Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixing up hash slides with notes and edits pre lecture #889

Merged
merged 5 commits into from
Jan 3, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 42 additions & 32 deletions syllabus/1-Cryptography/3-Hashes-slides.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,19 +18,20 @@ We often want a succinct representation of some data<br />with the expectation t

## Hash Function Properties

<pba-flex center>

<section>
<p class="fragment">Accept unbounded size input</p>
<p class="fragment">Map to a bounded output</p>
<p class="fragment">Be fast to compute</p>
<p class="fragment">Be computable strictly one-way<br />(difficult to find a pre-image for a hash)</p>
<p class="fragment">Resist pre-image attacks<br />(attacker controls one input)</p>
<p class="fragment">Second pre-image resistance: Given an input and output<br />(resisting second pre-image attacks).</p>
<p class="fragment">Resist collisions<br />(attacker controls both inputs)</p>
</section>
- Accept unbounded size input <!-- .element: class="fragment" data-fragment-index="0" -->
- Map to a bounded output <!-- .element: class="fragment" data-fragment-index="1" -->
- Be fast to compute <!-- .element: class="fragment" data-fragment-index="2" -->
- Be computable strictly one-way<br />(difficult to find a pre-image for a hash) <!-- .element: class="fragment" data-fragment-index="3" -->
- Resist pre-image attacks<br />(attacker controls one input) <!-- .element: class="fragment" data-fragment-index="4" -->
- Second pre-image resistance: Given an input and output<br />(resisting second pre-image attacks). <!-- .element: class="fragment" data-fragment-index="5" -->
- Resist collisions<br />(attacker controls both inputs) <!-- .element: class="fragment" data-fragment-index="6" -->

</pba-flex>
Notes:
1. one way meaning for a given output difficult to get the input
1. attacker has the value 5 and from that can find a preimage that hashes to 5 (5 just an example value)
1. attacker has input and output and cant find a another input which maps to the output
1. More generally the attacker has the entire input space and cant find two inputs which hash to the same value

---

Expand Down Expand Up @@ -59,7 +60,7 @@ hash('hello') =
**Large input (1.2 MB):**

```text
hash(Harry_Potter_series_as_string) =
hash(Harry_Potter_series_as_string) u
0xc4d194054f03dc7155ccb080f1e6d8519d9d6a83e916960de973c93231aca8f4
```

Expand Down Expand Up @@ -99,11 +100,10 @@ See the Jupyter notebook and/or HackMD cheat sheet for this lesson.

## Speed

Some hash functions are designed to be slow.

These have applications like password hashing, which would slow down brute-force attackers.

For our purposes, we generally want them to be fast.
- Some hash functions are designed to be slow. <!-- .element: class="fragment" data-fragment-index="0" -->
- Does anyone know why someone would want a hash function to be slow? <!-- .element: class="fragment" data-fragment-index="1" -->
- These have applications like password hashing, which would slow down brute-force attackers. <!-- .element: class="fragment" data-fragment-index="2" -->
- For our purposes, we generally want them to be fast. <!-- .element: class="fragment" data-fragment-index="3" -->

---

Expand Down Expand Up @@ -236,8 +236,8 @@ single hash collision often results in the hash function being considered unsafe

> With 23 people, there is a 6% chance that someone will be born on a specific date, but a 50% chance that two share a birthday.

- Must compare each output with every other, not with a single one.<br />
- Number of possible "hits" increases exponentially for more attempts, reducing the expected success to the square-root of what a specific target would be.
- Must compare each birthday with every other, not with a single one.<br /> <!-- .element: class="fragment" data-fragment-index="0" -->
- Number of possible "hits" increases exponentially for more attempts, reducing the expected success to the square-root of what a specific target would be. <!-- .element: class="fragment" data-fragment-index="1" -->

</pba-col>
<pba-col>
Expand Down Expand Up @@ -269,11 +269,14 @@ e.g., a 256 bit hash output yields 2^128 security

It should be difficult for someone to partially (for a substring of the hash output) find a collision or "second" pre-image.

<section>
<p class="fragment">Bitcoin PoW is a partial pre-image attack.</p>
<p class="fragment">Prefix/suffix pre-image attack resistance reduces opportunity for UI attacks for address spoofing.</p>
<p class="fragment">Prefix collision resistance important to rationalize costs for some cryptographic data structures.</p>
</section>
- Bitcoin PoW is a partial pre-image attack. <!-- .element: class="fragment" data-fragment-index="0" -->
- Can anyone explain how? <!-- .element: class="fragment" data-fragment-index="1" -->
- Prefix/suffix pre-image attack resistance reduces opportunity for UI attacks for address spoofing.<!-- .element: class="fragment" data-fragment-index="2" -->
- Prefix collision resistance important to rationalize costs for some cryptographic data structures.<!-- .element: class="fragment" data-fragment-index="3" -->

Notes:
This is a technique used to trick users into thinking they are interacting with a trusted entity (like a account or piece of data) when they are actually interacting with a malicious actor. This can be done by creating a fraudulent address that looks similar to a legitimate one.
example AEVXZ AEVYZ

---

Expand Down Expand Up @@ -307,9 +310,8 @@ Let's see which cryptographic properties apply to hashes.

## Confidentiality

Sending or publically posting a hash of some data $D$ keeps $D$ confidential, as only those who already knew $D$ recognize $H(D)$ as representing $D$.

Both cryptographic and non-cryptographic hashes work for this. _only if the input space is large enough_.
- Sending or publicly posting a hash of some data $D$ keeps $D$ confidential, as only those who already knew $D$ recognize $H(D)$ as representing $D$.
- Both cryptographic and non-cryptographic hashes work for this, _only if the input space is large enough_.

---v

Expand All @@ -327,6 +329,9 @@ The other player doesn't need to undo the hash function to know what you played!

Notes:

Question:
How can we fix this issue?

The data space has to be _sufficiently large_.
Adding some randomness to input of the hash fixes this. Add x bits of randomness to make it x bits of security on that hash.

Expand All @@ -352,6 +357,8 @@ However, if used in another cryptographic primitive that _does_ provide non-repu

Notes:

- The hash alone doesnt give one the ability to authenticate or identify the originator of the data because anyone with access to the data can produce the same hash.

This is key in digital signatures. However, it's important to realize that if $D$ is kept secret, $H(D)$ is basically meaningless.

---
Expand All @@ -374,7 +381,9 @@ In [Bittorrent](https://en.wikipedia.org/wiki/BitTorrent), each file chunk is ha

Notes:

The hash of the large file can also serve as a signal to the protocol that transmission is complete.
- Content addressed file is when a file is identified based on the content of the file.

- The hash of the large file can also serve as a signal to the protocol that transmission is complete.

---

Expand Down Expand Up @@ -408,11 +417,12 @@ Hash of pub key:

It is often useful to commit to some information<br /> without storing or revealing it:

- A prediction market would want to reveal predictions only after the confirming/refuting event occurred.
- Users of a system may want to discuss proposals without storing the proposal on the system.

However, participants should not be able to modify their predictions or proposals.
- A prediction market would want to reveal predictions only after the confirming/refuting event occurred.<!-- .element: class="fragment" data-fragment-index="0" -->
- Users of a system may want to discuss proposals without storing the proposal on the system.<!-- .element: class="fragment" data-fragment-index="1" -->
- However, participants should not be able to modify their predictions or proposals.<!-- .element: class="fragment" data-fragment-index="2" -->

Notes:
What is an example of an application would use an application like this?
---

## Commit-Reveal
Expand Down