Message Digest in Information security

Message Digest is used to ensure the integrity of a message transmitted over an insecure channel (where the content of the message can be changed). It refers to a fixed-size numerical representation (hash value) of a message or data, created by a hash function.

It's a core concept in ensuring data integrity. The message is passed through a Cryptographic hash function. This function creates a compressed image of the message called Digest.

Message Digests Characteristics

• Purpose: To verify that data has not been altered.
• Security Use: Common in digital signatures, data integrity checks, and password storage.
• Generated By: Cryptographic hash functions like MD5, SHA-1, SHA-256.
• Fixed Output: No matter the size of the input data, the output (digest) is of fixed length.
• Non-reversible: You cannot retrieve the original data from its message digest (one-way function).
• Deterministic: The same input will always produce the same output.
• Collision-resistant: It should be hard to find two different inputs that produce the same digest.

Working of Message Digest

Lets assume, Alice sent a message and digest pair to Bob.

This message and digest pair is equivalent to a physical document and fingerprint of a person on that document. Unlike the physical document and the fingerprint, the message and the digest can be sent separately.

Sender Side (Creating the Digital Signature)

• Compose the Message
  The sender writes or generates the message they want to send.
• Generate the Message Digest
  The sender uses a cryptographic hash function (e.g., SHA-256) to create a message digest (fixed-length hash) from the original message.
  • Example: Digest = Hash(message)
• Encrypt the Digest with Private Key
  The sender encrypts the digest using their private key.
  • This encrypted digest is now the digital signature.
  • Example: Digital Signature = Encrypt(Digest, Sender's Private Key)
• Send the Message and Digital Signature
  The sender sends both the original message and the digital signature to the receiver.

Receiver Side (Verifying Integrity and Authenticity)

• Receive the Message and Digital Signature
  The receiver gets the original message and the attached digital signature.
• Compute the Message Digest Locally
  The receiver uses the same hash function to compute a new digest from the received message.
  • Example: Digest' = Hash(received message)
• Decrypt the Digital Signature
  The receiver decrypts the digital signature using the sender’s public key to recover the original digest.
  • Example: Original Digest = Decrypt(Digital Signature, Sender's Public Key)
• Compare the Two Digests
  The receiver compares:
  • The locally generated digest (Digest')
  • The decrypted digest from the digital signature (Original Digest)

There are two possibilities that happen:

• If they match:
  • The message has not been altered (integrity verified).
  • The sender is authenticated (only the true sender has the matching private key) .
• If they do not match:
  • The message may have been tampered with, or the sender may be fraudulent.

For example : Using SHA-256:

• Input:

"Hello"

Output Digest (in hex):

185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969

Applications of Message Digest

• Digital Signatures: Ensures the message is not been tampered .
• Data Integrity Checks: Verifies files/downloads have not be changed.
• Password Hashing: Securely stores passwords (usually with salt).

Related GATE Questions:

• GATE-CS-2014-(Set-1)
• GATE-CS-2016 (Set 1)