Investigating the Avalanche Effect of Various Cryptographically Secure Hash Functions and Hash-Based Applications

Abstract

In modern cryptography, hash functions are considered as one of the key components for secure communication. They play a vital role in a wide range of applications such as ensuring the authentication and integrity of the data, in forensic investigation, password storage, random number generations for unique session keys, and for creating a unified view in blockchain. The Avalanche effect (also known as diffusion) is an important characteristic of a hash function where a minor change in the hash function's input will result in a significantly different output. The absence of this property implies that the hash function is vulnerable to various attacks such as collision attack, length extension attack, and preimage attack. Through this research, we have investigated the Avalanche effect of sixteen hash functions and two hash-based applications, namely Hash-based Message Authentication Code (HMAC) and Public Key Cryptography Standards (PKCS). To measure the performance of these hash functions and hash-based applications, we have implemented a generic circuit using CrypTool for automating the simulation process for multiple trials. Simulation results indicate that around half of the inputs of each hash function failed to exhibit the Strict Avalanche Criterion (SAC) and, Bit Independence Criterion (BIC). Moreover, we ranked the hash functions based on Multi Criteria Decision Metrics (MCDM) using intermediate states of simulation results. Furthermore, a total of fifteen statistical tests were carried out to evaluate the randomization property of the hash functions using NIST (National Institute of Standards and Technology) toolkit. This study is aimed to open up a future scope of research to the need for improvement of various hash functions by analyzing the randomization and non-correlation properties of existing functions in terms of the Avalanche effect.