hash functions in blockchains
play

Hash functions in blockchains Daniel Augot INRIA Saclay - PowerPoint PPT Presentation

Aug 28, 2023 •48 likes •658 views

Hash functions in blockchains Daniel Augot INRIA Saclay Ile-de-France Laboratoire dinformatique de l Ecole polytechnique Head of project-team Grace (crypto) Daniel Augot: 1/50 This talk Crypto is standard Power law!

  1. Hash functions in blockchains Daniel Augot INRIA Saclay–ˆ Ile-de-France Laboratoire d’informatique de l’´ Ecole polytechnique Head of project-team Grace (crypto) Daniel Augot: 1/50

  2. This talk Crypto is standard Power law! Peer-to-peer is Time series unefficient viz: so easy Basic Game theory No big data ! Not consensus Daniel Augot: 2/50

  3. This talk Crypto is standard Power law! Peer-to-peer is Time series unefficient viz: so easy Basic Game theory No big data ! Not consensus Well, actually, there are very good research topics. Daniel Augot: 2/50

  4. This talk Crypto is standard Power law! Peer-to-peer is Time series unefficient viz: so easy Basic Game theory No big data ! Not consensus Well, actually, there are very good research topics. A very narrow view: hash functions. Daniel Augot: 2/50

  5. Outline Transactions and Ledger Hash functions and Proof-of-work Opening the box: SHA-256 SHA256(SHA256( x )) and mining Scrypt Ethash Equihash Daniel Augot: 3/50

  6. Outline Transactions and Ledger Hash functions and Proof-of-work Opening the box: SHA-256 SHA256(SHA256( x )) and mining Scrypt Ethash Equihash Daniel Augot: Transactions and Ledger 4/50

  7. Bitcoin: A Peer-to-Peer Electronic Cash System Satoshi Nakamoto satoshin@gmx.com What is needed is an electronic www.bitcoin.org payment system based on cryp- Abstract. A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a tographic proof instead of trust, financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. [. . . ] without the need for a The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of trusted third party events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest We propose a solution [. . . ] using proof-of-work chain as proof of what happened while they were gone. a peer-to-peer distributed times- 1. Introduction Commerce on the Internet has come to rely almost exclusively on financial institutions serving as tamp server to generate [. . . ] trusted third parties to process electronic payments. While the system works well enough for most transactions, it still suffers from the inherent weaknesses of the trust based model. Completely non-reversible transactions are not really possible, since financial institutions cannot proof of the chronological order of avoid mediating disputes. The cost of mediation increases transaction costs, limiting the minimum practical transaction size and cutting off the possibility for small casual transactions, transactions and there is a broader cost in the loss of ability to make non-reversible payments for non- reversible services. With the possibility of reversal, the need for trust spreads. Merchants must be wary of their customers, hassling them for more information than they would otherwise need. A certain percentage of fraud is accepted as unavoidable. These costs and payment uncertainties can be avoided in person by using physical currency, but no mechanism exists to make payments over a communications channel without a trusted party. Satoshi Nakamoto. Bitcoin: What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted A Peer-to-Peer Electronic Cash third party. Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers. In this paper, we propose a solution to the double-spending problem using a peer-to-peer distributed System . Online, bit- timestamp server to generate computational proof of the chronological order of transactions. The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes. coin.org/bitcoin.pdf. 2008 1 Daniel Augot: Transactions and Ledger 5/50

  8. Transactions I ◮ Alice transfers bitcoins to Bob Alice From Bob To "1" ◮ this is written in a public ledger Daniel Augot: Transactions and Ledger 6/50

  9. Blocks and the ledger Daniel Augot: Transactions and Ledger 7/50

  10. Blocks and the ledger Rebbeca Mary Marewitt "This book must be produced whenever any money is deposited or withdraw" Transaction Officer's signature March 27, 1869 Date stamp of the office to be affixed against each entry Daniel Augot: Transactions and Ledger 8/50

  11. Blocks and the ledger Rebbeca Mary Marewitt adresse bitcoin "This book must be produced whenever any money is deposited or withdraw" registre public Transaction Officer's signature pas d'officier March 27, 1869 ni de signature Date stamp of the office "minage" to be affixed against each entry Daniel Augot: Transactions and Ledger 9/50

  12. Blocks are chained Daniel Augot: Transactions and Ledger 10/50

  13. Blocks are chained hash hash hash Daniel Augot: Transactions and Ledger 10/50

  14. Blocks are chained hash hash hash Actually, the hash is hard to find: proof-of-work Cynthia Dwork and Moni Naor. “Pricing via Processing or Combatting Junk Mail”. In: CRYPTO’ 92 . 1993 Daniel Augot: Transactions and Ledger 10/50

  15. Outline Transactions and Ledger Hash functions and Proof-of-work Opening the box: SHA-256 SHA256(SHA256( x )) and mining Scrypt Ethash Equihash Daniel Augot: Hash functions and Proof-of-work 11/50

  16. Cryptographic hash function � { 0 , 1 } ∗ { 0 , 1 } m → H : x �→ y = H ( x ) ◮ deterministic algorithm ◮ no secrets, no keys (neither private, public, or secret) ◮ it is not signature, neither encryption ◮ it is not signature, neither encryption ◮ it is not signature, neither encryption ◮ it is not signature, neither encryption ◮ it is not signature, neither encryption ◮ . . . Daniel Augot: Hash functions and Proof-of-work 12/50

  17. Cryptographic hash function � any bit string → m bits H : x �→ y = H ( x ) ◮ deterministic algorithm ◮ no secrets, no keys (neither private, public, or secret) ◮ it is not signature, neither encryption ◮ it is not signature, neither encryption ◮ it is not signature, neither encryption ◮ it is not signature, neither encryption ◮ it is not signature, neither encryption ◮ . . . Daniel Augot: Hash functions and Proof-of-work 12/50

  18. Cryptographic hash function � any bit string → m/8 bytes H : x �→ y = H ( x ) ◮ deterministic algorithm ◮ no secrets, no keys (neither private, public, or secret) ◮ it is not signature, neither encryption ◮ it is not signature, neither encryption ◮ it is not signature, neither encryption ◮ it is not signature, neither encryption ◮ it is not signature, neither encryption ◮ . . . Daniel Augot: Hash functions and Proof-of-work 12/50

  19. Cryptographic hash function � any digitalized document → m/8 bytes H : x �→ y = H ( x ) ◮ deterministic algorithm ◮ no secrets, no keys (neither private, public, or secret) ◮ it is not signature, neither encryption ◮ it is not signature, neither encryption ◮ it is not signature, neither encryption ◮ it is not signature, neither encryption ◮ it is not signature, neither encryption ◮ . . . Daniel Augot: Hash functions and Proof-of-work 12/50

  20. Cryptographic hash function: properties Standard definition ◮ First preimage resistance: given y = H ( x ) , impossible to find x ◮ no better way than 2 m calls to H ◮ Second preimage resistance: given x impossible to find x ′ s.t. H ( x ′ ) = H ( x ) ◮ no better way than 2 m calls to H ◮ Collision resistance: impossible to find x , x ′ s.t. H ( x ) = H ( x ′ ) ◮ no better way than 2 m / 2 calls to H Random Oracle Idealization ◮ Hold a table T ◮ when queried for x ◮ if x ∈ T return T [ x ] ◮ if x �∈ T return a random y , and set T [ x ] = y Daniel Augot: Hash functions and Proof-of-work 13/50

  21. Why such a thing would be useful Most unsemantic function: given x , y = F ( x ) is (hopefully) pure random! Usage ◮ Ensuring file integrity: M �→ ( M , h ( M )) If h ( M ) is secure, there can be non corruption on M = ⇒ integrity of the blockchain from last trusted hash h ◮ Password storage (with a pinch of salt) ◮ Blind registration of documents (notarization) d95b82d3187458f83ad36abd509c7688f60cbda4 Daniel Augot: Hash functions and Proof-of-work 14/50

  22. Where do they come from Daniel Augot: Hash functions and Proof-of-work 15/50

  23. Where do they come from Daniel Augot: Hash functions and Proof-of-work 15/50

  24. SHA-1 is well broken (alongside with pdf) Daniel Augot: Hash functions and Proof-of-work 16/50

  25. SHA-1 is well broken (alongside with pdf) Daniel Augot: Hash functions and Proof-of-work 16/50

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must provide o Compression output length is small o Efficiency h(x) easy to compute for any x o One-way given a value y it is infeasible to find

465 views • 42 slides
(username, password) ? x ? ? ? ? but (username,hash(password))

(username, password) ? x ? ? ? ? but (username,hash(password))

Hash Functions - Bart Preneel June 2016 Hash functions X.509 Annex D RIPEMD-160 SHA-3 MDC-2 SHA-256 MD2, MD4, MD5 Introduction to the SHA-512 SHA-1 Design and Cryptanalysis of Cryptographic Hash Functions This is an input to a crypto-

517 views • 10 slides
Hash Pile Ups: Using Collisions to Identify Unknown Hash Functions R. Joshua Tobin and David

Hash Pile Ups: Using Collisions to Identify Unknown Hash Functions R. Joshua Tobin and David

Hash Pile Ups: Using Collisions to Identify Unknown Hash Functions R. Joshua Tobin and David Malone 11 October 2012 Hash Functions We are talking about hash functions for consistent assignment. For example, Hash tables, Network

448 views • 18 slides
Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about digital signatures... A Tale of Two Boxes A Tale of Two Boxes Much of today s applied cryptography works with two magic boxes A Tale of Two Boxes

1.68k views • 129 slides
Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about digital signatures... A Tale of Two Boxes A Tale of Two Boxes Much of today s applied cryptography works with two magic boxes A Tale of Two Boxes

1.37k views • 120 slides
Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message

Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message

Cryptography Hash Functions and MACs Introduction to Hash Functions Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message Cryptography Authentication Codes School of Engineering and Technology

787 views • 23 slides
Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message

Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message

Cryptography Hash Functions and MACs Introduction to Hash Functions Hash Functions and MACs Properties of Cryptographic Hash Functions Introduction to Message Cryptography Authentication Codes School of Engineering and Technology

338 views • 23 slides
Outline Hash Functions 1 Iterated Hash Functions CPSC 418/MATH 318 Introduction to Cryptography

Outline Hash Functions 1 Iterated Hash Functions CPSC 418/MATH 318 Introduction to Cryptography

Outline Hash Functions 1 Iterated Hash Functions CPSC 418/MATH 318 Introduction to Cryptography SHA-1 SHA-3 (Keccak) Hash Functions, SHA-3, Message Authentication Codes 2 Sponge Construction Keccak Overview Renate Scheidler Keccak

888 views • 14 slides
Cryptographic Hash Functions Signatures Requirements MD5 and SHA CSS441: Security and

Cryptographic Hash Functions Signatures Requirements MD5 and SHA CSS441: Security and

CSS441 Hash Functions Hash Functions Authentication Cryptographic Hash Functions Signatures Requirements MD5 and SHA CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by

1.04k views • 24 slides
References Cryptographic Hash Functions Hash Functions, Chapter 11 of Understanding

References Cryptographic Hash Functions Hash Functions, Chapter 11 of Understanding

References Cryptographic Hash Functions Hash Functions, Chapter 11 of Understanding Cryptography by Paar & Pelzl. & Mathematical Cryptography , by Keijo Ruohonen, http://math.tut.fi/~ruohonen/MC.pdf , pages 9899. Signature

255 views • 10 slides
Overview Hash Functions On Building Hash Functions From Multivariate Quadratic Equations

Overview Hash Functions On Building Hash Functions From Multivariate Quadratic Equations

Overview Hash Functions On Building Hash Functions From Multivariate Quadratic Equations Multivariate quadratic equations Olivier Billet, Thomas Peyrin, and Matt Robshaw Hash functions and multivariate quadratic equations Orange Labs

299 views • 3 slides
Hash Functions in Action Hash Functions in Action Lecture 12 Hash Functions Hash Functions

Hash Functions in Action Hash Functions in Action Lecture 12 Hash Functions Hash Functions

Hash Functions in Action Hash Functions in Action Lecture 12 Hash Functions Hash Functions Main syntactic feature: Variable input length to fixed length output Hash Functions Main syntactic feature: Variable input length to fixed length

1.85k views • 147 slides
Hash Functions in Action Hash Functions in Action Lecture 11 Hash Functions Hash Functions

Hash Functions in Action Hash Functions in Action Lecture 11 Hash Functions Hash Functions

Hash Functions in Action Hash Functions in Action Lecture 11 Hash Functions Hash Functions Main syntactic feature: Variable input length to fixed length output Hash Functions Main syntactic feature: Variable input length to fixed length

1.76k views • 147 slides
HASH FUNCTIONS 1 / 62 What is a hash function? By a hash function we usually mean a map h : D

HASH FUNCTIONS 1 / 62 What is a hash function? By a hash function we usually mean a map h : D

HASH FUNCTIONS 1 / 62 What is a hash function? By a hash function we usually mean a map h : D { 0 , 1 } n that is compressing, meaning | D | > 2 n . E.g. D = { 0 , 1 } 2 64 is the set of all strings of length at most 2 64 . h n MD4

1.13k views • 78 slides
1 Simple Hash Functions Requirements for Hash Functions 1. can be applied to any sized message M

1 Simple Hash Functions Requirements for Hash Functions 1. can be applied to any sized message M

CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Using Symmetric Ciphers for MACs can use any block cipher chaining mode and use final block as a MAC Chapter 12 Hash Algorithms Data Authentication Algorithm (DAA) is a widely used MAC

305 views • 5 slides
Hash Functions and Hash Tables (2.5.2) A hash function h maps keys of a given type to

Hash Functions and Hash Tables (2.5.2) A hash function h maps keys of a given type to

Dictionaries 1/19/2005 11:37 PM Hash Functions and Hash Tables (2.5.2) A hash function h maps keys of a given type to Dictionaries and Hash Tables integers in a fixed interval [0, N 1] Example: h ( x ) = x mod N 0 is a hash function for

503 views • 4 slides
Aflatoxins: Impact on Livestock and Livestock Trade ALiCE 2013, 26-28 June 2013 Amare Ayalew

Aflatoxins: Impact on Livestock and Livestock Trade ALiCE 2013, 26-28 June 2013 Amare Ayalew

Aflatoxins: Impact on Livestock and Livestock Trade ALiCE 2013, 26-28 June 2013 Amare Ayalew (PhD) Plant Pathologist/Mycotoxicologist, PACA What are aflatoxins? Fungal metabolites (naturally occurring) Produced by strains of Aspergillus

1.31k views • 27 slides
Last Unit Judiciary Chapter 16 Civil liberties Chapter 5 Civil Rights Chapter 6 Introduction

Last Unit Judiciary Chapter 16 Civil liberties Chapter 5 Civil Rights Chapter 6 Introduction

Last Unit Judiciary Chapter 16 Civil liberties Chapter 5 Civil Rights Chapter 6 Introduction Alexander Hamilton: the judiciary would be the least dangerous branch of the national govt. Do you agree that the judiciary is an

1.31k views • 84 slides
Gesture Recognition with CNN Ahmed Abdelghany 20 January 2020 Outline Motivation for Gesture

Gesture Recognition with CNN Ahmed Abdelghany 20 January 2020 Outline Motivation for Gesture

Gesture Recognition with CNN Ahmed Abdelghany 20 January 2020 Outline Motivation for Gesture Recognition Taxonomy of GR Sensors for Gesture Recognition GR for Human Robot Interaction Convolutional Neural Network

791 views • 29 slides
Resistant Isolates) Being Developed for the Treatment of Vulvovaginal Candidiasis Stephen A.

Resistant Isolates) Being Developed for the Treatment of Vulvovaginal Candidiasis Stephen A.

In Vitro Activity of the Novel Agent, Ibrexafungerp (formerly SCY-078) Against Candida spp. (Including Fluconazole- Resistant Isolates) Being Developed for the Treatment of Vulvovaginal Candidiasis Stephen A. Barat, PhD Vice-President

748 views • 13 slides
Healthcare Sharing Ministries, an Alternative to Health Insurance July 30, 2019 Presented by:

Healthcare Sharing Ministries, an Alternative to Health Insurance July 30, 2019 Presented by:

Healthcare Sharing Ministries, an Alternative to Health Insurance July 30, 2019 Presented by: Michelle Berndt OneShare Health, LLC What is a Healthcare Sharing Ministry? Organizations that facilitate sharing of healthcare costs among

473 views • 21 slides
European Safety Promotion Network Rotorcraft Hoist Operation Michel Masson, Lionel Tauszig

European Safety Promotion Network Rotorcraft Hoist Operation Michel Masson, Lionel Tauszig

European Safety Promotion Network Rotorcraft Hoist Operation Michel Masson, Lionel Tauszig EASA Airbus Helicopters Bernd Osswald, Alexander Weissenboeck September 27 th 2018 AGENDA Helicopter Rescue Hoist Thematics and Safety Promotion

876 views • 83 slides
PROMOTING FINANCIAL AND HUMAN RESOURCES FOR FAMILY PLANNING AND MATERNAL HEALTH International

PROMOTING FINANCIAL AND HUMAN RESOURCES FOR FAMILY PLANNING AND MATERNAL HEALTH International

Keynote Address by Mr. Werner Haug Director, Technical Division UNFPA on PROMOTING FINANCIAL AND HUMAN RESOURCES FOR FAMILY PLANNING AND MATERNAL HEALTH International Conference on promoting Family Planning and Maternal Health for Poverty

181 views • 7 slides
Death before Birth Understanding, informing and supporting the choices made by people who have

Death before Birth Understanding, informing and supporting the choices made by people who have

Death before Birth Understanding, informing and supporting the choices made by people who have experienced miscarriage, termination, and stillbirth Overall project aim: To examine the law surrounding the disposal of the remains of pregnancy

362 views • 21 slides

More recommend