 13:01




You could use it in counter mode to build a stream cipher. This is in some ways just an echo of someone else's answer about using it to create a CSPRNG, since the stream cipher answer uses this non-reversible crypto in that very way.
– WDS
Dec 5 at 13:01




1




1




For those answering on comments, can I ask a favour: please leave them as answer posts. Comments will go and are not for this purpose.
– Rory Alsop
Dec 6 at 18:17




For those answering on comments, can I ask a favour: please leave them as answer posts. Comments will go and are not for this purpose.
– Rory Alsop
Dec 6 at 18:17










5 Answers
5






active

oldest

votes

















up vote
62
down vote



accepted











  • Data integrity is another usage. For example, when you want to send/download data, you want to make sure that the data is not modified or transmitted/downloaded correctly. To achieve this the data hashed and the hash value sent/downloaded on another channel. One may see examples of this file verification on Linux ISO download pages. Of course, hashing is not enough to protect you against some attacks. Therefore you need digital signatures.


  • Another one, when digitally signing the document, we first hash the document then sign the hash value. This is more efficient than signing the whole document.


  • Keyed-Hash Message Authentication Code (HMAC) is a message authentication code (MAC) that involves a Cryptographic hash function and a Cryptographic key.


  • Key Derivation Functions are also using hash functions to derive a key from your password plus various random sources.


  • Key Stretching: making a possibly weak password more robust against brute-force attacks. PNKDF2, bcrypt, Argon2 use key stretching.


  • Ratcheting: forward key chaining with no backward availability.


  • A special case of hash usage is the Merkle-Tree to verify the integrity of data with low bandwidth.


  • In Blockchains: hashes are a fundamental part of the blockchains.



  • Proof-of-work systems:




    A Proof-of-Work (PoW) system (or protocol, or function) is an economic measure to deter denial of service attacks and other service abuses such as spam on a network by requiring some work from the service requester, usually meaning processing time by a computer.




    Bitcoin mining and Hashcash use Proof-of-work systems.



  • Constructing Stream Ciphers as in ChaCha2 in TLS 1.3. This construction uses CTR mode of operation.


  • Public Key Cryptography: Trapdoor one-way functions are easy to compute hard to invert without special information. Most of the public key cryptosystems are based on Trapdoor one-way functions.


  • Commitment schemes allow committing a value while keeping others hidden and give the ability to reveal at a later time.


  • Lamport signature or Lamport one-time signature scheme can use one-way functions in which usually cryptographic hash functions are preferred.


  • Secure Random Number Generators such as Hash_DRBG use hash functions to improve and stretch the output from a true random number generator







share|improve this answer























  • Data integrity doesn't require non-reversible crypto. For example, CRCs are widely used for error detection but are easily reversible.
    – nwellnhof
    Dec 5 at 17:44








  • 9




    @nwellnhof CRC and checksums are used to detect transmission errors, but aren't generally considered strong enough to detect intentional modification, which can easily be done in a way that preserves the integrity code.
    – Barmar
    Dec 5 at 18:03






  • 1




    All of these, expect perhaps a few "Secure Random Number Generators, Ratcheting, Proof-of-work systems" seems like variations on a "password". Still a nice list.
    – chux
    Dec 7 at 6:36






  • 2




    @chux I'm not sure who uses a "complete copy of avengers: infinity war" as a "password": that is the kind of thing you verify with "data integrity". The OP's "password" focused on not giving away the actual password; here, it is "not having to transmit the actual file twice", which is a very different thing.
    – Yakk - Adam Nevraumont
    Dec 7 at 19:05








  • 2




    We should also add Hashed-Timelock Contracts (HTLC) for cross chain atomic swaps (although it could be considered a commitment scheme). Additionally, Zero knowledge proofs from hash functions (i.e., zkStark and Ligero) and also note that Lamport’s scheme has multi-time variations such as XMSS, BPQS and Sphincs.
    – Konstantinos Chalkias
    Dec 7 at 23:46


















up vote
22
down vote













Applications for one-way-functions in cryptography



Hash-collisions may happen in rare cases, but are mostly disregarded here.



Data integrity



Integrity



A quick way to ensure integrity of data is to compare two hashes, where one is a previously calculated hash and the other is the newly calculated hash of the data, which is presumed to be unmodified. If the previous hash matches with the new one, then the data has in fact not been changed.



Comparing two hashes is computationally very efficient compared to "bit-by-bit" comparison of large data.



Authenticity



Downloadable files often have a checksum (usually SHA256) for that same file published as well. This way you can also compute the checksum after downloading the file. If the checksums match then you know that the file hasn't been modified, i.e. adding backdoors, viruses, worms, etc.



Passwords



I won't go into detail here, because you mainly asked for other applications than password-hashing. The main advantage of one-way-functions concerning passwords is obviously, that you don't have to store the passwords as plaintext and still can authenticate users.



Digital signatures



The function of digital signatures is basically the same as signatures on paper with ink. They ensure the authenticity of the source not of the file. They are very commonly used in Emails, this way the receiver of a message can verify that the sender is in fact the person who wrote the Email.



Proof-of-work



A popular example of proof-of-work is the mining of bitcoins, where miners have to calculate a certain hash-value. This way it's relatively easy to verify a certain value (in the example of bitcoin-mining you "verify" the integrity of the decentralized nodes in the P2P bitcoin network) but very hard to do the same work for a possible attacker.



Cryptographically secure pseudorandom number generators



CSPRNG's have a relatively wide use in cryptography, i.e:




  • key generation

  • salts


CSPRNGs in contrast to "normal" PSNGs must have the requirement of being one-way-functions (which again is not yet proven if such generators exist).



Key derivation function



A KDF is used to retrive several (at least one) secret keys from a master-secret-key. Keyed cryptographic hash functions are popular examples of pseudorandom functions used for key derivation.






share|improve this answer



















  • 5




    Tiny little niggle: CSPRNGs can't make OTPs.
    – Paul Uszak
    Dec 5 at 21:40






  • 2




    @PaulUszak is absolutely correct. When you use a CSPRNG for an OTP, you just have a stream cipher.
    – forest
    Dec 7 at 4:16








  • 1




    Thanks for the comment, I corrected my answer.
    – AleksanderRas
    Dec 7 at 7:48


















up vote
5
down vote













There is a body of theorems that shows that a one-way function is sufficient to build many, many types of symmetric cryptography schemes. As the link puts it:




The existence of a one-way function implies the existence of many other useful concepts, including:




  • Pseudorandom generators

  • Pseudorandom function families

  • Bit commitment schemes

  • Private-key encryption schemes secure against adaptive chosen-ciphertext attack

  • Message authentication codes

  • Digital signature schemes (secure against adaptive chosen-message attack)


The existence of one-way functions also implies that there is no natural proof for $mathrm{P} ≠ mathrm{NP}$.




So yeah, useful.






share|improve this answer




























    up vote
    4
    down vote













    Hash functions are ubiquitous in cryptography. No matter to even try to list all applications...



    Just one example: signature schemes which are constructed only out of a hash -function (https://en.wikipedia.org/wiki/Hash-based_cryptography)






    share|improve this answer




























      up vote
      2
      down vote













      Hashing also has many non crypto uses. They are still used as a method for avoiding unbalanced indexes and tables, or queue allocation, and scheduling, as well as check digit calculations and fingerprinting (mda5 is still commonly used for download verification).



      The intent is even distribution, hence the term "Hash" as we are stirring up the mix to even things out, to avoid hot spots and balance resources.






      share|improve this answer

















      • 1




        One-wayness is not necessary for this type of "hash", so I don't think this answers the posed question.
        – Maeher
        Dec 7 at 13:20










      • The OP explicitly asks for "other" use cases, where this is *not" the requirement.
        – mckenzm
        Dec 8 at 21:27











      Your Answer





      StackExchange.ifUsing("editor", function () {
      return StackExchange.using("mathjaxEditing", function () {
      StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
      StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
      });
      });
      }, "mathjax-editing");

      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "281"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      noCode: true, onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f64588%2fother-than-password-hashes-are-there-other-uses-for-non-reversible-crypto%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      5 Answers
      5






      active

      oldest

      votes








      5 Answers
      5






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      62
      down vote



      accepted











      • Data integrity is another usage. For example, when you want to send/download data, you want to make sure that the data is not modified or transmitted/downloaded correctly. To achieve this the data hashed and the hash value sent/downloaded on another channel. One may see examples of this file verification on Linux ISO download pages. Of course, hashing is not enough to protect you against some attacks. Therefore you need digital signatures.


      • Another one, when digitally signing the document, we first hash the document then sign the hash value. This is more efficient than signing the whole document.


      • Keyed-Hash Message Authentication Code (HMAC) is a message authentication code (MAC) that involves a Cryptographic hash function and a Cryptographic key.


      • Key Derivation Functions are also using hash functions to derive a key from your password plus various random sources.


      • Key Stretching: making a possibly weak password more robust against brute-force attacks. PNKDF2, bcrypt, Argon2 use key stretching.


      • Ratcheting: forward key chaining with no backward availability.


      • A special case of hash usage is the Merkle-Tree to verify the integrity of data with low bandwidth.


      • In Blockchains: hashes are a fundamental part of the blockchains.



      • Proof-of-work systems:




        A Proof-of-Work (PoW) system (or protocol, or function) is an economic measure to deter denial of service attacks and other service abuses such as spam on a network by requiring some work from the service requester, usually meaning processing time by a computer.




        Bitcoin mining and Hashcash use Proof-of-work systems.



      • Constructing Stream Ciphers as in ChaCha2 in TLS 1.3. This construction uses CTR mode of operation.


      • Public Key Cryptography: Trapdoor one-way functions are easy to compute hard to invert without special information. Most of the public key cryptosystems are based on Trapdoor one-way functions.


      • Commitment schemes allow committing a value while keeping others hidden and give the ability to reveal at a later time.


      • Lamport signature or Lamport one-time signature scheme can use one-way functions in which usually cryptographic hash functions are preferred.


      • Secure Random Number Generators such as Hash_DRBG use hash functions to improve and stretch the output from a true random number generator







      share|improve this answer























      • Data integrity doesn't require non-reversible crypto. For example, CRCs are widely used for error detection but are easily reversible.
        – nwellnhof
        Dec 5 at 17:44








      • 9




        @nwellnhof CRC and checksums are used to detect transmission errors, but aren't generally considered strong enough to detect intentional modification, which can easily be done in a way that preserves the integrity code.
        – Barmar
        Dec 5 at 18:03






      • 1




        All of these, expect perhaps a few "Secure Random Number Generators, Ratcheting, Proof-of-work systems" seems like variations on a "password". Still a nice list.
        – chux
        Dec 7 at 6:36






      • 2




        @chux I'm not sure who uses a "complete copy of avengers: infinity war" as a "password": that is the kind of thing you verify with "data integrity". The OP's "password" focused on not giving away the actual password; here, it is "not having to transmit the actual file twice", which is a very different thing.
        – Yakk - Adam Nevraumont
        Dec 7 at 19:05








      • 2




        We should also add Hashed-Timelock Contracts (HTLC) for cross chain atomic swaps (although it could be considered a commitment scheme). Additionally, Zero knowledge proofs from hash functions (i.e., zkStark and Ligero) and also note that Lamport’s scheme has multi-time variations such as XMSS, BPQS and Sphincs.
        – Konstantinos Chalkias
        Dec 7 at 23:46















      up vote
      62
      down vote



      accepted











      • Data integrity is another usage. For example, when you want to send/download data, you want to make sure that the data is not modified or transmitted/downloaded correctly. To achieve this the data hashed and the hash value sent/downloaded on another channel. One may see examples of this file verification on Linux ISO download pages. Of course, hashing is not enough to protect you against some attacks. Therefore you need digital signatures.


      • Another one, when digitally signing the document, we first hash the document then sign the hash value. This is more efficient than signing the whole document.


      • Keyed-Hash Message Authentication Code (HMAC) is a message authentication code (MAC) that involves a Cryptographic hash function and a Cryptographic key.


      • Key Derivation Functions are also using hash functions to derive a key from your password plus various random sources.


      • Key Stretching: making a possibly weak password more robust against brute-force attacks. PNKDF2, bcrypt, Argon2 use key stretching.


      • Ratcheting: forward key chaining with no backward availability.


      • A special case of hash usage is the Merkle-Tree to verify the integrity of data with low bandwidth.


      • In Blockchains: hashes are a fundamental part of the blockchains.



      • Proof-of-work systems:




        A Proof-of-Work (PoW) system (or protocol, or function) is an economic measure to deter denial of service attacks and other service abuses such as spam on a network by requiring some work from the service requester, usually meaning processing time by a computer.




        Bitcoin mining and Hashcash use Proof-of-work systems.



      • Constructing Stream Ciphers as in ChaCha2 in TLS 1.3. This construction uses CTR mode of operation.


      • Public Key Cryptography: Trapdoor one-way functions are easy to compute hard to invert without special information. Most of the public key cryptosystems are based on Trapdoor one-way functions.


      • Commitment schemes allow committing a value while keeping others hidden and give the ability to reveal at a later time.


      • Lamport signature or Lamport one-time signature scheme can use one-way functions in which usually cryptographic hash functions are preferred.


      • Secure Random Number Generators such as Hash_DRBG use hash functions to improve and stretch the output from a true random number generator







      share|improve this answer























      • Data integrity doesn't require non-reversible crypto. For example, CRCs are widely used for error detection but are easily reversible.
        – nwellnhof
        Dec 5 at 17:44








      • 9




        @nwellnhof CRC and checksums are used to detect transmission errors, but aren't generally considered strong enough to detect intentional modification, which can easily be done in a way that preserves the integrity code.
        – Barmar
        Dec 5 at 18:03






      • 1




        All of these, expect perhaps a few "Secure Random Number Generators, Ratcheting, Proof-of-work systems" seems like variations on a "password". Still a nice list.
        – chux
        Dec 7 at 6:36






      • 2




        @chux I'm not sure who uses a "complete copy of avengers: infinity war" as a "password": that is the kind of thing you verify with "data integrity". The OP's "password" focused on not giving away the actual password; here, it is "not having to transmit the actual file twice", which is a very different thing.
        – Yakk - Adam Nevraumont
        Dec 7 at 19:05








      • 2




        We should also add Hashed-Timelock Contracts (HTLC) for cross chain atomic swaps (although it could be considered a commitment scheme). Additionally, Zero knowledge proofs from hash functions (i.e., zkStark and Ligero) and also note that Lamport’s scheme has multi-time variations such as XMSS, BPQS and Sphincs.
        – Konstantinos Chalkias
        Dec 7 at 23:46













      up vote
      62
      down vote



      accepted







      up vote
      62
      down vote



      accepted







      • Data integrity is another usage. For example, when you want to send/download data, you want to make sure that the data is not modified or transmitted/downloaded correctly. To achieve this the data hashed and the hash value sent/downloaded on another channel. One may see examples of this file verification on Linux ISO download pages. Of course, hashing is not enough to protect you against some attacks. Therefore you need digital signatures.


      • Another one, when digitally signing the document, we first hash the document then sign the hash value. This is more efficient than signing the whole document.


      • Keyed-Hash Message Authentication Code (HMAC) is a message authentication code (MAC) that involves a Cryptographic hash function and a Cryptographic key.


      • Key Derivation Functions are also using hash functions to derive a key from your password plus various random sources.


      • Key Stretching: making a possibly weak password more robust against brute-force attacks. PNKDF2, bcrypt, Argon2 use key stretching.


      • Ratcheting: forward key chaining with no backward availability.


      • A special case of hash usage is the Merkle-Tree to verify the integrity of data with low bandwidth.


      • In Blockchains: hashes are a fundamental part of the blockchains.



      • Proof-of-work systems:




        A Proof-of-Work (PoW) system (or protocol, or function) is an economic measure to deter denial of service attacks and other service abuses such as spam on a network by requiring some work from the service requester, usually meaning processing time by a computer.




        Bitcoin mining and Hashcash use Proof-of-work systems.



      • Constructing Stream Ciphers as in ChaCha2 in TLS 1.3. This construction uses CTR mode of operation.


      • Public Key Cryptography: Trapdoor one-way functions are easy to compute hard to invert without special information. Most of the public key cryptosystems are based on Trapdoor one-way functions.


      • Commitment schemes allow committing a value while keeping others hidden and give the ability to reveal at a later time.


      • Lamport signature or Lamport one-time signature scheme can use one-way functions in which usually cryptographic hash functions are preferred.


      • Secure Random Number Generators such as Hash_DRBG use hash functions to improve and stretch the output from a true random number generator







      share|improve this answer















      • Data integrity is another usage. For example, when you want to send/download data, you want to make sure that the data is not modified or transmitted/downloaded correctly. To achieve this the data hashed and the hash value sent/downloaded on another channel. One may see examples of this file verification on Linux ISO download pages. Of course, hashing is not enough to protect you against some attacks. Therefore you need digital signatures.


      • Another one, when digitally signing the document, we first hash the document then sign the hash value. This is more efficient than signing the whole document.


      • Keyed-Hash Message Authentication Code (HMAC) is a message authentication code (MAC) that involves a Cryptographic hash function and a Cryptographic key.


      • Key Derivation Functions are also using hash functions to derive a key from your password plus various random sources.


      • Key Stretching: making a possibly weak password more robust against brute-force attacks. PNKDF2, bcrypt, Argon2 use key stretching.


      • Ratcheting: forward key chaining with no backward availability.


      • A special case of hash usage is the Merkle-Tree to verify the integrity of data with low bandwidth.


      • In Blockchains: hashes are a fundamental part of the blockchains.



      • Proof-of-work systems:




        A Proof-of-Work (PoW) system (or protocol, or function) is an economic measure to deter denial of service attacks and other service abuses such as spam on a network by requiring some work from the service requester, usually meaning processing time by a computer.




        Bitcoin mining and Hashcash use Proof-of-work systems.



      • Constructing Stream Ciphers as in ChaCha2 in TLS 1.3. This construction uses CTR mode of operation.


      • Public Key Cryptography: Trapdoor one-way functions are easy to compute hard to invert without special information. Most of the public key cryptosystems are based on Trapdoor one-way functions.


      • Commitment schemes allow committing a value while keeping others hidden and give the ability to reveal at a later time.


      • Lamport signature or Lamport one-time signature scheme can use one-way functions in which usually cryptographic hash functions are preferred.


      • Secure Random Number Generators such as Hash_DRBG use hash functions to improve and stretch the output from a true random number generator








      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Dec 6 at 17:13









      user7761803

      1223




      1223










      answered Dec 5 at 11:27









      kelalaka

      4,84121837




      4,84121837












      • Data integrity doesn't require non-reversible crypto. For example, CRCs are widely used for error detection but are easily reversible.
        – nwellnhof
        Dec 5 at 17:44








      • 9




        @nwellnhof CRC and checksums are used to detect transmission errors, but aren't generally considered strong enough to detect intentional modification, which can easily be done in a way that preserves the integrity code.
        – Barmar
        Dec 5 at 18:03






      • 1




        All of these, expect perhaps a few "Secure Random Number Generators, Ratcheting, Proof-of-work systems" seems like variations on a "password". Still a nice list.
        – chux
        Dec 7 at 6:36






      • 2




        @chux I'm not sure who uses a "complete copy of avengers: infinity war" as a "password": that is the kind of thing you verify with "data integrity". The OP's "password" focused on not giving away the actual password; here, it is "not having to transmit the actual file twice", which is a very different thing.
        – Yakk - Adam Nevraumont
        Dec 7 at 19:05








      • 2




        We should also add Hashed-Timelock Contracts (HTLC) for cross chain atomic swaps (although it could be considered a commitment scheme). Additionally, Zero knowledge proofs from hash functions (i.e., zkStark and Ligero) and also note that Lamport’s scheme has multi-time variations such as XMSS, BPQS and Sphincs.
        – Konstantinos Chalkias
        Dec 7 at 23:46


















      • Data integrity doesn't require non-reversible crypto. For example, CRCs are widely used for error detection but are easily reversible.
        – nwellnhof
        Dec 5 at 17:44








      • 9




        @nwellnhof CRC and checksums are used to detect transmission errors, but aren't generally considered strong enough to detect intentional modification, which can easily be done in a way that preserves the integrity code.
        – Barmar
        Dec 5 at 18:03






      • 1




        All of these, expect perhaps a few "Secure Random Number Generators, Ratcheting, Proof-of-work systems" seems like variations on a "password". Still a nice list.
        – chux
        Dec 7 at 6:36






      • 2




        @chux I'm not sure who uses a "complete copy of avengers: infinity war" as a "password": that is the kind of thing you verify with "data integrity". The OP's "password" focused on not giving away the actual password; here, it is "not having to transmit the actual file twice", which is a very different thing.
        – Yakk - Adam Nevraumont
        Dec 7 at 19:05








      • 2




        We should also add Hashed-Timelock Contracts (HTLC) for cross chain atomic swaps (although it could be considered a commitment scheme). Additionally, Zero knowledge proofs from hash functions (i.e., zkStark and Ligero) and also note that Lamport’s scheme has multi-time variations such as XMSS, BPQS and Sphincs.
        – Konstantinos Chalkias
        Dec 7 at 23:46
















      Data integrity doesn't require non-reversible crypto. For example, CRCs are widely used for error detection but are easily reversible.
      – nwellnhof
      Dec 5 at 17:44






      Data integrity doesn't require non-reversible crypto. For example, CRCs are widely used for error detection but are easily reversible.
      – nwellnhof
      Dec 5 at 17:44






      9




      9




      @nwellnhof CRC and checksums are used to detect transmission errors, but aren't generally considered strong enough to detect intentional modification, which can easily be done in a way that preserves the integrity code.
      – Barmar
      Dec 5 at 18:03




      @nwellnhof CRC and checksums are used to detect transmission errors, but aren't generally considered strong enough to detect intentional modification, which can easily be done in a way that preserves the integrity code.
      – Barmar
      Dec 5 at 18:03




      1




      1




      All of these, expect perhaps a few "Secure Random Number Generators, Ratcheting, Proof-of-work systems" seems like variations on a "password". Still a nice list.
      – chux
      Dec 7 at 6:36




      All of these, expect perhaps a few "Secure Random Number Generators, Ratcheting, Proof-of-work systems" seems like variations on a "password". Still a nice list.
      – chux
      Dec 7 at 6:36




      2




      2




      @chux I'm not sure who uses a "complete copy of avengers: infinity war" as a "password": that is the kind of thing you verify with "data integrity". The OP's "password" focused on not giving away the actual password; here, it is "not having to transmit the actual file twice", which is a very different thing.
      – Yakk - Adam Nevraumont
      Dec 7 at 19:05






      @chux I'm not sure who uses a "complete copy of avengers: infinity war" as a "password": that is the kind of thing you verify with "data integrity". The OP's "password" focused on not giving away the actual password; here, it is "not having to transmit the actual file twice", which is a very different thing.
      – Yakk - Adam Nevraumont
      Dec 7 at 19:05






      2




      2




      We should also add Hashed-Timelock Contracts (HTLC) for cross chain atomic swaps (although it could be considered a commitment scheme). Additionally, Zero knowledge proofs from hash functions (i.e., zkStark and Ligero) and also note that Lamport’s scheme has multi-time variations such as XMSS, BPQS and Sphincs.
      – Konstantinos Chalkias
      Dec 7 at 23:46




      We should also add Hashed-Timelock Contracts (HTLC) for cross chain atomic swaps (although it could be considered a commitment scheme). Additionally, Zero knowledge proofs from hash functions (i.e., zkStark and Ligero) and also note that Lamport’s scheme has multi-time variations such as XMSS, BPQS and Sphincs.
      – Konstantinos Chalkias
      Dec 7 at 23:46










      up vote
      22
      down vote













      Applications for one-way-functions in cryptography



      Hash-collisions may happen in rare cases, but are mostly disregarded here.



      Data integrity



      Integrity



      A quick way to ensure integrity of data is to compare two hashes, where one is a previously calculated hash and the other is the newly calculated hash of the data, which is presumed to be unmodified. If the previous hash matches with the new one, then the data has in fact not been changed.



      Comparing two hashes is computationally very efficient compared to "bit-by-bit" comparison of large data.



      Authenticity



      Downloadable files often have a checksum (usually SHA256) for that same file published as well. This way you can also compute the checksum after downloading the file. If the checksums match then you know that the file hasn't been modified, i.e. adding backdoors, viruses, worms, etc.



      Passwords



      I won't go into detail here, because you mainly asked for other applications than password-hashing. The main advantage of one-way-functions concerning passwords is obviously, that you don't have to store the passwords as plaintext and still can authenticate users.



      Digital signatures



      The function of digital signatures is basically the same as signatures on paper with ink. They ensure the authenticity of the source not of the file. They are very commonly used in Emails, this way the receiver of a message can verify that the sender is in fact the person who wrote the Email.



      Proof-of-work



      A popular example of proof-of-work is the mining of bitcoins, where miners have to calculate a certain hash-value. This way it's relatively easy to verify a certain value (in the example of bitcoin-mining you "verify" the integrity of the decentralized nodes in the P2P bitcoin network) but very hard to do the same work for a possible attacker.



      Cryptographically secure pseudorandom number generators



      CSPRNG's have a relatively wide use in cryptography, i.e:




      • key generation

      • salts


      CSPRNGs in contrast to "normal" PSNGs must have the requirement of being one-way-functions (which again is not yet proven if such generators exist).



      Key derivation function



      A KDF is used to retrive several (at least one) secret keys from a master-secret-key. Keyed cryptographic hash functions are popular examples of pseudorandom functions used for key derivation.






      share|improve this answer



















      • 5




        Tiny little niggle: CSPRNGs can't make OTPs.
        – Paul Uszak
        Dec 5 at 21:40






      • 2




        @PaulUszak is absolutely correct. When you use a CSPRNG for an OTP, you just have a stream cipher.
        – forest
        Dec 7 at 4:16








      • 1




        Thanks for the comment, I corrected my answer.
        – AleksanderRas
        Dec 7 at 7:48















      up vote
      22
      down vote













      Applications for one-way-functions in cryptography



      Hash-collisions may happen in rare cases, but are mostly disregarded here.



      Data integrity



      Integrity



      A quick way to ensure integrity of data is to compare two hashes, where one is a previously calculated hash and the other is the newly calculated hash of the data, which is presumed to be unmodified. If the previous hash matches with the new one, then the data has in fact not been changed.



      Comparing two hashes is computationally very efficient compared to "bit-by-bit" comparison of large data.



      Authenticity



      Downloadable files often have a checksum (usually SHA256) for that same file published as well. This way you can also compute the checksum after downloading the file. If the checksums match then you know that the file hasn't been modified, i.e. adding backdoors, viruses, worms, etc.



      Passwords



      I won't go into detail here, because you mainly asked for other applications than password-hashing. The main advantage of one-way-functions concerning passwords is obviously, that you don't have to store the passwords as plaintext and still can authenticate users.



      Digital signatures



      The function of digital signatures is basically the same as signatures on paper with ink. They ensure the authenticity of the source not of the file. They are very commonly used in Emails, this way the receiver of a message can verify that the sender is in fact the person who wrote the Email.



      Proof-of-work



      A popular example of proof-of-work is the mining of bitcoins, where miners have to calculate a certain hash-value. This way it's relatively easy to verify a certain value (in the example of bitcoin-mining you "verify" the integrity of the decentralized nodes in the P2P bitcoin network) but very hard to do the same work for a possible attacker.



      Cryptographically secure pseudorandom number generators



      CSPRNG's have a relatively wide use in cryptography, i.e:




      • key generation

      • salts


      CSPRNGs in contrast to "normal" PSNGs must have the requirement of being one-way-functions (which again is not yet proven if such generators exist).



      Key derivation function



      A KDF is used to retrive several (at least one) secret keys from a master-secret-key. Keyed cryptographic hash functions are popular examples of pseudorandom functions used for key derivation.






      share|improve this answer



















      • 5




        Tiny little niggle: CSPRNGs can't make OTPs.
        – Paul Uszak
        Dec 5 at 21:40






      • 2




        @PaulUszak is absolutely correct. When you use a CSPRNG for an OTP, you just have a stream cipher.
        – forest
        Dec 7 at 4:16








      • 1




        Thanks for the comment, I corrected my answer.
        – AleksanderRas
        Dec 7 at 7:48













      up vote
      22
      down vote










      up vote
      22
      down vote









      Applications for one-way-functions in cryptography



      Hash-collisions may happen in rare cases, but are mostly disregarded here.



      Data integrity



      Integrity



      A quick way to ensure integrity of data is to compare two hashes, where one is a previously calculated hash and the other is the newly calculated hash of the data, which is presumed to be unmodified. If the previous hash matches with the new one, then the data has in fact not been changed.



      Comparing two hashes is computationally very efficient compared to "bit-by-bit" comparison of large data.



      Authenticity



      Downloadable files often have a checksum (usually SHA256) for that same file published as well. This way you can also compute the checksum after downloading the file. If the checksums match then you know that the file hasn't been modified, i.e. adding backdoors, viruses, worms, etc.



      Passwords



      I won't go into detail here, because you mainly asked for other applications than password-hashing. The main advantage of one-way-functions concerning passwords is obviously, that you don't have to store the passwords as plaintext and still can authenticate users.



      Digital signatures



      The function of digital signatures is basically the same as signatures on paper with ink. They ensure the authenticity of the source not of the file. They are very commonly used in Emails, this way the receiver of a message can verify that the sender is in fact the person who wrote the Email.



      Proof-of-work



      A popular example of proof-of-work is the mining of bitcoins, where miners have to calculate a certain hash-value. This way it's relatively easy to verify a certain value (in the example of bitcoin-mining you "verify" the integrity of the decentralized nodes in the P2P bitcoin network) but very hard to do the same work for a possible attacker.



      Cryptographically secure pseudorandom number generators



      CSPRNG's have a relatively wide use in cryptography, i.e:




      • key generation

      • salts


      CSPRNGs in contrast to "normal" PSNGs must have the requirement of being one-way-functions (which again is not yet proven if such generators exist).



      Key derivation function



      A KDF is used to retrive several (at least one) secret keys from a master-secret-key. Keyed cryptographic hash functions are popular examples of pseudorandom functions used for key derivation.






      share|improve this answer














      Applications for one-way-functions in cryptography



      Hash-collisions may happen in rare cases, but are mostly disregarded here.



      Data integrity



      Integrity



      A quick way to ensure integrity of data is to compare two hashes, where one is a previously calculated hash and the other is the newly calculated hash of the data, which is presumed to be unmodified. If the previous hash matches with the new one, then the data has in fact not been changed.



      Comparing two hashes is computationally very efficient compared to "bit-by-bit" comparison of large data.



      Authenticity



      Downloadable files often have a checksum (usually SHA256) for that same file published as well. This way you can also compute the checksum after downloading the file. If the checksums match then you know that the file hasn't been modified, i.e. adding backdoors, viruses, worms, etc.



      Passwords



      I won't go into detail here, because you mainly asked for other applications than password-hashing. The main advantage of one-way-functions concerning passwords is obviously, that you don't have to store the passwords as plaintext and still can authenticate users.



      Digital signatures



      The function of digital signatures is basically the same as signatures on paper with ink. They ensure the authenticity of the source not of the file. They are very commonly used in Emails, this way the receiver of a message can verify that the sender is in fact the person who wrote the Email.



      Proof-of-work



      A popular example of proof-of-work is the mining of bitcoins, where miners have to calculate a certain hash-value. This way it's relatively easy to verify a certain value (in the example of bitcoin-mining you "verify" the integrity of the decentralized nodes in the P2P bitcoin network) but very hard to do the same work for a possible attacker.



      Cryptographically secure pseudorandom number generators



      CSPRNG's have a relatively wide use in cryptography, i.e:




      • key generation

      • salts


      CSPRNGs in contrast to "normal" PSNGs must have the requirement of being one-way-functions (which again is not yet proven if such generators exist).



      Key derivation function



      A KDF is used to retrive several (at least one) secret keys from a master-secret-key. Keyed cryptographic hash functions are popular examples of pseudorandom functions used for key derivation.







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Dec 7 at 7:47

























      answered Dec 5 at 12:31









      AleksanderRas

      1,6301525




      1,6301525








      • 5




        Tiny little niggle: CSPRNGs can't make OTPs.
        – Paul Uszak
        Dec 5 at 21:40






      • 2




        @PaulUszak is absolutely correct. When you use a CSPRNG for an OTP, you just have a stream cipher.
        – forest
        Dec 7 at 4:16








      • 1




        Thanks for the comment, I corrected my answer.
        – AleksanderRas
        Dec 7 at 7:48














      • 5




        Tiny little niggle: CSPRNGs can't make OTPs.
        – Paul Uszak
        Dec 5 at 21:40






      • 2




        @PaulUszak is absolutely correct. When you use a CSPRNG for an OTP, you just have a stream cipher.
        – forest
        Dec 7 at 4:16








      • 1




        Thanks for the comment, I corrected my answer.
        – AleksanderRas
        Dec 7 at 7:48








      5




      5




      Tiny little niggle: CSPRNGs can't make OTPs.
      – Paul Uszak
      Dec 5 at 21:40




      Tiny little niggle: CSPRNGs can't make OTPs.
      – Paul Uszak
      Dec 5 at 21:40




      2




      2




      @PaulUszak is absolutely correct. When you use a CSPRNG for an OTP, you just have a stream cipher.
      – forest
      Dec 7 at 4:16






      @PaulUszak is absolutely correct. When you use a CSPRNG for an OTP, you just have a stream cipher.
      – forest
      Dec 7 at 4:16






      1




      1




      Thanks for the comment, I corrected my answer.
      – AleksanderRas
      Dec 7 at 7:48




      Thanks for the comment, I corrected my answer.
      – AleksanderRas
      Dec 7 at 7:48










      up vote
      5
      down vote













      There is a body of theorems that shows that a one-way function is sufficient to build many, many types of symmetric cryptography schemes. As the link puts it:




      The existence of a one-way function implies the existence of many other useful concepts, including:




      • Pseudorandom generators

      • Pseudorandom function families

      • Bit commitment schemes

      • Private-key encryption schemes secure against adaptive chosen-ciphertext attack

      • Message authentication codes

      • Digital signature schemes (secure against adaptive chosen-message attack)


      The existence of one-way functions also implies that there is no natural proof for $mathrm{P} ≠ mathrm{NP}$.




      So yeah, useful.






      share|improve this answer

























        up vote
        5
        down vote













        There is a body of theorems that shows that a one-way function is sufficient to build many, many types of symmetric cryptography schemes. As the link puts it:




        The existence of a one-way function implies the existence of many other useful concepts, including:




        • Pseudorandom generators

        • Pseudorandom function families

        • Bit commitment schemes

        • Private-key encryption schemes secure against adaptive chosen-ciphertext attack

        • Message authentication codes

        • Digital signature schemes (secure against adaptive chosen-message attack)


        The existence of one-way functions also implies that there is no natural proof for $mathrm{P} ≠ mathrm{NP}$.




        So yeah, useful.






        share|improve this answer























          up vote
          5
          down vote










          up vote
          5
          down vote









          There is a body of theorems that shows that a one-way function is sufficient to build many, many types of symmetric cryptography schemes. As the link puts it:




          The existence of a one-way function implies the existence of many other useful concepts, including:




          • Pseudorandom generators

          • Pseudorandom function families

          • Bit commitment schemes

          • Private-key encryption schemes secure against adaptive chosen-ciphertext attack

          • Message authentication codes

          • Digital signature schemes (secure against adaptive chosen-message attack)


          The existence of one-way functions also implies that there is no natural proof for $mathrm{P} ≠ mathrm{NP}$.




          So yeah, useful.






          share|improve this answer












          There is a body of theorems that shows that a one-way function is sufficient to build many, many types of symmetric cryptography schemes. As the link puts it:




          The existence of a one-way function implies the existence of many other useful concepts, including:




          • Pseudorandom generators

          • Pseudorandom function families

          • Bit commitment schemes

          • Private-key encryption schemes secure against adaptive chosen-ciphertext attack

          • Message authentication codes

          • Digital signature schemes (secure against adaptive chosen-message attack)


          The existence of one-way functions also implies that there is no natural proof for $mathrm{P} ≠ mathrm{NP}$.




          So yeah, useful.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Dec 5 at 18:23









          Luis Casillas

          9,44711337




          9,44711337






















              up vote
              4
              down vote













              Hash functions are ubiquitous in cryptography. No matter to even try to list all applications...



              Just one example: signature schemes which are constructed only out of a hash -function (https://en.wikipedia.org/wiki/Hash-based_cryptography)






              share|improve this answer

























                up vote
                4
                down vote













                Hash functions are ubiquitous in cryptography. No matter to even try to list all applications...



                Just one example: signature schemes which are constructed only out of a hash -function (https://en.wikipedia.org/wiki/Hash-based_cryptography)






                share|improve this answer























                  up vote
                  4
                  down vote










                  up vote
                  4
                  down vote









                  Hash functions are ubiquitous in cryptography. No matter to even try to list all applications...



                  Just one example: signature schemes which are constructed only out of a hash -function (https://en.wikipedia.org/wiki/Hash-based_cryptography)






                  share|improve this answer












                  Hash functions are ubiquitous in cryptography. No matter to even try to list all applications...



                  Just one example: signature schemes which are constructed only out of a hash -function (https://en.wikipedia.org/wiki/Hash-based_cryptography)







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Dec 5 at 14:16









                  Mihas Koypish

                  1115




                  1115






















                      up vote
                      2
                      down vote













                      Hashing also has many non crypto uses. They are still used as a method for avoiding unbalanced indexes and tables, or queue allocation, and scheduling, as well as check digit calculations and fingerprinting (mda5 is still commonly used for download verification).



                      The intent is even distribution, hence the term "Hash" as we are stirring up the mix to even things out, to avoid hot spots and balance resources.






                      share|improve this answer

















                      • 1




                        One-wayness is not necessary for this type of "hash", so I don't think this answers the posed question.
                        – Maeher
                        Dec 7 at 13:20










                      • The OP explicitly asks for "other" use cases, where this is *not" the requirement.
                        – mckenzm
                        Dec 8 at 21:27















                      up vote
                      2
                      down vote













                      Hashing also has many non crypto uses. They are still used as a method for avoiding unbalanced indexes and tables, or queue allocation, and scheduling, as well as check digit calculations and fingerprinting (mda5 is still commonly used for download verification).



                      The intent is even distribution, hence the term "Hash" as we are stirring up the mix to even things out, to avoid hot spots and balance resources.






                      share|improve this answer

















                      • 1




                        One-wayness is not necessary for this type of "hash", so I don't think this answers the posed question.
                        – Maeher
                        Dec 7 at 13:20










                      • The OP explicitly asks for "other" use cases, where this is *not" the requirement.
                        – mckenzm
                        Dec 8 at 21:27













                      up vote
                      2
                      down vote










                      up vote
                      2
                      down vote









                      Hashing also has many non crypto uses. They are still used as a method for avoiding unbalanced indexes and tables, or queue allocation, and scheduling, as well as check digit calculations and fingerprinting (mda5 is still commonly used for download verification).



                      The intent is even distribution, hence the term "Hash" as we are stirring up the mix to even things out, to avoid hot spots and balance resources.






                      share|improve this answer












                      Hashing also has many non crypto uses. They are still used as a method for avoiding unbalanced indexes and tables, or queue allocation, and scheduling, as well as check digit calculations and fingerprinting (mda5 is still commonly used for download verification).



                      The intent is even distribution, hence the term "Hash" as we are stirring up the mix to even things out, to avoid hot spots and balance resources.







                      share|improve this answer












                      share|improve this answer



                      share|improve this answer










                      answered Dec 5 at 23:57









                      mckenzm

                      1491




                      1491








                      • 1




                        One-wayness is not necessary for this type of "hash", so I don't think this answers the posed question.
                        – Maeher
                        Dec 7 at 13:20










                      • The OP explicitly asks for "other" use cases, where this is *not" the requirement.
                        – mckenzm
                        Dec 8 at 21:27














                      • 1




                        One-wayness is not necessary for this type of "hash", so I don't think this answers the posed question.
                        – Maeher
                        Dec 7 at 13:20










                      • The OP explicitly asks for "other" use cases, where this is *not" the requirement.
                        – mckenzm
                        Dec 8 at 21:27








                      1




                      1




                      One-wayness is not necessary for this type of "hash", so I don't think this answers the posed question.
                      – Maeher
                      Dec 7 at 13:20




                      One-wayness is not necessary for this type of "hash", so I don't think this answers the posed question.
                      – Maeher
                      Dec 7 at 13:20












                      The OP explicitly asks for "other" use cases, where this is *not" the requirement.
                      – mckenzm
                      Dec 8 at 21:27




                      The OP explicitly asks for "other" use cases, where this is *not" the requirement.
                      – mckenzm
                      Dec 8 at 21:27


















                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Cryptography Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      Use MathJax to format equations. MathJax reference.


                      To learn more, see our tips on writing great answers.





                      Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                      Please pay close attention to the following guidance:


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f64588%2fother-than-password-hashes-are-there-other-uses-for-non-reversible-crypto%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

                      Mangá

                      Eduardo VII do Reino Unido