Cryptographic Hash Functions

• Accepts bit strings of any length

• Output is a bit string of ﬁxed length

• Easy to compute

• Difﬁcult to invert

• Given H(x), computationally infeasible to ﬁnd x

• Collision resistant

• Computationally infeasible to ﬁnd x = y such that H(x) = H(y)

• Pseudorandom function

• Output looks like a uniformly distributed random variable

• Given T ∈ Z ∩ [0, 2256 − 1] and distinct inputs x1

, x2

, . . . , xN

N

i=1

I [SHA256(xi

) ≤ T]

N

≈

T + 1

2256

≈

T

2256

.

10 / 28