I set out to learn everything about cryptography in 2022 and share what I have learned along the way. I started the Cryptography Primer this year, where you can find more information, and which will grow each week. Following is an excerpt from this site explaining everything you need to know to get started with hashes, MACs and digital signatures. Have fun!_
-- Daniel
Hashes, MACs and digital signatures are primitives of cryptography, where hashes are also used outside of cryptography - e.g. to validate that a message has not been corrupted during transport.
Hashes, MACs and digital signatures have a few things in common:
- They can be used to validate the "integrity" of a message - this means that you can be sure that the message was not corrupted if it matches the hash, signature or MAC that you compare it with.
- The original message can not be extracted from them.
- Hence, they don't encrypt messages and are not encryption algorithms.
Here is a table showing the differences of the possibilities for each primitive:
| Feature | Hash | Message Authentication Code (MAC) | Digital Signature |
|---|---|---|---|
| Validate that data has not been tampered with or has been corrupted ("Integrity") | ✅ | ✅ | ✅ |
| Validate the sender of a message by using the Private Key ("Authentication") | ❌ | ✅ | ✅ |
| Validate the sender of a message by using the Public Key ("Authentication") | ❌ | ❌ | ✅ |
| Prove that the sender has written and published a message ("Non-Repudiation") | ❌ | ❌ | ✅ |
What are use-cases for hashes?
A hash basically "reduces" an arbitrary large message into a fixed size digest in a non-reversible way. In particular, a hash function aims to do this in a way that possible collisions are as unlikely as possible. Nowadays, when you say "hash function", you usually mean cryptographic hash functions. There are non-cryptographic hash functions1, too (but some even refuse to call those hash functions): Most notably CRC2 (cyclic redundancy check), which is often used to verify that data has not been (unintentionally) corrupted during transport.
But even cryptographic hash functions can be used for non-cryptographic as well as cryptographic use cases:
Non-Cryptographic use-cases for hash functions
Here are some examples how hash functions are used in non-cryptographic context:
- Validate that a message has not been corrupted (or modified) during transport. For example, you can often find hashes next to a download link that can be used to validate that the file has exactly the same content as it supposed to have after you have downloaded it.
- "Shrink" information to a unique identifier that can be used for lookups. For example, you can look up a whole sentence or even a whole paragraph of text in a database by using it's hash, instead of comparing all characters of the paragraph in the database.
Cryptographic use-cases for hash functions
Here are some examples how hash functions ar used in cryptograhpic context:
- Usually digital signatures are not applied to the whole message or data block, but on a hash digest of that message. In this scenario, the collision-resistance of the hash function is of utter importance34.
- Store passwords5.
- Some MAC algorithms are based on hash functions - these are called "HMAC" (hash-based message authentication code) and basically build a hash on a mixup of the Private Key and the message.
Comparison of hashing functions
| Name | Digest Sizes | Description |
|---|---|---|
| SHA2 | 224, 256, 384, 512 |
Recommended SHA2-family hashing functions are state-of-the-art and considered very secure. SHA2 is not less secure than SHA3. Also known as SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256. |
| SHA3 | 224, 256, 384, 512 |
Recommended SHA3-family hashing functions are state-of-the-art and considered as secure as SHA2. SHA3 was inventend as an alternative to SHA2 in case that SHA2 would be broken, but is computationally more expensive than SHA2. Also known as SHA3/224, SHA3/256, SHA3/384 and SHA3/512. |
| SHA1 | 160 Bit |
Not recommended There are practical known collission attacks for SHA1. |
| MD5 | 128 Bit |
Not recommended There are practical known collission attacks for MD5. |
What are use-cases for digital signatures?
Digital signatures also provide the integrity validation function of hashes. But additionally, digital signatures let you verify that the sender of the message is authentic, e.g. the message originates from the source that you expected.
Because digital signatures are using "asymmetric cryptography", you can use the Public Key to validate the integrity and authenticity of the message. This has the advantage that you do not need to share a common Private Key between the sender and the recipient.
Use-cases for digital signatures:
- Publish a message and "sign" it so that everyone can verify that it has been written and published by you.
- For example, TLS (and therefore HTTPS, which builds on TLS) uses digital signatures to authenticate the server behind the domain that you have requested data from.
- The underlying building block for this are x.509 certificates that are also widely used in other systems where it is important to let anybody know that a "certificate", that provides arbitrary permissions or identifications, can be trusted.
- Mobile platforms such as Apple's iOS and Google's Android use digital signatures to sign apps in they App Store/Play Store so that the system is able to trust these apps (and in turn is able to block running untrusted apps).
Comparison of digital signature algorithms
| Name | Description |
|---|---|
| EdDSA |
Recommended This algorithm is a variant of DSA, but uses "twisted Edwards curves", which have a few advantages6:
|
| ECDSA |
Recommended This algorithm is a variant of DSA, but uses elliptic curves instead of modular arithmetic. This decreases the required key size for the same safety level drastically. Additionally, the same Public/Private Key pair could be used for encryption using ECIES, which could be an advantage. |
| RSA |
Recommended RSA can be used for digital signatures and asymmetric encryption using the same Public/Private key pair. Compared to ECDSA and EdDSA it has much larger key sizes and is computationally more expensive. However, if your system can profit from using the same Private/Public key pair for signing and encrypting, and the somewhat rarely used ECIES is not a feasible option for you, RSA can be a good fit. |
| DSA |
Use EdDSA, ECDSA or RSA instead (preference in this order) DSA was the first standardised digital signature algorithm and is still considered secure. However, the large key size and expensive computations makes it less pratical than it's modern successors such as ECDSA and EdDSA. |
What are MACs used for?
You should usually not require to use MACs yourself, because these are often part of an "authenticated encryption" cipher such as AES-GCM or ChaCha20-Poly1305.
MACs are similar to digital signatures, but they do not have the advantage of asymmetric cryptography, because they require the same Private Key for "signing" a message and authenticating the message.
- MACs are of utter importance to prevent CCA on ciphers7 - every cipher should include message authentication, which is usually accomplished by using a MAC.
-
List of hash functions on Wikipedia ↩
-
MD5 considered harmful today - Creating a rogue CA certificate from Eindhoven University of Technology ↩
-
Announcing the first SHA1 collision on Google Security Blog ↩
-
What is the difference between ECDSA and EdDSA? on crypto.stackexchange.com ↩
-
All the crypto code you’ve ever written is probably broken as blogged by Tony Arcieri. ↩
Top comments (1)
This article was thorough and useful to me, I'm also very much interested in seeing Cryptography Primer making progress towards completion. Thank you.