Hash chain: Difference between revisions
m →Winternitz chains: dab |
→References: added src |
||
Line 47: | Line 47: | ||
{{Reflist}} |
{{Reflist}} |
||
== Sources == |
|||
* {{cite book | title = Lecture Notes in Computer Science | last1 = Buchmann | first1 = Johannes | last2 = Dahmen | first2 = Erik | last3 = Ereth | first3 = Sarah | last4 = Hülsing | first4 = Andreas | last5 = Rückert | first5 = Markus | chapter = On the Security of the Winternitz One-Time Signature Scheme | date = 2011 | pages = 363–378 | publisher = Springer Berlin Heidelberg | issn = 0302-9743 | eissn = 1611-3349 | doi = 10.1007/978-3-642-21969-6_23 | url = https://eprint.iacr.org/2011/191.pdf}} |
|||
[[Category:Cryptographic algorithms]] |
[[Category:Cryptographic algorithms]] |
Revision as of 08:49, 9 November 2022
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)
|
A hash chain is the successive application of a cryptographic hash function to a piece of data. In computer security, a hash chain is a method to produce many one-time keys from a single key or password. For non-repudiation a hash function can be applied successively to additional pieces of data in order to record the chronology of data's existence.
Definition
A hash chain is a successive application of a cryptographic hash function to a string .
For example,
gives a hash chain of length 4, often denoted
Applications
Leslie Lamport[1] suggested the use of hash chains as a password protection scheme in an insecure environment. A server which needs to provide authentication may store a hash chain rather than a plain text password and prevent theft of the password in transmission or theft from the server. For example, a server begins by storing which is provided by the user. When the user wishes to authenticate, they supply to the server. The server computes and verifies this matches the hash chain it has stored. It then stores for the next time the user wishes to authenticate.
An eavesdropper seeing communicated to the server will be unable to re-transmit the same hash chain to the server for authentication since the server now expects . Due to the one-way property of cryptographically secure hash functions, it is infeasible for the eavesdropper to reverse the hash function and obtain an earlier piece of the hash chain. In this example, the user could authenticate 1000 times before the hash chain were exhausted. Each time the hash value is different, and thus cannot be duplicated by an attacker.
Binary hash chains
Binary hash chains are commonly used in association with a hash tree. A binary hash chain takes two hash values as inputs, concatenates them and applies a hash function to the result, thereby producing a third hash value.
The above diagram shows a hash tree consisting of eight leaf nodes and the hash chain for the third leaf node. In addition to the hash values themselves the order of concatenation (right or left 1,0) or "order bits" are necessary to complete the hash chain.
Winternitz chains
This section is actively undergoing a major edit for a short while. To help avoid edit conflicts, please do not edit this section while this message is displayed. This page was last edited at 08:49, 9 November 2022 (UTC) (18 months ago) – this estimate is cached, . Please remove this template if this page hasn't been edited for a significant time. If you are the editor who added this template, please be sure to remove it or replace it with {{Under construction}} between editing sessions. |
Winternitz chains (also known as function chains[2]) are used in hash-based cryptography. The chain is parameterized by the Winternitz parameter w (number of bits in a "digit" d, typically 4 to 16) and security strength parameter n (typically 128 or 256). The chain consists of w values that are results of repeated application of a one-way "chain" function F to a secret key sk: {sk, F(sk), F(F(sk), ..., Fw-1(sk)}. The chain function is typically based on a standard hash, but needs to be parameterized by the number of the digit in the message ("address") and a nonce ("seed"), so it involves few invocations of a cryptographic hash.[3]
Hash chain vs. blockchain
A hash chain is similar to a blockchain, as they both utilize a cryptographic hash function for creating a link between two nodes. However, a blockchain (as used by Bitcoin and related systems) is generally intended to support distributed consensus around a public ledger (data), and incorporates a set of rules for encapsulation of data and associated data permissions.
See also
- Challenge–response authentication
- Hash list – In contrast to the recursive structure of hash chains, the elements of a hash list are independent of each other.
- One-time password
- Key stretching
- Linked timestamping – Binary hash chains are a key component in linked timestamping.
- X.509
References
- ^ L. Lamport, “Password Authentication with Insecure Communication”, Communications of the ACM 24.11 (November 1981), pp 770-772. [1]
- ^ Huelsing, A., "Practical Forward Secure Signatures using Minimal Security Assumptions", PhD thesis TU Darmstadt, 2013, pp. 18-20. http://tuprints.ulb.tu-darmstadt.de/3651/1/Thesis.pdf
- ^ RFC 8391
Sources
- Buchmann, Johannes; Dahmen, Erik; Ereth, Sarah; Hülsing, Andreas; Rückert, Markus (2011). "On the Security of the Winternitz One-Time Signature Scheme". Lecture Notes in Computer Science (PDF). Springer Berlin Heidelberg. pp. 363–378. doi:10.1007/978-3-642-21969-6_23. eISSN 1611-3349. ISSN 0302-9743.