# Hash functions

## hash and sha256

Computer scientists have invented the <b><font color=RED>hash functions</font></b>. An hash function is a function which, when applied to a string, it gives you a value which is a sort of fingerprint of the string. If you just change the string a little bit, the hash function gives you a very different result. It is extremely rare that two strings have the same hash result.

There exist several hash functions. The easy ones, such as the <b>hash(< string >)</b> function in Python, give you an integer result. However, with an integer result it can happen that two strings have the same result (one probability out of some billions). More complex hash function are more interesting because they give you a long alphanumeric string, such as the <b><font color=RED>sha256</font></b> <b>sha256(< string >).hexdigest()</b> contained in Python library hashlib.
    
Please note that the result of hash functions is never random, you get always the same result if you apply it to the same string.

In [None]:
print(hash("Satoshi"))

In [None]:
from hashlib import sha256 # do not forget this, or you won't have sha256 available

print(sha256("Satoshi".encode('utf-8')).hexdigest()) 

## First usage: fingerprint of large data

You can use the hash functions as a fingerprint of large data. If you have a large amount of data and your scope is not keeping these data completely into your computer memory but simply keeping track of whether you have already examined them or not, you can store hash functions of those data. Whenever you are wondering whether you have already examined a set of data, you calculate its hash and check whether you have it.

One of the reasons why you do not want to keep your original data could be because they are large and use a lot of space, while another one could be because of privacy regulations (imagine if you had medical data, you do not want to keep the name and surename of the patient).

### Example

In [66]:
def veryComplexFunction(S):
    # we do not care about what this function really does (it is used only as an example), but we care about
    # the fact that it is very complex!   N=len(s): complexity is 3*N^3 str joins
    p=""
    for x in S:
        for y in S:
            for z in S:
                p=p+x+y+z
    return(p[int(len(p)/3):(int(len(p)/3)+9)])    

In [67]:
# test the function on these examples and you will see that it is really slow!

text1="imagine this is a large text, such as a web page"
text2="imagine this is another large text, such as another web page"
text3="imagine this is a third large text, not so large"
text4="this is a large text that you must check whether you have it already"





Your task is to apply veryComplexFunction to this list of texts without repeating the calculations for text that you have already examined and at the same time without storing the original text.

In [68]:
L=[text1,text2,text1,text3,text4,text1,text1,text3,text4,text1,text1,text3,text4,text1,text1,text3,text4,text1]



## Second usage: keeping passwords secret

Have you ever wondered whether your bank knows the PIN of your ATM card (it: bancomat, de: Karte)? It must know it, otherwise how could it check whether you have digited it correctly?

Have you ever asked yourself why some websites, when you click on "I forgot my password" send you your password, while others don't and send you a link to set up a new password? It is because some website store your password "clear" (as you have written it), a strategy which is very dangerous. Other website, or your bank for the ATM card's PIN, do not store that value, they do not have any idea of what it is. But in this case, how can they know whether my PIN/password is correct when I digit it?

Your ATM card has a number, let's say 1137862. The bank creates a PIN randomly and then calculates the hash of the ATM card number together with the PIN.

In [69]:
from hashlib import sha256



This number is then stored inside the bank's server. Using this number and the card's number it is **impossible** to deduce the PIN, as the hash functions are very complicated functions! In this way not even the bank knows your PIN and not even criminal employees or hackers can find it.

Whenever you slide in your card into the ATM and digit your PIN, the ATM calculates your hash and asks the bank's server whether that hash is correct.

## Third usage: proving the existence

<font color=BLUE>This part can be asked in the theoretical part of the exam about cryptocurrencies and blockchain technology.

Imagine you have written a book and you are submitting it to the editors, or whatever other good idea/product which can be easily copied electronically. You face the risk of an editor rejecting it and then publishing it with another author's name. There are old-tech ways to protect yourself: you may give a copy to an official authority (e.g. patent office for an invention or in Italy giving a printed copy of your book to a notary) but this is usually expensive and not fast in case you produce a lot of these products.

It is more convienent to calculate the hash function of your product (you can hash a book without any problems, but you can hash even a picture or a video just converting the file content to a string) and put it into a public place, which could be an announcment on the local newspaper if you live in the 19th century or a crypto blockchain in the 21st. The reason why using an hash function is clear: publishing an entire book or picture on a newspaper/blockchain is very expensive (just to give you an idea 1 MB on Ethereum blockchain costs 4000 dollars in transaction fees). Publishing the hash you have the proof that the hash-ed item existed at that time because you need to have the item to create that hash fingerprint and thus you have the proof that you had the item at that date.

How to write hash fingerprints on crypto blockchain? Almost every crypto blockchain accepts a very short description for each transaction and you can make a transaction to yourself for a very small amount and write the hash fingerprint in the description. 
<br>I have seen a conference of a water company in Sardinia that was taking pictures of the water meters of their customers. To prove that they had taken the picture before a certain date, they calculate the hash of each picture, put all the hash fingerprints together, calculate the hash of this sequence of hash fingerprints and write the final result on the Bitcoin blockchain. For a fee of maximum 10 euros they have a legal proof that those pictures were takes before a certain date.

## Fourth usage: mining bitcoins

<font color=BLUE>This part can be asked in the theoretical part of the exam about cryptocurrencies and blockchain technology.

Do you remember the solution invented by Satoshi Nakamoto to decide who shall add the next block to the Bitcoin blockchain? The first one who solves a "difficult mathematical puzzle that can be solved only by trial and error". Well, it's now time to tell you what is that puzzle. We will just have an idea of it, some technicalities will be omitted and simplified.

That puzzle is the following: take the hash fingerprint of the previous block (this is only to prevent somebody from starting to solve the puzzle in advance before the previous block is added), concatenate it with a file containing all the transactions that you want to confirm, concatenate it with whatever you want and try to get a hash fingerprint which starts with 8 zeros. You can really add whatever you want and try and retry until you manage to get it.

In its very first block, Satoshi managed to find an hash fingerprint with 10 zeros!!! 000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f

For example, when I am writing this file, the last block which was mined was block 605377. I go on www.blockchain.info/explorer and see the hash of the previous block 605376. I get three transactions from block 605377 (getting manually all of them would require too much manual work, obviously) and put them into a list.

Then, following Satoshi's rule, I calculate the hash of the previous block's hash, the transactions and some characters (we shall use only numbers as they are simpler) to see whether I am lucky and get a hash with some zeros at the beginning.

Beware that we haven't been so lucky to find the number randomly at first attempt. My computer spend some hours of attempts to find it...

The amount of zeros that you must get in your hash fingerprint is the **mining difficulty** and it is determined automatically every two weeks depending on how many computers are in the network. Currently, as you can see from the hash of the previous block, is 19 zeros, a really huge amount very difficult to get.