A hash chain is the successive application of a

cryptographic hash function A cryptographic hash function (CHF) is a hash algorithm (a map of an arbitrary binary string to a binary string with fixed size of n bits) that has special properties desirable for cryptography: * the probability of a particular n-bit output re ...

to a piece of data. In

computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...

, a hash chain is a method to produce many one-time keys from a single

key Key or The Key may refer to: Common meanings * Key (cryptography), a piece of information that controls the operation of a cryptography algorithm * Key (lock), device used to control access to places or facilities restricted by a lock * Key (map ...

password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...

. For

non-repudiation Non-repudiation refers to a situation where a statement's author cannot successfully dispute its authorship or the validity of an associated contract. The term is often seen in a legal setting when the authenticity of a signature is being challenged ...

a hash function can be applied successively to additional pieces of data in order to record the chronology of data's existence.

Definition

A hash chain is a successive application of a

h

to a string

x

. For example,

h(h(h(h(x))))

gives a hash chain of length 4, often denoted

h^(x)

Applications

Leslie Lamport Leslie B. Lamport (born February 7, 1941 in Brooklyn) is an American computer scientist and mathematician. Lamport is best known for his seminal work in distributed systems, and as the initial developer of the document preparation system LaTeX and ...

L. Lamport, “Password Authentication with Insecure Communication”, Communications of the ACM 24.11 (November 1981), pp 770-772

/ref> suggested the use of hash chains as a password protection scheme in an insecure environment. A server which needs to provide

authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicati ...

may store a hash chain rather than a

plain text In computing, plain text is a loose term for data (e.g. file contents) that represent only characters of readable material but not its graphical representation nor other objects (floating-point numbers, images, etc.). It may also include a limit ...

password and prevent theft of the password in transmission or theft from the server. For example, a server begins by storing

h^(\mathrm)

which is provided by the user. When the user wishes to authenticate, they supply

h^(\mathrm)

to the server. The server computes

h(h^(\mathrm)) = h^(\mathrm)

and verifies this matches the hash chain it has stored. It then stores

h^(\mathrm)

for the next time the user wishes to authenticate. An eavesdropper seeing

h^(\mathrm)

communicated to the server will be unable to re-transmit the same hash chain to the server for

since the server now expects

h^(\mathrm)

. Due to the one-way property of cryptographically secure hash functions, it is infeasible for the eavesdropper to reverse the hash function and obtain an earlier piece of the hash chain. In this example, the user could authenticate 1000 times before the hash chain were exhausted. Each time the hash value is different, and thus cannot be duplicated by an attacker.

Binary hash chains

Binary hash chains are commonly used in association with a

hash tree Hash, hashes, hash mark, or hashing may refer to: Substances * Hash (food), a coarse mixture of ingredients * Hash, a nickname for hashish, a cannabis product Hash mark *Hash mark (sports), a marking on hockey rinks and gridiron football fiel ...

. A binary hash chain takes two hash values as inputs, concatenates them and applies a hash function to the result, thereby producing a third hash value. Hashtreehashchainjux

The above diagram shows a hash tree consisting of eight leaf nodes and the hash chain for the third leaf node. In addition to the hash values themselves the order of concatenation (right or left 1,0) or "order bits" are necessary to complete the hash chain.

Winternitz chains

(also known as function chains) are used in

hash-based cryptography Hash-based cryptography is the generic term for constructions of cryptographic primitives based on the security of hash functions. It is of interest as a type of post-quantum cryptography. So far, hash-based cryptography is used to construct digit ...

. The chain is parameterized by the ''w'' (number of bits in a "digit" ''d'') and ''security parameter'' ''n'' (number of bits in the hash value, typically double the

security strength In cryptography, security level is a measure of the strength that a cryptographic primitive — such as a cipher or hash function — achieves. Security level is usually expressed as a number of " bits of security" (also security strengt ...

, 256 or 512). The chain consists of

2^w

values that are results of repeated application of a one-way "chain" function ''F'' to a secret key ''sk'':

sk, F(sk), F(F(sk)), ..., F^(sk)

. The chain function is typically based on a standard

cryptographic hash A cryptographic hash function (CHF) is a hash algorithm (a map of an arbitrary binary string to a binary string with fixed size of n bits) that has special properties desirable for cryptography: * the probability of a particular n-bit output re ...

, but needs to be parameterized ("randomized"), so it involves few invocations of the underlying hash. In the Winternitz signature scheme a chain is used to encode one digit of the ''m''-bit message, so the Winternitz signature uses approximately

mn/w

bits, its calculation takes about

2^wm/w

applications of the function F. Note that some signature standards (like

Extended Merkle signature scheme Extension, extend or extended may refer to: Mathematics Logic or set theory * Axiom of extensionality * Extensible cardinal * Extension (model theory) * Extension (predicate logic), the set of tuples of values that satisfy the predicate * Ext ...

, XMSS) define ''w'' as the number of possible values in a digit, so

w=16

in XMSS corresponds to

w=4

in standards (like Leighton-Micali Signature, LMS) that define ''w'' in the same way as above - as a number of bits in the digit.NIST SP 800-208, Recommendation for Stateful Hash-Based Signature Schemes
p. 5

Hash chain vs. blockchain

A hash chain is similar to a

blockchain A blockchain is a type of distributed ledger technology (DLT) that consists of growing lists of records, called ''blocks'', that are securely linked together using cryptography. Each block contains a cryptographic hash of the previous block, a ...

, as they both utilize a

for creating a link between two nodes. However, a blockchain (as used by

Bitcoin Bitcoin ( abbreviation: BTC; sign: ₿) is a decentralized digital currency that can be transferred on the peer-to-peer bitcoin network. Bitcoin transactions are verified by network nodes through cryptography and recorded in a public distr ...

and related systems) is generally intended to support distributed agreement around a public ledger (data), and incorporates a set of rules for encapsulation of data and associated data permissions.

References

Sources

* * * {{cite book , title = Progress in Cryptology – AFRICACRYPT 2013 , last1 = Hülsing , first1 = Andreas , chapter = W-OTS+ – Shorter Signatures for Hash-Based Signature Schemes , date = 2013a , pages = 173–188 , publisher = Springer Berlin Heidelberg , issn = 0302-9743 , eissn = 1611-3349 , doi = 10.1007/978-3-642-38553-7_10 , chapter-url = https://eprint.iacr.org/2017/965.pdf Cryptographic algorithms