I was presenting the concept of hash function to some developers who have little knowledge about cryptography, and it was very challenging to simplify the concept in a visual way. So I decided to use an extra ordinary example to accomplish this job.
Here we go !!
Facebook wants to buy WhatsApp, and they want to send the agreement over the internet, but they want the agreement to be confidential.
Now both Facebook and WhatsApp have a shared secret key Key(K), that no one else know about. So Facebook will encrypt the agreement using an encryption algorithm using the shared secret key Key(K).
WhatsApp on the other side, will decrypt the message using the same shared secret key, and everyone is happy. Since the same key is used for encryption and decryption, we will call this (Symmetric Encryption)
Now, what if some third party tries to change some bits during the transmission of the encrypted agreement? This third party will not able to see the content of the agreement, because it does not know about the encryption key Key(K), but it can change couple of bits.
So now when WhatsApp tries to decrypt the modified the message, they may end up with a funny output 🙂 Now WhatsApp thinks that the offer is 229 Billion.
So how to protect the integrity of the agreement during transmission?
The answer is Hash Functions. Hash functions are taking any size of data, and produce a unique fixed size output. It is impossible to take the output of the hash function and reproduce the message again. This is why we call it One-Way function.
The other property of hash function is collision free (almost free). This means that it is so hard to generate two different messages that produce the same hash output. This also means, that no matter how many time you hash a message, the output will be always the same.
Any simple change in the input message will produce a complete different hash output.
So now Facebook will do things differently. it will start with encryption to ensure confidentiality.
It will also compute the hash of the message to ensure integrity.
Both are to be sent to WhatsApp.
Now WhatsApp will decrypt the message using the shared secret key, and now to ensure that the message was not changed in transmission, it will also compute the hash of the message received, and compare the value with the hash value sent by Facebook. If both unique values are equal, then everything is okay.
I hoped you enjoyed the cool presentation. Keep in mind, that there is a lot to be said here. For example, you should use MAC techniques to authenticate the sender in addition to just hash function.
Download the slides
Feel free to use the slides. Download them : Hash Function Simplified