Cryptographic hash functions are hash functions with more requirements.

So, we will build on the definition of hash functions.

Here are the additional requirements: While the hash output

is well distributed and the outputs appear with equal currents,

the hash computation is still deterministic.

Cryptographic hash computations are also deterministic given an input.

However, in addition to being well distributed such just the normal hash,

cryptographic hash function outputs need to be pseudo random,

which shares some randomness property with

true randomness and can be tested by the pseudo randomness test.

For example, the test provided by NIST,

NIST, National Institutes of Standards and Technology.

Also, it is desirable that the hash function displays the avalanche effect which

yields that a slight change in the input will

result in significant changes in the corresponding output.

For example, one bit flip in the input,

changes half of the bits on the hash output.

In addition, cryptographic hash function requires two requirements.

One is the one-wayness property,

stating that it is easy to compute the hash output,

but from the output,

it's difficult to compute the reverse.

Another requirement is that of collision resistance.

It should be difficult to find two inputs mapping to the same hash output.

The application of hash functions may only require a subset of these properties.

For example, while digital signature and Message

Authentication Code typically requires all three properties,

using hash for password storage and quick verification,

requires one-wayness while the other properties are of relatively less significance,

because the password confidentiality is critical to

protect even when the hash output of the password becomes known to the attacker.

Let's further describe these requirements and define

the desirable properties for cryptographic hash functions.

First, the preimage resistance corresponds to the one way property.

The term preimage indicates the input for a given output.

For any output of the hash,

let's say h prime,

it is computationally infeasible to find that input y,

such that h of y is equal to h prime.

In other words, it is easy to generate a hash given an input

but practically infeasible to generate the input given the hash output.

This property is important if the hash computation involves the use of

a secret value which confidentiality has to be protected against the attackers.

The second property is the weak collision resistance,

also known as second preimage resistance.

This property guarantees that it is impossible to find

an alternative message with the same hash value as a given message.

This prevents forgery when an encrypted hash code is used.

A stronger notion of hash function can be used if it

satisfies the strong collision resistance property.

The strong collision resistance is one that is difficult to

find any pair that results in the same hash,

while weak collision resistance tries to find a collision, given X.

Strong collision resistance corresponds to finding any pair resulting in collision.

Such stronger notion of hash function protects against an attack in

which one party generates a message for another party to sign.

As mentioned previously, different applications may only require

a subset of these properties providing greater flexibility for hash implementation.

Next to me is a van diagram where each element

in the set can be viewed as different hash implementations.

As described, strong collision resistance implies weak collision resistance,

because finding a pair of distinct inputs that results in any collision,

is an easier attack than finding a collision for a given hash output.

In fact, the latter of finding the collision given

an output implies the former of finding any collision.

Because it is easier for the attacker to compromise strong collision resistance,

it is harder for the defender to realize such property and

therefore it is a stronger notion of collision resistance than weak collision resistance.