Keyed hashing can be used to apply a secret key onto a hash and can thus be used for authentication of a message and generate a MAC (Message Authentication Code). In this way, we can prove that Bob and Alice have the same secret while authenticating the messages they send. Keyed hashing is used for this, and one of the most popular methods is HMAC (Hash-based message authentication code). For keyed hashing, we can use BLAKE2 using the indifferentiability property that was defined in the BLAKE hashing method. In this case, Bob and Alice will share a secret key, and then Bob will sign a message with this secret key, and send the signature with the message. Alice then checks the MAC for the message with her shared secret and checks the signature. If it matches the MAC that Bob sent, Alice knows that Bob sent it and that the message has not been changed. In this example, we will check the MAC with a valid secret and with an incorrect one. With indifferentiability, it is not possible for hashes to be distinguishable from each other. Any hash value is thus indistinguishable from a random value, and no additional information can be leaked from the hash.
Keyed hashing using BLAKE2 |
Coding
An outline of the passing of the MAC is:
The coding is here:
from hashlib import blake2b import hmac, hashlib from hmac import compare_digest import sys m="hello" no_bytes=64 key="fdf" if (len(sys.argv)>1): no_bytes=int(sys.argv[1]) if (len(sys.argv)>2): key=(sys.argv[2]) if (len(sys.argv)>3): m=(sys.argv[3]) def sign(msg): h = blake2b(digest_size=no_bytes, key=key.encode()) h.update(msg.encode()) return h.hexdigest().encode('utf-8') def verify(msg, sig): good_sig = sign(msg) return compare_digest(good_sig, sig) print ("Message: ",m) print ("Secret key: ",key) print ("Size (bytes): ",no_bytes ) sig = sign(m) print (f"\nSignature: {sig}") print (f"\nVerified {m}: ",verify(m, sig)) ver=verify(m+"-", sig) print (f"Verified {m}-: {ver}") print ("\n== We can also use Blake2 for HMAC ==") hm = hmac.new(key.encode(), digestmod=hashlib.blake2s) hm.update(m.encode()) print ("\nHMAC: ",hm.hexdigest())
A sample run is:
Message: hello Secret key: fdf Size: 64 Signature: b'7cb36c835e103f7f4b5a9091074abe1d036d68c62ced9c508e1d409dd2223b54d7b4d9524f2de02559d399301952ec5816362ba8f9fbe8b8d35b64273e51647d' Verified hello: True Verified hello-: False We can also use Blake for HMAC: HMAC: 6a9848f2622181412452c2439dcd96dbd5a0231e209750f3ddf6b6a49b3e1dd1