# hash functions

What are hash functions?


Let's consider the set of all bit strings: 

$ B = {0,1,00,01,10,11,...}$, or $ B = \bigcup\limits_{i=1}^{\infty}\{0,1\}^i$

Then a _hash function_ is any function that maps $h: B \mapsto \{0,1\}^k, k \in N$

That is: a function that, given any string of bits, returns a string of bits of finite defined length.

Examples of hash functions:

In [None]:
def h1(s):
    return s[0] # returns the first bit

def h2(s):
    return s[:5] # returns the first 5 bits

def h3(s):
    h = 0x00
    for b in s:
        h ^= b   # xors all the bytes in s
    return h

ok, these examples are not very exciting.

But consider the set $H$ of all the possible hash function, and pick one _at random_ (ok, since $H$ is infinite you should define a distribution, and not a uniform one, but let's not be picky here...)

So, your picked up $h$ is a _random oracle_! That is, a function that, given an input $x$ gives you a random number, but in a "consistent" way: if you give compute $h(x)$ over and over, you always get the same result.


Now, what can we do, with a random oracle? Some interesting things, it turns out!

But, first of all, do you want to see how our $h$ could look like? Here's an online interactive example: https://emn178.github.io/online-tools/sha256.html

In [23]:
# in python we have some interesting function that at least mimic a random oracle

from hashlib import sha256

print(sha256(b"ciao").hexdigest())

b133a0c0e9bee3be20163d2ad31d6248db292aa6dcb1ee087a2aa50e0fc75ae2


What can we do with a hash function?

## commit reveal

Suppose I want to make a forecast, like about something that you will do or say. If I tell you what you will do, then you'll avoid doing it. If I don't tell it to you in advance, you won't know if I made up my minds after the fact.
A solution can be: I write my prediction on a piece of paper, put it in an envelope, seal it in front of you, you seal it with your signature so that it cannot be tampered with. After the fact, we open the envelope, and check.

With an hash function, we can do this digitally!

I compute the hash of my forecast, and tell it to you (that's my _commitment_). Can you obtain the original message? Well that's difficult for many reasons

Given a hash function $H$ and a value $h$ in the domain of $H$, we say that $x$ is a _preimage_ of $h$ if $H(x) = h$. Now my forecast is for sure a preimage of my commitment.

Can you find a preimage of my commitment? How difficult is that?

On the other hand, can I produce a commitment that is a preimage of two different forecasts? How difficult would that be?

So, after the fact, I reveal my forecast. You check that the hash of the forecast matches the commitment, and are sure that I couldn't have changed it.


Exercise:
 * find a preimage of the hash `3fff0f0c45f0dcb95fdd65734f039268ed1a762cd4a2c7d240e4b1570110087b`?
 * how would you implement "stone scissor paper" digitally (or, on the phone)? 


## proof of work

[...]

In [27]:
# cryptography

## simmetric criptography

## asymmetric encription



In [32]:
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa

rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend())

<cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey at 0x10a862d60>

In [33]:
private_key = _

In [35]:
private_key.private_bytes()

TypeError: private_bytes() missing 3 required positional arguments: 'encoding', 'format', and 'encryption_algorithm'

In [36]:
import rsa

In [37]:
rsa.newkeys(512)

(PublicKey(7047579664224514446719271075206118885209826400806315692003343267528984533683925587185565239956811404652712137187452913328106425752018046743349174749538939, 65537),
 PrivateKey(7047579664224514446719271075206118885209826400806315692003343267528984533683925587185565239956811404652712137187452913328106425752018046743349174749538939, 65537, 4882236970496928153493471261812914895515683177792812285161722197981040124058305004131079087529227196252527426184490926504389358672908031910659717208699993, 4479521826758098969045899063704459637838846343908745017187147159119442008890269519, 1573288385855451827726035148852957093629881762756488391922735255841724181))

In [38]:
from Crypto.PublicKey import ECC

In [40]:
key = ECC.generate(curve="P-256")

In [41]:
key

EccKey(curve='NIST P-256', point_x=81582680058627017486006378611826865458598417889981398958496036641016139409665, point_y=69035584471826084033859581046609518974112247253213106749007283175222844257387, d=49744664049329236159485831190470814555291327373484787370364890516130198985607)

In [42]:
from Crypto.Cipher import Salsa20

In [43]:
key = b'ladsjlskdjsalkda'

In [44]:
cipher = Salsa20.new(key)

In [45]:
ciphertext = cipher.encrypt(b'uau')

In [46]:
ciphertext

b'\x04\xcd\xac'

In [47]:
cipher.decrypt(_)

b'I\x87\xc0'

In [48]:
from Crypto.Cipher import AES

In [49]:
key = b"asdlkaslaskdjalksdaskdj"

In [51]:
cipher = AES.new(key[:16], AES.MODE_EAX)

In [52]:
cipher.encrypt(b"ciao")

b'&\xa9Zq'

In [53]:
cipher.decrypt(_)

TypeError: decrypt() can only be called after initialization or an update()

In [54]:
key

b'asdlkaslaskdjalksdaskdj'

In [64]:
cipher = Salsa20.new(b"ciaociaociaociao")

In [65]:
cipher.encrypt(b"ciao")

b'\xe3\x0e\x84R'

In [66]:
cipher.decrypt(_)

b'\xc4\x11c\x1c'

In [67]:
from Crypto.PublicKey import RSA

In [68]:
RSA.generate(2048)

RsaKey(n=23972631338794601326825679374378364383813060384477374832365394489281090130132624416136462199922060013843393262886469453876029215934122299203944304082912600882410943850933717782688971271565449031848779842497499057007937688257322488539297967712439970945369613362378891098661507598315735587082970860987597765263685684551874097734580607009852228464887370132325622166751457552064687894023995767043455340398200611098251710892980250680794869739561294752249005428572900357152123299593844326340807018681741043880694046969537422534104472827277789248302624495314076957588737149422173928960917684579921598478785440234717011053477, e=65537, d=5413292814483746662735450647137119711247836804093575692268115309624652529652451420333605506761776800049870712688357133343170367374293542669319190016677961769058692922318203296855426489584464962118041608390992699462295647474252948836429354779382625540084607292824590832187796984107825670281533878141438566430149126289716885900753593981221660495593680426402005149

In [69]:
key = _

In [70]:
key.export_key()

b'-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAveZak6y1sg4mh6o2BwRP3rlLfV1fmYFW4/SCUul86pQW02kx\nCAH6KjF5Ftk6dIRCoKpL3KfazaqI2RbO868tW3x0y2wD162NiZhOJP/1q2j/b2Hb\nzY3TisJcS6hob+y5RsycnFuvieauMtDjZiyMelcE679tB8xB19nlXVkBOkL7pfbN\nPkL6SZHhGTJ5J6fUxTQFUPOdDN0TCpCiTNGz8w8q8/ITSiA8dFFtby61m/0+jdX0\nff5ugiGa9Et9BAlIjWt2P3zH6XOuRsIUDVGy81Mj/h/vzO/wi54TIeHoy4uYtKh0\n/BS4PY9RUyLu6W3dh2M6Awi6CsS5l+WJ+6ELpQIDAQABAoIBACrhrIxyUKk/dsXl\n0sNs3thNgVVy01anlUZufUtZvEKAZFMjCtZjE+mZOF3HeeK7xwveyLiwEsGkg7h5\n5Qu0AAsLpJgW8Rsv7qkmgmbqgcBOOngdYfQd1aocz5iqE8NKcmAhbjAEqDP8qlOB\nRghZgPNTWSIfHPDI2Al1A807fwJ3n78Ht3teOT14G0f/NrH/OdPZF2IV4IkQH5tt\nhLG9yVl3zvkQQr+yDyK0E5xqpmVRYELkAgBOJRdviV4dILE9YZL/tOuPJt2UWndJ\n26Szb/5GKdNCIlgKCw92V+hoqBns9WbauC8VtVAYYhaXxyKF1V78Z5vI/aGY+YNR\npqpDQbUCgYEAyY9sSTFKdJgXj898AKxNOHNW0aBWW3W98ej1ah5AxpR6oOuJqeEV\nXN70gEKa3whyBXafJDucyZm6bGe1GiLZT7OphnS3IIXo3aX5cmRN43lHTDCdiiVZ\ngJZVQ+z7fSDIEVzn/Tv8uOSEZB12MetSyzCAlDVLu5Swci12K1ZWMG8CgYEA8TCw\nN7YIprQ9U9Q69wQ4hLTCxA9RokXBaXsxYqUn9WQ77

In [71]:
key.publickey()

RsaKey(n=23972631338794601326825679374378364383813060384477374832365394489281090130132624416136462199922060013843393262886469453876029215934122299203944304082912600882410943850933717782688971271565449031848779842497499057007937688257322488539297967712439970945369613362378891098661507598315735587082970860987597765263685684551874097734580607009852228464887370132325622166751457552064687894023995767043455340398200611098251710892980250680794869739561294752249005428572900357152123299593844326340807018681741043880694046969537422534104472827277789248302624495314076957588737149422173928960917684579921598478785440234717011053477, e=65537)