What is a Secure Hash Function?

Hash functions are used extensively in data handling for encryption, integrity checks and authenticity checks. Hash functions are essentially algorithms that can be used to transform a data set of variable length to smaller, fix length, universally unique data sets by using the original data set as a “key” for the hash algorithm. There are several types of hash functions that each have their place within the world of cryptography including the MD5 and SHA-1 hash algorithms which are most commonly used.

One way hash algorithms are used is for message verification and authentication. Using the message itself as the “key” for a hash algorithm, the algorithm is run against the key resulting in a fixed length string of characters called a “hash.” The hash string is then included with the message when the message is sent. When the message is received the algorithm is run again against the message and then a comparison between the original hash and the second or new hash is performed. If the two hash strings are identical then the message is authentic. However, if the two hash functions are not identical, then it can be assumed that the message has altered in some way in route to the destination.

There are seven requirements or characteristics, which a hash function must meet in order for the function to be considered secure. First, the hash function must pass the pre-image test or “Pre”. This means that for a specified output it is not computationally feasible to find an input that can be hashed to the specified output (random key and random challenge). Two other variations of the pre-image test are the “ePre” which uses a random key and fixed challenge and the “aPre” which uses a fixed key and random challenge. The second pre-image requirement or “Sec” states that it is computationally infeasible to find a second input that results in the same output as a specified input (using a random key and random challenge for the second pre-image). Variations of the second pre-image are the “eSec” using a random key and fixed challenge and the “aSec” using a fixed key and random challenge. The collision requirement states that it is computationally infeasible to find two inputs that, when run with the hash algorithm, result in the identical output.

Secure hash functions can also have weak and strong collision resistance. Weak collision resistance is defined as the ability to generate a hash string given a specific message but nearly impossible to reverse the hash string back into the original message. Strong collision resistance is when it is impossible or almost impossible for a second but different message to output the same hash string as the first message. A secure hash algorithm must feature both.

Hash functions that meet the definitions of secure hash algorithms as defined above are used in securing the integrity and authenticity of electronic communication messages. They are essential to secure communication over public networks such as the Internet and essential to ensuring that a message received is the same as the message that was sent.