What Are Cryptographic Hash Functions?

A cryptographic hash function is a mathematical function used in cryptography. Typical hash functions take inputs of variable lengths to return outputs of a fixed length.

A cryptographic hash function combines the message-passing capabilities of hash functions with security properties.

Key Takeaways

  • Hash functions are mathematical functions that transform or "map" a given set of data into a bit string of fixed size, also known as the "hash value."
  • Hash functions are used in cryptography and have variable levels of complexity and difficulty.
  • Hash functions are used for cryptocurrency, password security, and message security.

How Cryptographic Hash Functions Work

Hash functions are commonly used data structures in computing systems for tasks, such as checking the integrity of messages and authenticating information. While they are considered cryptographically "weak" because they can be solved in polynomial time, they are not easily decipherable.

Cryptographic hash functions add security features to typical hash functions, making it more difficult to detect the contents of a message or information about recipients and senders. 

In particular, cryptographic hash functions exhibit these three properties:

  • They are “collision-free.” This means that no two input hashes should map to the same output hash. 
  • They can be hidden. It should be difficult to guess the input value for a hash function from its output. 
  • They should be puzzle-friendly. It should be difficult to select an input that provides a pre-defined output. Thus, the input should be selected from a distribution that's as wide as possible. 

The three properties outlined above are desirable but they cannot always be implemented in practice. For example, the disparity in sample spaces for input hashes and outputs ensures that collisions are possible. For example, in 2017, the MIT Digital Currency Initiative found collision vulnerability in IOTA.

Examples of Cryptographic Hash Functions

Cryptographic hash functions are widely used in cryptocurrencies to pass transaction information anonymously. For example, bitcoin, the original and largest cryptocurrency, uses the SHA-256 cryptographic hash function in its algorithm. Similarly, IOTA, a platform for the Internet of Things, has its own cryptographic hash function, called Curl.

However, hashes have other applications in the real world. These are some of the most common cryptographic applications:

Password Verification

Storing passwords in a regular text file is dangerous, so nearly all sites store passwords as hashes. When a user inputs their password, it is hashed and the result is compared to the list of hashed values stored on the company's servers. This is not a fool-proof practice, however, as the Collection #1 trove of 21 million stolen passwords, discovered in 2019, demonstrates.

Signature Generation and Verification

Verifying signatures is a mathematical process used to verify the authenticity of digital documents or messages. A valid digital signature, where the prerequisites are satisfied, gives its receiver strong proof that the message was created by a known sender and that the message was not altered in transit. A digital signature scheme typically consists of three algorithms: a key generation algorithm; a signing algorithm that, given a message and a private key, produces a signature; and a signature verifying algorithm. Merkle Trees, a technology used in cryptocurrencies, is a kind of digital signature.

Verifying File and Message Integrity

Hashes can be used to make sure messages and files transmitted from sender to receiver are not tampered with during transit. The practice builds a "chain of trust." For example, a user might publish a hashed version of their data and the key so that recipients can compare the hash value they compute to the published value to make sure they align.