0

In a Coursera course on Bitcoin, one of the properties of cryptographic hash functions mentioned was 'Hiding' - given an output of a hash function it should be infeasible to find its input.

According to the course, we must concatenate a random string 'r' to the input 'x' before hashing it.My questions are: 1) Why do we concatenate 'r' and 'x' - is it only to reduce the probability of an adversary being able to find the input by trying to hash high-probability values as inputs and comparing them with the original output?2) If I wish to use the hash generated (after concatenating 'r' and 'x') to verify another file having the same content as 'x', where would I get the same 'r' from (which would be required for correct verification)?
rahs
  • 1,759
  • 2
  • 15
  • 31
  • 1
    This is not a programming question, and would fit better on crypto.SX -- if you give a citation or at least a better quote because it is NOT generally required to add randomness to a hash input _unless_ that input is so limited or constrained that bruteforce is feasible. E.g _password_ hashing adds randomness called salt (and also iterates) because the entropy in people's passwords is usually too low. But bitcoin doesn't use passwords, and _mostly_ hashes without adding randomness, so your course must be talking about something else, but we don't know what. – dave_thompson_085 Feb 18 '18 at 10:57
  • It sounds like adding random salt to avoid attacks using [rainbow tables](https://en.wikipedia.org/wiki/Rainbow_table). In this case 'r' can be published. – Marek Klein Feb 18 '18 at 11:54
  • @dave_thompson_085 This is from another SO question (https://stackoverflow.com/questions/42042840/properties-of-a-cryptographic-hash-function) about the same topic (although the question is not the same): Hiding: A hash function H is hiding if: when a secret value r is chosen from a probability distribution that has high entropy, then given H(r ‖ x) it is infeasible to find x. ‖ means concatenation of two strings. – rahs Feb 18 '18 at 12:15
  • @MarekKlein Thanks. However, if 'r' were published, then wouldn't it reduce the problem back to the original one of only finding an 'x' to which 'r' need be concatenated (i.e., what role does 'r' play in this case)? – rahs Feb 18 '18 at 12:17
  • 3
    I'm voting to close this question as off-topic because this question belongs on bitcoin.stackexchange.com, it doesn't contain any programming related question. – Maarten Bodewes Feb 18 '18 at 13:29
  • And this shows that voting to close doesn't work for tags such as crypto with lower level of traffic. – Maarten Bodewes Jun 30 '18 at 22:59

0 Answers0