Logic, Theory, and Elements of Hash Functions and Key Escrows

Answer

Logic, Theory, and Elements of Hash Functions and Key Escrows

Hash Functions

            Hash functions employ mathematical transformation to encrypt information irreversibly to achieve a digital fingerprint. They map arbitrary size of data to fixed-size data to return hashes, hash sums, hash codes, or hash values (Aumasson, 2017). Essentially, these functions are utilized in hash tables which store data collection information in easily accessible hash slots (Perez, 2014). This paper reviews the theory and operational logic behind hash functions.

            Hash functions play two critical roles in encryption. First, cryptographic hash functions are used to preserve document integrity (Perez, 2014). The integrity of a document, in this case, entails ensuring it is not accessible to undesired parties as well as preserves it against undesired editing (Aumasson, Meier, Phan, & Henzen, 2014). The encryption message is passed via a hash function cryptographic message to create a compressed image that acts as the fingerprint (Tilborg & Jajodia, 2014). The integrity of the message is checked by running the hash function and comparing the old and new message digest. Hash functions are also used to protect digital signatures and information authenticity (Mitra, 2018). This role comes out as one of the applications entwined within the versatility of hash functions building blocks. Hash functions have a distinct property of irreversibility which makes it impossible to determine the data input from the attained hash value. Similarly, any small changes in the input data produce huge changes in the output data making it virtually impossible to duplicate the same function (Aumasson, 2017). Consequently, they ensure that the encrypted document is secure from external access as one cannot determine the function protecting it even if they are already vast with its image value.

            Hash functions are important because they are used to implement efficient digital signatures. A digital signature, in this case, refers to a cryptosystem’s security goal of non-repudiation of property and achieving security and authenticity of the service (Aumasson et al., 2014). Hash functions produce a fingerprint which facilitates confirmation of the authenticity hence eliminating sender-receiver disputes. The functions optimize schemes of digital signatures such that if the hash is missing, the message and signature will be of equal size hence involve a lot of computational overheads in signing and verification (Perez, 2014). Hash functions are also used in authentication of computer systems’ users at the login time (Aumasson et al., 2014). Each user password is stored in a message digest form making it impossible to be accessed even by database administrators. Only when the password’s message digest matches the one stored in the database that the login becomes successful. The functions are also important in digital time stamping. Video, audio and text documents in digital formats can be changed using available tools and techniques. The hash functions create a mechanism to certify when such documents were last modified on created which offers a temporary authentication means (Tilborg & Jajodia, 2014).

            Hash functions employ hashing algorithms to secure data. The working process of hash functions is complex (Mitra, 2018). First, data of random size is mapped. This data can entail various information collected from a source. The hash function is then applied to convert this data into a code referred to as a hash value (Tilborg & Jajodia, 2014). The hash function, therefore, acts as an alphanumeric string that converts the data cryptographically. Hash functions operate under the assumption that to each data item, a number is returned, equal objects must be the same and unequal objects must be presented in different numbers. Common hash functions include folding, truncating, division reminder, square, and radix conversion (Aumasson, Meier, Phan, & Henzen, 2014).

Key Escrows

            Modern cryptography has a fundamental objective of constructing systems of data encryption that eliminates recovery of the data in the absence of the keying information privately held (Tilborg & Jajodia, 2014). Primarily, the design of encryption systems is focused on insuring encrypted information recovery without possessing related keying information (Martin, 2017). This system has gained ground in general information industry for commercial purposes. Therefore, key escrows refer to the cryptographic process of key exchange where the keys are stored by a third party, also referred to as being held in “escrow” (Aumasson, 2017). This paper reviews the primary logic and elements of key escrows.

            Proponents of key escrows view them as a secure way of storing keys without the chance of forgetting. Well-thought keys consist of complex combinations which are often difficult to keep in the human mind. This implies that unless there is backup storage to these important encryptions, documents and information therein may be rendered inaccessible in case the secret keys are forgotten (Martin, 2017). Besides, organizations may have too many security keys to the extent it becomes impossible to commit them to memory. Under these circumstances, key escrows play a crucial role in ensuring they are safely stored and available to authorized users (Delfs & Knebl, 2015). The opponents of key escrows link it to significant potential security, cost and risk implications. Before the key recovery and management schemes, these risks and costs must be carefully considered. Of primary importance are the technological risks such as establishing a secure infrastructure of computer communication that poses long term economic and social impacts (Tilborg & Jajodia, 2014). Consequently, the legislation of key escrows should be a carefully analyzed process where thorough investigations of their long term associated costs and risks are covered (Gupta, 2014).

            Systems of key escrow encryption entail system encryption with decryption capability as a backup to enable authorized individuals to use the information offered by trusted third parties with special key recovery data in decrypting the ciphertext (Perez, 2014). For security reasons, the recovery keys differ from decrypting and encrypting data and only act as a method of determining their keys (Mitra, 2018). Therefore, key escrows safeguard the data recovery keys by acting as the data recovery system, key backup, and key archive at the same time. The key escrow component is managed by trusted parties also referred to as escrow agents. Agents are characterized by liability, security, accessibility, identifiability, and type (Delfs & Knebl, 2015).

Some of the key escrows implementations include the crypto backup, time-delayed key escrows, and the Yaksha system. The Yaksha system generates and distributes keys from a central server to the communicating parties. It utilizes a single key algorithm (Martin, 2017). The time-delayed key escrow, on the other hand, is used to delay the time between when the user request for the key and when they receive it. Since the information escrowed is not the actual key but useful data that enables the system to derive the secret key, the delay is considered computational (Tilborg & Jajodia, 2014). Crypto backup is a private or commercial escrow key encryption system where key encryption data is obtained from a random number or escrow agent of public keys. Inputting the private key enables the escrow agent to recover key encryption data (Perez, 2014).

            The key escrows concept has grown in complexity and use since its conception. The concept has succeeded in providing a backup to otherwise forgettable keys and retrieve them whenever necessary (Mitra, 2018). Besides, the system ensures that such keys can only be retrieved by authorized users or organizations. However, since the keys are stored by third parties, it poses a security risk in the event these parties develop vested interests (Gupta, 2014).