how many bits in the resultant hash will change, if the x bits are changed in its the original inputWhat is the “Random Oracle Model” and why is it controversial?Hash functions and the Avalanche effectHow are timestamps verified?Do parts of a hash carry the properties of the entire hash?How hard/easy will be to break a SHA-1 or SHA-256 hash if the attacker knows part of the original text?Do I need to use AE/AEAD in my particular scenario? Or is it redundant?Is there an algorithm that allows verification that 2 encrypted or hashed bits of data are the same, given that I may only know half of the key/ salt?Reversing a hash of known hashing algorithmHow can I calculate the avalanche effect in symmetric algorithms?Better than diceware? And sha512 related questionWhat is the length of the SHA-1 message digest and how is RSASSA-PSS used for verification?Can length extension attacks be avoided by a single bit flip?

Is it ethical for a company to ask its employees to move furniture on a weekend?

What is the meaning of [[:space:]] in bash?

Fantasy Story About A Boy And Girl That Enter A Fantasy World Pre-1994

Alternator dying so junk car?

Do I need a 50/60Hz notch filter for battery powered devices?

Why does FFmpeg choose 10+20+20 ms instead of an even 16 ms for 60 fps GIF images?

Did Voldemort kill his father before finding out about Horcruxes?

Is this artwork (used in a video game) real?

Cauchy reals and Dedekind reals satisfy "the same mathematical theorems"

How to ask my office to remove the pride decorations without appearing anti-LGBTQ?

Intel 8080-based home computers

Sending a photo of my bank account card to the future employer

What powers the air required for pneumatic brakes in aircraft?

How can I find what program is preventing my Mac from going to sleep?

Mechanical puzzle ID: Ring, barbell, and four-holed panel

What exactly is a Hadouken?

How do I query for system views in a SQL Server database?

How to delete certain lists from a nested list?

Can you perfectly wrap a cube with this blocky shape?

Strategy to pay off revolving debt while building reserve savings fund?

Construct, in some manner, a four-dimensional "RegionPlot"

What are "full piece" and "half piece" in chess?

Bone Decomposition

Unix chat server making communication between terminals possible



how many bits in the resultant hash will change, if the x bits are changed in its the original input


What is the “Random Oracle Model” and why is it controversial?Hash functions and the Avalanche effectHow are timestamps verified?Do parts of a hash carry the properties of the entire hash?How hard/easy will be to break a SHA-1 or SHA-256 hash if the attacker knows part of the original text?Do I need to use AE/AEAD in my particular scenario? Or is it redundant?Is there an algorithm that allows verification that 2 encrypted or hashed bits of data are the same, given that I may only know half of the key/ salt?Reversing a hash of known hashing algorithmHow can I calculate the avalanche effect in symmetric algorithms?Better than diceware? And sha512 related questionWhat is the length of the SHA-1 message digest and how is RSASSA-PSS used for verification?Can length extension attacks be avoided by a single bit flip?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








1












$begingroup$


I came across a question stating:-




We have a message consisting of 10,000 characters. After computing its message digest using SHA-1, we decide to change the last 19 characters in the original message. How many bits in the digest will change if it is recomputed, and why?




Until and unless this is an explicit attack on the hashing scheme, the new hash would be different then the original one (sort of exhibiting Avalanche effect).



But I am unable to understand how does small changes in Input text, affect their corresponding Hashes. Like does there exists a relationship on how many bits of the hash will be affected, if a certain change is done to the Input text?



P.S.:- I am not a 100% sure, but I believe I have read it somewhere that a hashing algorithm should change the bits of hash by $X$% if a new character/bit is added/substituted to the previous input text.



Note:- I believe that my title isn't the best on for stating my problem. So, if anyone can come with a better title to describe my problem, then feel free to change the title, and delete this note from the description too. And if it is okay for describing my problem, then just remove this note.










share|improve this question









$endgroup$











  • $begingroup$
    See also Hash functions and the Avalanche effect
    $endgroup$
    – kelalaka
    6 hours ago










  • $begingroup$
    This sounds like a good job interview question. (Of the fizz buzz test kind, anyway.) It must either be a trick question or come from someone that doesn't understand hash functions. There isn't supposed to be any such relationship for a cryptographic hash. (Which isn't to say SHA-1 is safe...)
    $endgroup$
    – Future Security
    4 hours ago







  • 1




    $begingroup$
    The statement "last 19 characters" is a red herring. Any change in the input on average changes half of all bits - anything else would be a serious issue for its properties. Considering the state of SHA-1, even if it is considered broken, this should still apply.
    $endgroup$
    – tylo
    49 mins ago


















1












$begingroup$


I came across a question stating:-




We have a message consisting of 10,000 characters. After computing its message digest using SHA-1, we decide to change the last 19 characters in the original message. How many bits in the digest will change if it is recomputed, and why?




Until and unless this is an explicit attack on the hashing scheme, the new hash would be different then the original one (sort of exhibiting Avalanche effect).



But I am unable to understand how does small changes in Input text, affect their corresponding Hashes. Like does there exists a relationship on how many bits of the hash will be affected, if a certain change is done to the Input text?



P.S.:- I am not a 100% sure, but I believe I have read it somewhere that a hashing algorithm should change the bits of hash by $X$% if a new character/bit is added/substituted to the previous input text.



Note:- I believe that my title isn't the best on for stating my problem. So, if anyone can come with a better title to describe my problem, then feel free to change the title, and delete this note from the description too. And if it is okay for describing my problem, then just remove this note.










share|improve this question









$endgroup$











  • $begingroup$
    See also Hash functions and the Avalanche effect
    $endgroup$
    – kelalaka
    6 hours ago










  • $begingroup$
    This sounds like a good job interview question. (Of the fizz buzz test kind, anyway.) It must either be a trick question or come from someone that doesn't understand hash functions. There isn't supposed to be any such relationship for a cryptographic hash. (Which isn't to say SHA-1 is safe...)
    $endgroup$
    – Future Security
    4 hours ago







  • 1




    $begingroup$
    The statement "last 19 characters" is a red herring. Any change in the input on average changes half of all bits - anything else would be a serious issue for its properties. Considering the state of SHA-1, even if it is considered broken, this should still apply.
    $endgroup$
    – tylo
    49 mins ago














1












1








1


1



$begingroup$


I came across a question stating:-




We have a message consisting of 10,000 characters. After computing its message digest using SHA-1, we decide to change the last 19 characters in the original message. How many bits in the digest will change if it is recomputed, and why?




Until and unless this is an explicit attack on the hashing scheme, the new hash would be different then the original one (sort of exhibiting Avalanche effect).



But I am unable to understand how does small changes in Input text, affect their corresponding Hashes. Like does there exists a relationship on how many bits of the hash will be affected, if a certain change is done to the Input text?



P.S.:- I am not a 100% sure, but I believe I have read it somewhere that a hashing algorithm should change the bits of hash by $X$% if a new character/bit is added/substituted to the previous input text.



Note:- I believe that my title isn't the best on for stating my problem. So, if anyone can come with a better title to describe my problem, then feel free to change the title, and delete this note from the description too. And if it is okay for describing my problem, then just remove this note.










share|improve this question









$endgroup$




I came across a question stating:-




We have a message consisting of 10,000 characters. After computing its message digest using SHA-1, we decide to change the last 19 characters in the original message. How many bits in the digest will change if it is recomputed, and why?




Until and unless this is an explicit attack on the hashing scheme, the new hash would be different then the original one (sort of exhibiting Avalanche effect).



But I am unable to understand how does small changes in Input text, affect their corresponding Hashes. Like does there exists a relationship on how many bits of the hash will be affected, if a certain change is done to the Input text?



P.S.:- I am not a 100% sure, but I believe I have read it somewhere that a hashing algorithm should change the bits of hash by $X$% if a new character/bit is added/substituted to the previous input text.



Note:- I believe that my title isn't the best on for stating my problem. So, if anyone can come with a better title to describe my problem, then feel free to change the title, and delete this note from the description too. And if it is okay for describing my problem, then just remove this note.







hash sha-1 avalanche






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 9 hours ago









Vasu Deo.SVasu Deo.S

1718 bronze badges




1718 bronze badges











  • $begingroup$
    See also Hash functions and the Avalanche effect
    $endgroup$
    – kelalaka
    6 hours ago










  • $begingroup$
    This sounds like a good job interview question. (Of the fizz buzz test kind, anyway.) It must either be a trick question or come from someone that doesn't understand hash functions. There isn't supposed to be any such relationship for a cryptographic hash. (Which isn't to say SHA-1 is safe...)
    $endgroup$
    – Future Security
    4 hours ago







  • 1




    $begingroup$
    The statement "last 19 characters" is a red herring. Any change in the input on average changes half of all bits - anything else would be a serious issue for its properties. Considering the state of SHA-1, even if it is considered broken, this should still apply.
    $endgroup$
    – tylo
    49 mins ago

















  • $begingroup$
    See also Hash functions and the Avalanche effect
    $endgroup$
    – kelalaka
    6 hours ago










  • $begingroup$
    This sounds like a good job interview question. (Of the fizz buzz test kind, anyway.) It must either be a trick question or come from someone that doesn't understand hash functions. There isn't supposed to be any such relationship for a cryptographic hash. (Which isn't to say SHA-1 is safe...)
    $endgroup$
    – Future Security
    4 hours ago







  • 1




    $begingroup$
    The statement "last 19 characters" is a red herring. Any change in the input on average changes half of all bits - anything else would be a serious issue for its properties. Considering the state of SHA-1, even if it is considered broken, this should still apply.
    $endgroup$
    – tylo
    49 mins ago
















$begingroup$
See also Hash functions and the Avalanche effect
$endgroup$
– kelalaka
6 hours ago




$begingroup$
See also Hash functions and the Avalanche effect
$endgroup$
– kelalaka
6 hours ago












$begingroup$
This sounds like a good job interview question. (Of the fizz buzz test kind, anyway.) It must either be a trick question or come from someone that doesn't understand hash functions. There isn't supposed to be any such relationship for a cryptographic hash. (Which isn't to say SHA-1 is safe...)
$endgroup$
– Future Security
4 hours ago





$begingroup$
This sounds like a good job interview question. (Of the fizz buzz test kind, anyway.) It must either be a trick question or come from someone that doesn't understand hash functions. There isn't supposed to be any such relationship for a cryptographic hash. (Which isn't to say SHA-1 is safe...)
$endgroup$
– Future Security
4 hours ago





1




1




$begingroup$
The statement "last 19 characters" is a red herring. Any change in the input on average changes half of all bits - anything else would be a serious issue for its properties. Considering the state of SHA-1, even if it is considered broken, this should still apply.
$endgroup$
– tylo
49 mins ago





$begingroup$
The statement "last 19 characters" is a red herring. Any change in the input on average changes half of all bits - anything else would be a serious issue for its properties. Considering the state of SHA-1, even if it is considered broken, this should still apply.
$endgroup$
– tylo
49 mins ago











3 Answers
3






active

oldest

votes


















6












$begingroup$

For any one of the SHA hashes, the hash should be indistinguishable from pseudo-random. That means each and every bit flips with a chance of 50%. So on average half of the amount of bits gets flipped, as long as the input message doesn't repeat (because that will match 100% with the hash of the identical message, of course). It doesn't matter how many input bits are removed, added or altered, this is always the case as long as the input message isn't identical to the previous one.



Hashes are likely well distributed, so the likely number of bits that get flipped is a bell curve like you would get by throwing dice. Same thing for the number of zero bits - or one bits of course. So you cannot give an absolute number as an answer to this question. The result is not a function on $x$ if $x$ is the number of bits flipped - as long as $x$ is larger than zero.






share|improve this answer









$endgroup$












  • $begingroup$
    So, does that mean that the change does occur in the resultant hash, but it is not guided by a predefined value. Meaning change in bits will occur, but the no. of changed bits won't be obtainable by using a formula
    $endgroup$
    – Vasu Deo.S
    8 hours ago










  • $begingroup$
    Yes, exactly. The chance of no change is the same as finding a specific collision of course. The chance of all bits changing is exactly as low (bell curve, right?). The chance that exactly half the bits changing is the highest, but the chance that half minus one bits are changing is pretty high as well (again bell curve). The only formula that describes this is, of course, the hash function itself.
    $endgroup$
    – Maarten Bodewes
    7 hours ago










  • $begingroup$
    "The chance that exactly half the bits changing is the highest" could you please elaborate on this?
    $endgroup$
    – Vasu Deo.S
    6 hours ago










  • $begingroup$
    I did elaborate on it. Bell curve. The highest bar is the most likely. Just like 7 is most likely if you throw two dice.
    $endgroup$
    – Maarten Bodewes
    5 hours ago



















0












$begingroup$

Actually, the number of changed bits is obtainable by using a formula. It's about 80 with a 6% probability. As you've guessed, the hash exhibits an avalanche effect. On average each output bit will flip with a probability $P =0.5$ if an input bit flips. And the output bits are independent of each other (as far as we can tell). Thus one input flip or multiple input flips has the same effect. That generates a classic Binomial distribution defined as $Bin(160, 0.5)$, resulting in $mu = frac1602, sigma = fracsqrt1602$.



And it will look like this:-



dist






share|improve this answer









$endgroup$








  • 1




    $begingroup$
    "The number of changed bits" is an absolute, not a probability that at least 80 bits are changed. You can calculate the probability that a certain range of bits is changed, but the formula cannot give an exact answer.
    $endgroup$
    – Maarten Bodewes
    5 hours ago


















0












$begingroup$


how many bits in the resultant hash will change, if the x bits are changed in its the original input




50% on average, regardless of how many bits are changed.




SHA-1, like all cryptographic hash functions, attempts to model a pseudorandom function according to the random oracle model.* This means that any change to the input will result in, on average, 50% of the output bits changing. Another way to put it is that each bit has exactly a 50% chance of toggling when the input changes. It doesn't matter what the input is and whether it differs by a single bit or nineteen bits.



In the random oracle model, every output bit is completely independent of every other bit. Because we don't have access to a "real" random oracle, we can only approximate it using mathematical functions. While this does mean that the output bits are not independent, they appear to be, and any distinguisher would constitute a cryptanalytic attack against the core hash function, which would be pretty big news.



* It doesn't model it perfectly, as evidenced by both the length extension attack and extant collision attacks, but that doesn't matter for the sake of your question. Despite its weaknesses, it still exhibits the avalanche effect extremely well.






share|improve this answer











$endgroup$















    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "281"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f71988%2fhow-many-bits-in-the-resultant-hash-will-change-if-the-x-bits-are-changed-in-it%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    3 Answers
    3






    active

    oldest

    votes








    3 Answers
    3






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    6












    $begingroup$

    For any one of the SHA hashes, the hash should be indistinguishable from pseudo-random. That means each and every bit flips with a chance of 50%. So on average half of the amount of bits gets flipped, as long as the input message doesn't repeat (because that will match 100% with the hash of the identical message, of course). It doesn't matter how many input bits are removed, added or altered, this is always the case as long as the input message isn't identical to the previous one.



    Hashes are likely well distributed, so the likely number of bits that get flipped is a bell curve like you would get by throwing dice. Same thing for the number of zero bits - or one bits of course. So you cannot give an absolute number as an answer to this question. The result is not a function on $x$ if $x$ is the number of bits flipped - as long as $x$ is larger than zero.






    share|improve this answer









    $endgroup$












    • $begingroup$
      So, does that mean that the change does occur in the resultant hash, but it is not guided by a predefined value. Meaning change in bits will occur, but the no. of changed bits won't be obtainable by using a formula
      $endgroup$
      – Vasu Deo.S
      8 hours ago










    • $begingroup$
      Yes, exactly. The chance of no change is the same as finding a specific collision of course. The chance of all bits changing is exactly as low (bell curve, right?). The chance that exactly half the bits changing is the highest, but the chance that half minus one bits are changing is pretty high as well (again bell curve). The only formula that describes this is, of course, the hash function itself.
      $endgroup$
      – Maarten Bodewes
      7 hours ago










    • $begingroup$
      "The chance that exactly half the bits changing is the highest" could you please elaborate on this?
      $endgroup$
      – Vasu Deo.S
      6 hours ago










    • $begingroup$
      I did elaborate on it. Bell curve. The highest bar is the most likely. Just like 7 is most likely if you throw two dice.
      $endgroup$
      – Maarten Bodewes
      5 hours ago
















    6












    $begingroup$

    For any one of the SHA hashes, the hash should be indistinguishable from pseudo-random. That means each and every bit flips with a chance of 50%. So on average half of the amount of bits gets flipped, as long as the input message doesn't repeat (because that will match 100% with the hash of the identical message, of course). It doesn't matter how many input bits are removed, added or altered, this is always the case as long as the input message isn't identical to the previous one.



    Hashes are likely well distributed, so the likely number of bits that get flipped is a bell curve like you would get by throwing dice. Same thing for the number of zero bits - or one bits of course. So you cannot give an absolute number as an answer to this question. The result is not a function on $x$ if $x$ is the number of bits flipped - as long as $x$ is larger than zero.






    share|improve this answer









    $endgroup$












    • $begingroup$
      So, does that mean that the change does occur in the resultant hash, but it is not guided by a predefined value. Meaning change in bits will occur, but the no. of changed bits won't be obtainable by using a formula
      $endgroup$
      – Vasu Deo.S
      8 hours ago










    • $begingroup$
      Yes, exactly. The chance of no change is the same as finding a specific collision of course. The chance of all bits changing is exactly as low (bell curve, right?). The chance that exactly half the bits changing is the highest, but the chance that half minus one bits are changing is pretty high as well (again bell curve). The only formula that describes this is, of course, the hash function itself.
      $endgroup$
      – Maarten Bodewes
      7 hours ago










    • $begingroup$
      "The chance that exactly half the bits changing is the highest" could you please elaborate on this?
      $endgroup$
      – Vasu Deo.S
      6 hours ago










    • $begingroup$
      I did elaborate on it. Bell curve. The highest bar is the most likely. Just like 7 is most likely if you throw two dice.
      $endgroup$
      – Maarten Bodewes
      5 hours ago














    6












    6








    6





    $begingroup$

    For any one of the SHA hashes, the hash should be indistinguishable from pseudo-random. That means each and every bit flips with a chance of 50%. So on average half of the amount of bits gets flipped, as long as the input message doesn't repeat (because that will match 100% with the hash of the identical message, of course). It doesn't matter how many input bits are removed, added or altered, this is always the case as long as the input message isn't identical to the previous one.



    Hashes are likely well distributed, so the likely number of bits that get flipped is a bell curve like you would get by throwing dice. Same thing for the number of zero bits - or one bits of course. So you cannot give an absolute number as an answer to this question. The result is not a function on $x$ if $x$ is the number of bits flipped - as long as $x$ is larger than zero.






    share|improve this answer









    $endgroup$



    For any one of the SHA hashes, the hash should be indistinguishable from pseudo-random. That means each and every bit flips with a chance of 50%. So on average half of the amount of bits gets flipped, as long as the input message doesn't repeat (because that will match 100% with the hash of the identical message, of course). It doesn't matter how many input bits are removed, added or altered, this is always the case as long as the input message isn't identical to the previous one.



    Hashes are likely well distributed, so the likely number of bits that get flipped is a bell curve like you would get by throwing dice. Same thing for the number of zero bits - or one bits of course. So you cannot give an absolute number as an answer to this question. The result is not a function on $x$ if $x$ is the number of bits flipped - as long as $x$ is larger than zero.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered 8 hours ago









    Maarten BodewesMaarten Bodewes

    57.2k6 gold badges82 silver badges206 bronze badges




    57.2k6 gold badges82 silver badges206 bronze badges











    • $begingroup$
      So, does that mean that the change does occur in the resultant hash, but it is not guided by a predefined value. Meaning change in bits will occur, but the no. of changed bits won't be obtainable by using a formula
      $endgroup$
      – Vasu Deo.S
      8 hours ago










    • $begingroup$
      Yes, exactly. The chance of no change is the same as finding a specific collision of course. The chance of all bits changing is exactly as low (bell curve, right?). The chance that exactly half the bits changing is the highest, but the chance that half minus one bits are changing is pretty high as well (again bell curve). The only formula that describes this is, of course, the hash function itself.
      $endgroup$
      – Maarten Bodewes
      7 hours ago










    • $begingroup$
      "The chance that exactly half the bits changing is the highest" could you please elaborate on this?
      $endgroup$
      – Vasu Deo.S
      6 hours ago










    • $begingroup$
      I did elaborate on it. Bell curve. The highest bar is the most likely. Just like 7 is most likely if you throw two dice.
      $endgroup$
      – Maarten Bodewes
      5 hours ago

















    • $begingroup$
      So, does that mean that the change does occur in the resultant hash, but it is not guided by a predefined value. Meaning change in bits will occur, but the no. of changed bits won't be obtainable by using a formula
      $endgroup$
      – Vasu Deo.S
      8 hours ago










    • $begingroup$
      Yes, exactly. The chance of no change is the same as finding a specific collision of course. The chance of all bits changing is exactly as low (bell curve, right?). The chance that exactly half the bits changing is the highest, but the chance that half minus one bits are changing is pretty high as well (again bell curve). The only formula that describes this is, of course, the hash function itself.
      $endgroup$
      – Maarten Bodewes
      7 hours ago










    • $begingroup$
      "The chance that exactly half the bits changing is the highest" could you please elaborate on this?
      $endgroup$
      – Vasu Deo.S
      6 hours ago










    • $begingroup$
      I did elaborate on it. Bell curve. The highest bar is the most likely. Just like 7 is most likely if you throw two dice.
      $endgroup$
      – Maarten Bodewes
      5 hours ago
















    $begingroup$
    So, does that mean that the change does occur in the resultant hash, but it is not guided by a predefined value. Meaning change in bits will occur, but the no. of changed bits won't be obtainable by using a formula
    $endgroup$
    – Vasu Deo.S
    8 hours ago




    $begingroup$
    So, does that mean that the change does occur in the resultant hash, but it is not guided by a predefined value. Meaning change in bits will occur, but the no. of changed bits won't be obtainable by using a formula
    $endgroup$
    – Vasu Deo.S
    8 hours ago












    $begingroup$
    Yes, exactly. The chance of no change is the same as finding a specific collision of course. The chance of all bits changing is exactly as low (bell curve, right?). The chance that exactly half the bits changing is the highest, but the chance that half minus one bits are changing is pretty high as well (again bell curve). The only formula that describes this is, of course, the hash function itself.
    $endgroup$
    – Maarten Bodewes
    7 hours ago




    $begingroup$
    Yes, exactly. The chance of no change is the same as finding a specific collision of course. The chance of all bits changing is exactly as low (bell curve, right?). The chance that exactly half the bits changing is the highest, but the chance that half minus one bits are changing is pretty high as well (again bell curve). The only formula that describes this is, of course, the hash function itself.
    $endgroup$
    – Maarten Bodewes
    7 hours ago












    $begingroup$
    "The chance that exactly half the bits changing is the highest" could you please elaborate on this?
    $endgroup$
    – Vasu Deo.S
    6 hours ago




    $begingroup$
    "The chance that exactly half the bits changing is the highest" could you please elaborate on this?
    $endgroup$
    – Vasu Deo.S
    6 hours ago












    $begingroup$
    I did elaborate on it. Bell curve. The highest bar is the most likely. Just like 7 is most likely if you throw two dice.
    $endgroup$
    – Maarten Bodewes
    5 hours ago





    $begingroup$
    I did elaborate on it. Bell curve. The highest bar is the most likely. Just like 7 is most likely if you throw two dice.
    $endgroup$
    – Maarten Bodewes
    5 hours ago














    0












    $begingroup$

    Actually, the number of changed bits is obtainable by using a formula. It's about 80 with a 6% probability. As you've guessed, the hash exhibits an avalanche effect. On average each output bit will flip with a probability $P =0.5$ if an input bit flips. And the output bits are independent of each other (as far as we can tell). Thus one input flip or multiple input flips has the same effect. That generates a classic Binomial distribution defined as $Bin(160, 0.5)$, resulting in $mu = frac1602, sigma = fracsqrt1602$.



    And it will look like this:-



    dist






    share|improve this answer









    $endgroup$








    • 1




      $begingroup$
      "The number of changed bits" is an absolute, not a probability that at least 80 bits are changed. You can calculate the probability that a certain range of bits is changed, but the formula cannot give an exact answer.
      $endgroup$
      – Maarten Bodewes
      5 hours ago















    0












    $begingroup$

    Actually, the number of changed bits is obtainable by using a formula. It's about 80 with a 6% probability. As you've guessed, the hash exhibits an avalanche effect. On average each output bit will flip with a probability $P =0.5$ if an input bit flips. And the output bits are independent of each other (as far as we can tell). Thus one input flip or multiple input flips has the same effect. That generates a classic Binomial distribution defined as $Bin(160, 0.5)$, resulting in $mu = frac1602, sigma = fracsqrt1602$.



    And it will look like this:-



    dist






    share|improve this answer









    $endgroup$








    • 1




      $begingroup$
      "The number of changed bits" is an absolute, not a probability that at least 80 bits are changed. You can calculate the probability that a certain range of bits is changed, but the formula cannot give an exact answer.
      $endgroup$
      – Maarten Bodewes
      5 hours ago













    0












    0








    0





    $begingroup$

    Actually, the number of changed bits is obtainable by using a formula. It's about 80 with a 6% probability. As you've guessed, the hash exhibits an avalanche effect. On average each output bit will flip with a probability $P =0.5$ if an input bit flips. And the output bits are independent of each other (as far as we can tell). Thus one input flip or multiple input flips has the same effect. That generates a classic Binomial distribution defined as $Bin(160, 0.5)$, resulting in $mu = frac1602, sigma = fracsqrt1602$.



    And it will look like this:-



    dist






    share|improve this answer









    $endgroup$



    Actually, the number of changed bits is obtainable by using a formula. It's about 80 with a 6% probability. As you've guessed, the hash exhibits an avalanche effect. On average each output bit will flip with a probability $P =0.5$ if an input bit flips. And the output bits are independent of each other (as far as we can tell). Thus one input flip or multiple input flips has the same effect. That generates a classic Binomial distribution defined as $Bin(160, 0.5)$, resulting in $mu = frac1602, sigma = fracsqrt1602$.



    And it will look like this:-



    dist







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered 6 hours ago









    Paul UszakPaul Uszak

    8,1961 gold badge17 silver badges39 bronze badges




    8,1961 gold badge17 silver badges39 bronze badges







    • 1




      $begingroup$
      "The number of changed bits" is an absolute, not a probability that at least 80 bits are changed. You can calculate the probability that a certain range of bits is changed, but the formula cannot give an exact answer.
      $endgroup$
      – Maarten Bodewes
      5 hours ago












    • 1




      $begingroup$
      "The number of changed bits" is an absolute, not a probability that at least 80 bits are changed. You can calculate the probability that a certain range of bits is changed, but the formula cannot give an exact answer.
      $endgroup$
      – Maarten Bodewes
      5 hours ago







    1




    1




    $begingroup$
    "The number of changed bits" is an absolute, not a probability that at least 80 bits are changed. You can calculate the probability that a certain range of bits is changed, but the formula cannot give an exact answer.
    $endgroup$
    – Maarten Bodewes
    5 hours ago




    $begingroup$
    "The number of changed bits" is an absolute, not a probability that at least 80 bits are changed. You can calculate the probability that a certain range of bits is changed, but the formula cannot give an exact answer.
    $endgroup$
    – Maarten Bodewes
    5 hours ago











    0












    $begingroup$


    how many bits in the resultant hash will change, if the x bits are changed in its the original input




    50% on average, regardless of how many bits are changed.




    SHA-1, like all cryptographic hash functions, attempts to model a pseudorandom function according to the random oracle model.* This means that any change to the input will result in, on average, 50% of the output bits changing. Another way to put it is that each bit has exactly a 50% chance of toggling when the input changes. It doesn't matter what the input is and whether it differs by a single bit or nineteen bits.



    In the random oracle model, every output bit is completely independent of every other bit. Because we don't have access to a "real" random oracle, we can only approximate it using mathematical functions. While this does mean that the output bits are not independent, they appear to be, and any distinguisher would constitute a cryptanalytic attack against the core hash function, which would be pretty big news.



    * It doesn't model it perfectly, as evidenced by both the length extension attack and extant collision attacks, but that doesn't matter for the sake of your question. Despite its weaknesses, it still exhibits the avalanche effect extremely well.






    share|improve this answer











    $endgroup$

















      0












      $begingroup$


      how many bits in the resultant hash will change, if the x bits are changed in its the original input




      50% on average, regardless of how many bits are changed.




      SHA-1, like all cryptographic hash functions, attempts to model a pseudorandom function according to the random oracle model.* This means that any change to the input will result in, on average, 50% of the output bits changing. Another way to put it is that each bit has exactly a 50% chance of toggling when the input changes. It doesn't matter what the input is and whether it differs by a single bit or nineteen bits.



      In the random oracle model, every output bit is completely independent of every other bit. Because we don't have access to a "real" random oracle, we can only approximate it using mathematical functions. While this does mean that the output bits are not independent, they appear to be, and any distinguisher would constitute a cryptanalytic attack against the core hash function, which would be pretty big news.



      * It doesn't model it perfectly, as evidenced by both the length extension attack and extant collision attacks, but that doesn't matter for the sake of your question. Despite its weaknesses, it still exhibits the avalanche effect extremely well.






      share|improve this answer











      $endgroup$















        0












        0








        0





        $begingroup$


        how many bits in the resultant hash will change, if the x bits are changed in its the original input




        50% on average, regardless of how many bits are changed.




        SHA-1, like all cryptographic hash functions, attempts to model a pseudorandom function according to the random oracle model.* This means that any change to the input will result in, on average, 50% of the output bits changing. Another way to put it is that each bit has exactly a 50% chance of toggling when the input changes. It doesn't matter what the input is and whether it differs by a single bit or nineteen bits.



        In the random oracle model, every output bit is completely independent of every other bit. Because we don't have access to a "real" random oracle, we can only approximate it using mathematical functions. While this does mean that the output bits are not independent, they appear to be, and any distinguisher would constitute a cryptanalytic attack against the core hash function, which would be pretty big news.



        * It doesn't model it perfectly, as evidenced by both the length extension attack and extant collision attacks, but that doesn't matter for the sake of your question. Despite its weaknesses, it still exhibits the avalanche effect extremely well.






        share|improve this answer











        $endgroup$




        how many bits in the resultant hash will change, if the x bits are changed in its the original input




        50% on average, regardless of how many bits are changed.




        SHA-1, like all cryptographic hash functions, attempts to model a pseudorandom function according to the random oracle model.* This means that any change to the input will result in, on average, 50% of the output bits changing. Another way to put it is that each bit has exactly a 50% chance of toggling when the input changes. It doesn't matter what the input is and whether it differs by a single bit or nineteen bits.



        In the random oracle model, every output bit is completely independent of every other bit. Because we don't have access to a "real" random oracle, we can only approximate it using mathematical functions. While this does mean that the output bits are not independent, they appear to be, and any distinguisher would constitute a cryptanalytic attack against the core hash function, which would be pretty big news.



        * It doesn't model it perfectly, as evidenced by both the length extension attack and extant collision attacks, but that doesn't matter for the sake of your question. Despite its weaknesses, it still exhibits the avalanche effect extremely well.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited 40 mins ago

























        answered 45 mins ago









        forestforest

        6,5641 gold badge21 silver badges52 bronze badges




        6,5641 gold badge21 silver badges52 bronze badges



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Cryptography Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            Use MathJax to format equations. MathJax reference.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f71988%2fhow-many-bits-in-the-resultant-hash-will-change-if-the-x-bits-are-changed-in-it%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Canceling a color specificationRandomly assigning color to Graphics3D objects?Default color for Filling in Mathematica 9Coloring specific elements of sets with a prime modified order in an array plotHow to pick a color differing significantly from the colors already in a given color list?Detection of the text colorColor numbers based on their valueCan color schemes for use with ColorData include opacity specification?My dynamic color schemes

            Invision Community Contents History See also References External links Navigation menuProprietaryinvisioncommunity.comIPS Community ForumsIPS Community Forumsthis blog entry"License Changes, IP.Board 3.4, and the Future""Interview -- Matt Mecham of Ibforums""CEO Invision Power Board, Matt Mecham Is a Liar, Thief!"IPB License Explanation 1.3, 1.3.1, 2.0, and 2.1ArchivedSecurity Fixes, Updates And Enhancements For IPB 1.3.1Archived"New Demo Accounts - Invision Power Services"the original"New Default Skin"the original"Invision Power Board 3.0.0 and Applications Released"the original"Archived copy"the original"Perpetual licenses being done away with""Release Notes - Invision Power Services""Introducing: IPS Community Suite 4!"Invision Community Release Notes

            199年 目錄 大件事 到箇年出世嗰人 到箇年死嗰人 節慶、風俗習慣 導覽選單