how many bits in the resultant hash will change, if the x bits are changed in its the original inputWhat is the “Random Oracle Model” and why is it controversial?Hash functions and the Avalanche effectHow are timestamps verified?Do parts of a hash carry the properties of the entire hash?How hard/easy will be to break a SHA-1 or SHA-256 hash if the attacker knows part of the original text?Do I need to use AE/AEAD in my particular scenario? Or is it redundant?Is there an algorithm that allows verification that 2 encrypted or hashed bits of data are the same, given that I may only know half of the key/ salt?Reversing a hash of known hashing algorithmHow can I calculate the avalanche effect in symmetric algorithms?Better than diceware? And sha512 related questionWhat is the length of the SHA-1 message digest and how is RSASSA-PSS used for verification?Can length extension attacks be avoided by a single bit flip?

Data Filters and Measures Error for Unique Opens

Is it ethical for a company to ask its employees to move furniture on a weekend?

How to determine the optimal threshold to achieve the highest accuracy

Get back to US from Canada without passport

How should the player unlock things?

Sending a photo of my bank account card to the future employer

A scene of Jimmy diversity

What advantages do focused Arrows of Slaying have over more generic ones?

Snaking a clogged tub drain

Why did Steve Rogers choose this character in Endgame?

How to remove the first colon ':' from a timestamp?

Manually select/unselect lines before forwarding to stdout

Why is Katakana not pronounced Katagana?

Link of a singularity

Can you perfectly wrap a cube with this blocky shape?

What powers the air required for pneumatic brakes in aircraft?

Adjusting vertical spacing in fractions?

Why isn't aluminium involved in biological processes?

Is it rude to refer to janitors as 'floor people'?

Credit card details stolen every 1-2 years. What am I doing wrong?

Is there a source that says only 1/5th of the Jews will make it past the messiah?

Is there an English equivalent for "Les carottes sont cuites", while keeping the vegetable reference?

Do I need a 50/60Hz notch filter for battery powered devices?

Do aircraft cabins have suspension?



how many bits in the resultant hash will change, if the x bits are changed in its the original input


What is the “Random Oracle Model” and why is it controversial?Hash functions and the Avalanche effectHow are timestamps verified?Do parts of a hash carry the properties of the entire hash?How hard/easy will be to break a SHA-1 or SHA-256 hash if the attacker knows part of the original text?Do I need to use AE/AEAD in my particular scenario? Or is it redundant?Is there an algorithm that allows verification that 2 encrypted or hashed bits of data are the same, given that I may only know half of the key/ salt?Reversing a hash of known hashing algorithmHow can I calculate the avalanche effect in symmetric algorithms?Better than diceware? And sha512 related questionWhat is the length of the SHA-1 message digest and how is RSASSA-PSS used for verification?Can length extension attacks be avoided by a single bit flip?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








1












$begingroup$


I came across a question stating:-




We have a message consisting of 10,000 characters. After computing its message digest using SHA-1, we decide to change the last 19 characters in the original message. How many bits in the digest will change if it is recomputed, and why?




Until and unless this is an explicit attack on the hashing scheme, the new hash would be different then the original one (sort of exhibiting Avalanche effect).



But I am unable to understand how does small changes in Input text, affect their corresponding Hashes. Like does there exists a relationship on how many bits of the hash will be affected, if a certain change is done to the Input text?



P.S.:- I am not a 100% sure, but I believe I have read it somewhere that a hashing algorithm should change the bits of hash by $X$% if a new character/bit is added/substituted to the previous input text.



Note:- I believe that my title isn't the best on for stating my problem. So, if anyone can come with a better title to describe my problem, then feel free to change the title, and delete this note from the description too. And if it is okay for describing my problem, then just remove this note.










share|improve this question









$endgroup$











  • $begingroup$
    See also Hash functions and the Avalanche effect
    $endgroup$
    – kelalaka
    6 hours ago










  • $begingroup$
    This sounds like a good job interview question. (Of the fizz buzz test kind, anyway.) It must either be a trick question or come from someone that doesn't understand hash functions. There isn't supposed to be any such relationship for a cryptographic hash. (Which isn't to say SHA-1 is safe...)
    $endgroup$
    – Future Security
    5 hours ago







  • 1




    $begingroup$
    The statement "last 19 characters" is a red herring. Any change in the input on average changes half of all bits - anything else would be a serious issue for its properties. Considering the state of SHA-1, even if it is considered broken, this should still apply.
    $endgroup$
    – tylo
    1 hour ago


















1












$begingroup$


I came across a question stating:-




We have a message consisting of 10,000 characters. After computing its message digest using SHA-1, we decide to change the last 19 characters in the original message. How many bits in the digest will change if it is recomputed, and why?




Until and unless this is an explicit attack on the hashing scheme, the new hash would be different then the original one (sort of exhibiting Avalanche effect).



But I am unable to understand how does small changes in Input text, affect their corresponding Hashes. Like does there exists a relationship on how many bits of the hash will be affected, if a certain change is done to the Input text?



P.S.:- I am not a 100% sure, but I believe I have read it somewhere that a hashing algorithm should change the bits of hash by $X$% if a new character/bit is added/substituted to the previous input text.



Note:- I believe that my title isn't the best on for stating my problem. So, if anyone can come with a better title to describe my problem, then feel free to change the title, and delete this note from the description too. And if it is okay for describing my problem, then just remove this note.










share|improve this question









$endgroup$











  • $begingroup$
    See also Hash functions and the Avalanche effect
    $endgroup$
    – kelalaka
    6 hours ago










  • $begingroup$
    This sounds like a good job interview question. (Of the fizz buzz test kind, anyway.) It must either be a trick question or come from someone that doesn't understand hash functions. There isn't supposed to be any such relationship for a cryptographic hash. (Which isn't to say SHA-1 is safe...)
    $endgroup$
    – Future Security
    5 hours ago







  • 1




    $begingroup$
    The statement "last 19 characters" is a red herring. Any change in the input on average changes half of all bits - anything else would be a serious issue for its properties. Considering the state of SHA-1, even if it is considered broken, this should still apply.
    $endgroup$
    – tylo
    1 hour ago














1












1








1


1



$begingroup$


I came across a question stating:-




We have a message consisting of 10,000 characters. After computing its message digest using SHA-1, we decide to change the last 19 characters in the original message. How many bits in the digest will change if it is recomputed, and why?




Until and unless this is an explicit attack on the hashing scheme, the new hash would be different then the original one (sort of exhibiting Avalanche effect).



But I am unable to understand how does small changes in Input text, affect their corresponding Hashes. Like does there exists a relationship on how many bits of the hash will be affected, if a certain change is done to the Input text?



P.S.:- I am not a 100% sure, but I believe I have read it somewhere that a hashing algorithm should change the bits of hash by $X$% if a new character/bit is added/substituted to the previous input text.



Note:- I believe that my title isn't the best on for stating my problem. So, if anyone can come with a better title to describe my problem, then feel free to change the title, and delete this note from the description too. And if it is okay for describing my problem, then just remove this note.










share|improve this question









$endgroup$




I came across a question stating:-




We have a message consisting of 10,000 characters. After computing its message digest using SHA-1, we decide to change the last 19 characters in the original message. How many bits in the digest will change if it is recomputed, and why?




Until and unless this is an explicit attack on the hashing scheme, the new hash would be different then the original one (sort of exhibiting Avalanche effect).



But I am unable to understand how does small changes in Input text, affect their corresponding Hashes. Like does there exists a relationship on how many bits of the hash will be affected, if a certain change is done to the Input text?



P.S.:- I am not a 100% sure, but I believe I have read it somewhere that a hashing algorithm should change the bits of hash by $X$% if a new character/bit is added/substituted to the previous input text.



Note:- I believe that my title isn't the best on for stating my problem. So, if anyone can come with a better title to describe my problem, then feel free to change the title, and delete this note from the description too. And if it is okay for describing my problem, then just remove this note.







hash sha-1 avalanche






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 10 hours ago









Vasu Deo.SVasu Deo.S

1718 bronze badges




1718 bronze badges











  • $begingroup$
    See also Hash functions and the Avalanche effect
    $endgroup$
    – kelalaka
    6 hours ago










  • $begingroup$
    This sounds like a good job interview question. (Of the fizz buzz test kind, anyway.) It must either be a trick question or come from someone that doesn't understand hash functions. There isn't supposed to be any such relationship for a cryptographic hash. (Which isn't to say SHA-1 is safe...)
    $endgroup$
    – Future Security
    5 hours ago







  • 1




    $begingroup$
    The statement "last 19 characters" is a red herring. Any change in the input on average changes half of all bits - anything else would be a serious issue for its properties. Considering the state of SHA-1, even if it is considered broken, this should still apply.
    $endgroup$
    – tylo
    1 hour ago

















  • $begingroup$
    See also Hash functions and the Avalanche effect
    $endgroup$
    – kelalaka
    6 hours ago










  • $begingroup$
    This sounds like a good job interview question. (Of the fizz buzz test kind, anyway.) It must either be a trick question or come from someone that doesn't understand hash functions. There isn't supposed to be any such relationship for a cryptographic hash. (Which isn't to say SHA-1 is safe...)
    $endgroup$
    – Future Security
    5 hours ago







  • 1




    $begingroup$
    The statement "last 19 characters" is a red herring. Any change in the input on average changes half of all bits - anything else would be a serious issue for its properties. Considering the state of SHA-1, even if it is considered broken, this should still apply.
    $endgroup$
    – tylo
    1 hour ago
















$begingroup$
See also Hash functions and the Avalanche effect
$endgroup$
– kelalaka
6 hours ago




$begingroup$
See also Hash functions and the Avalanche effect
$endgroup$
– kelalaka
6 hours ago












$begingroup$
This sounds like a good job interview question. (Of the fizz buzz test kind, anyway.) It must either be a trick question or come from someone that doesn't understand hash functions. There isn't supposed to be any such relationship for a cryptographic hash. (Which isn't to say SHA-1 is safe...)
$endgroup$
– Future Security
5 hours ago





$begingroup$
This sounds like a good job interview question. (Of the fizz buzz test kind, anyway.) It must either be a trick question or come from someone that doesn't understand hash functions. There isn't supposed to be any such relationship for a cryptographic hash. (Which isn't to say SHA-1 is safe...)
$endgroup$
– Future Security
5 hours ago





1




1




$begingroup$
The statement "last 19 characters" is a red herring. Any change in the input on average changes half of all bits - anything else would be a serious issue for its properties. Considering the state of SHA-1, even if it is considered broken, this should still apply.
$endgroup$
– tylo
1 hour ago





$begingroup$
The statement "last 19 characters" is a red herring. Any change in the input on average changes half of all bits - anything else would be a serious issue for its properties. Considering the state of SHA-1, even if it is considered broken, this should still apply.
$endgroup$
– tylo
1 hour ago











3 Answers
3






active

oldest

votes


















6












$begingroup$

For any one of the SHA hashes, the hash should be indistinguishable from pseudo-random. That means each and every bit flips with a chance of 50%. So on average half of the amount of bits gets flipped, as long as the input message doesn't repeat (because that will match 100% with the hash of the identical message, of course). It doesn't matter how many input bits are removed, added or altered, this is always the case as long as the input message isn't identical to the previous one.



Hashes are likely well distributed, so the likely number of bits that get flipped is a bell curve like you would get by throwing dice. Same thing for the number of zero bits - or one bits of course. So you cannot give an absolute number as an answer to this question. The result is not a function on $x$ if $x$ is the number of bits flipped - as long as $x$ is larger than zero.






share|improve this answer









$endgroup$












  • $begingroup$
    So, does that mean that the change does occur in the resultant hash, but it is not guided by a predefined value. Meaning change in bits will occur, but the no. of changed bits won't be obtainable by using a formula
    $endgroup$
    – Vasu Deo.S
    8 hours ago










  • $begingroup$
    Yes, exactly. The chance of no change is the same as finding a specific collision of course. The chance of all bits changing is exactly as low (bell curve, right?). The chance that exactly half the bits changing is the highest, but the chance that half minus one bits are changing is pretty high as well (again bell curve). The only formula that describes this is, of course, the hash function itself.
    $endgroup$
    – Maarten Bodewes
    7 hours ago










  • $begingroup$
    "The chance that exactly half the bits changing is the highest" could you please elaborate on this?
    $endgroup$
    – Vasu Deo.S
    6 hours ago










  • $begingroup$
    I did elaborate on it. Bell curve. The highest bar is the most likely. Just like 7 is most likely if you throw two dice.
    $endgroup$
    – Maarten Bodewes
    5 hours ago



















0












$begingroup$

Actually, the number of changed bits is obtainable by using a formula. It's about 80 with a 6% probability. As you've guessed, the hash exhibits an avalanche effect. On average each output bit will flip with a probability $P =0.5$ if an input bit flips. And the output bits are independent of each other (as far as we can tell). Thus one input flip or multiple input flips has the same effect. That generates a classic Binomial distribution defined as $Bin(160, 0.5)$, resulting in $mu = frac1602, sigma = fracsqrt1602$.



And it will look like this:-



dist






share|improve this answer









$endgroup$








  • 1




    $begingroup$
    "The number of changed bits" is an absolute, not a probability that at least 80 bits are changed. You can calculate the probability that a certain range of bits is changed, but the formula cannot give an exact answer.
    $endgroup$
    – Maarten Bodewes
    5 hours ago


















0












$begingroup$


how many bits in the resultant hash will change, if the x bits are changed in its the original input




50% on average, regardless of how many bits are changed.




SHA-1, like all cryptographic hash functions, attempts to model a pseudorandom function according to the random oracle model.* This means that any change to the input will result in, on average, 50% of the output bits changing. Another way to put it is that each bit has exactly a 50% chance of toggling when the input changes. It doesn't matter what the input is and whether it differs by a single bit or nineteen bits.



In the random oracle model, every output bit is completely independent of every other bit. Because we don't have access to a "real" random oracle, we can only approximate it using mathematical functions. While this does mean that the output bits are not independent, they appear to be, and any distinguisher would constitute a cryptanalytic attack against the core hash function, which would be pretty big news.



* It doesn't model it perfectly, as evidenced by both the length extension attack and extant collision attacks, but that doesn't matter for the sake of your question. Despite its weaknesses, it still exhibits the avalanche effect extremely well.






share|improve this answer











$endgroup$















    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "281"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f71988%2fhow-many-bits-in-the-resultant-hash-will-change-if-the-x-bits-are-changed-in-it%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    3 Answers
    3






    active

    oldest

    votes








    3 Answers
    3






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    6












    $begingroup$

    For any one of the SHA hashes, the hash should be indistinguishable from pseudo-random. That means each and every bit flips with a chance of 50%. So on average half of the amount of bits gets flipped, as long as the input message doesn't repeat (because that will match 100% with the hash of the identical message, of course). It doesn't matter how many input bits are removed, added or altered, this is always the case as long as the input message isn't identical to the previous one.



    Hashes are likely well distributed, so the likely number of bits that get flipped is a bell curve like you would get by throwing dice. Same thing for the number of zero bits - or one bits of course. So you cannot give an absolute number as an answer to this question. The result is not a function on $x$ if $x$ is the number of bits flipped - as long as $x$ is larger than zero.






    share|improve this answer









    $endgroup$












    • $begingroup$
      So, does that mean that the change does occur in the resultant hash, but it is not guided by a predefined value. Meaning change in bits will occur, but the no. of changed bits won't be obtainable by using a formula
      $endgroup$
      – Vasu Deo.S
      8 hours ago










    • $begingroup$
      Yes, exactly. The chance of no change is the same as finding a specific collision of course. The chance of all bits changing is exactly as low (bell curve, right?). The chance that exactly half the bits changing is the highest, but the chance that half minus one bits are changing is pretty high as well (again bell curve). The only formula that describes this is, of course, the hash function itself.
      $endgroup$
      – Maarten Bodewes
      7 hours ago










    • $begingroup$
      "The chance that exactly half the bits changing is the highest" could you please elaborate on this?
      $endgroup$
      – Vasu Deo.S
      6 hours ago










    • $begingroup$
      I did elaborate on it. Bell curve. The highest bar is the most likely. Just like 7 is most likely if you throw two dice.
      $endgroup$
      – Maarten Bodewes
      5 hours ago
















    6












    $begingroup$

    For any one of the SHA hashes, the hash should be indistinguishable from pseudo-random. That means each and every bit flips with a chance of 50%. So on average half of the amount of bits gets flipped, as long as the input message doesn't repeat (because that will match 100% with the hash of the identical message, of course). It doesn't matter how many input bits are removed, added or altered, this is always the case as long as the input message isn't identical to the previous one.



    Hashes are likely well distributed, so the likely number of bits that get flipped is a bell curve like you would get by throwing dice. Same thing for the number of zero bits - or one bits of course. So you cannot give an absolute number as an answer to this question. The result is not a function on $x$ if $x$ is the number of bits flipped - as long as $x$ is larger than zero.






    share|improve this answer









    $endgroup$












    • $begingroup$
      So, does that mean that the change does occur in the resultant hash, but it is not guided by a predefined value. Meaning change in bits will occur, but the no. of changed bits won't be obtainable by using a formula
      $endgroup$
      – Vasu Deo.S
      8 hours ago










    • $begingroup$
      Yes, exactly. The chance of no change is the same as finding a specific collision of course. The chance of all bits changing is exactly as low (bell curve, right?). The chance that exactly half the bits changing is the highest, but the chance that half minus one bits are changing is pretty high as well (again bell curve). The only formula that describes this is, of course, the hash function itself.
      $endgroup$
      – Maarten Bodewes
      7 hours ago










    • $begingroup$
      "The chance that exactly half the bits changing is the highest" could you please elaborate on this?
      $endgroup$
      – Vasu Deo.S
      6 hours ago










    • $begingroup$
      I did elaborate on it. Bell curve. The highest bar is the most likely. Just like 7 is most likely if you throw two dice.
      $endgroup$
      – Maarten Bodewes
      5 hours ago














    6












    6








    6





    $begingroup$

    For any one of the SHA hashes, the hash should be indistinguishable from pseudo-random. That means each and every bit flips with a chance of 50%. So on average half of the amount of bits gets flipped, as long as the input message doesn't repeat (because that will match 100% with the hash of the identical message, of course). It doesn't matter how many input bits are removed, added or altered, this is always the case as long as the input message isn't identical to the previous one.



    Hashes are likely well distributed, so the likely number of bits that get flipped is a bell curve like you would get by throwing dice. Same thing for the number of zero bits - or one bits of course. So you cannot give an absolute number as an answer to this question. The result is not a function on $x$ if $x$ is the number of bits flipped - as long as $x$ is larger than zero.






    share|improve this answer









    $endgroup$



    For any one of the SHA hashes, the hash should be indistinguishable from pseudo-random. That means each and every bit flips with a chance of 50%. So on average half of the amount of bits gets flipped, as long as the input message doesn't repeat (because that will match 100% with the hash of the identical message, of course). It doesn't matter how many input bits are removed, added or altered, this is always the case as long as the input message isn't identical to the previous one.



    Hashes are likely well distributed, so the likely number of bits that get flipped is a bell curve like you would get by throwing dice. Same thing for the number of zero bits - or one bits of course. So you cannot give an absolute number as an answer to this question. The result is not a function on $x$ if $x$ is the number of bits flipped - as long as $x$ is larger than zero.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered 9 hours ago









    Maarten BodewesMaarten Bodewes

    57.2k6 gold badges82 silver badges206 bronze badges




    57.2k6 gold badges82 silver badges206 bronze badges











    • $begingroup$
      So, does that mean that the change does occur in the resultant hash, but it is not guided by a predefined value. Meaning change in bits will occur, but the no. of changed bits won't be obtainable by using a formula
      $endgroup$
      – Vasu Deo.S
      8 hours ago










    • $begingroup$
      Yes, exactly. The chance of no change is the same as finding a specific collision of course. The chance of all bits changing is exactly as low (bell curve, right?). The chance that exactly half the bits changing is the highest, but the chance that half minus one bits are changing is pretty high as well (again bell curve). The only formula that describes this is, of course, the hash function itself.
      $endgroup$
      – Maarten Bodewes
      7 hours ago










    • $begingroup$
      "The chance that exactly half the bits changing is the highest" could you please elaborate on this?
      $endgroup$
      – Vasu Deo.S
      6 hours ago










    • $begingroup$
      I did elaborate on it. Bell curve. The highest bar is the most likely. Just like 7 is most likely if you throw two dice.
      $endgroup$
      – Maarten Bodewes
      5 hours ago

















    • $begingroup$
      So, does that mean that the change does occur in the resultant hash, but it is not guided by a predefined value. Meaning change in bits will occur, but the no. of changed bits won't be obtainable by using a formula
      $endgroup$
      – Vasu Deo.S
      8 hours ago










    • $begingroup$
      Yes, exactly. The chance of no change is the same as finding a specific collision of course. The chance of all bits changing is exactly as low (bell curve, right?). The chance that exactly half the bits changing is the highest, but the chance that half minus one bits are changing is pretty high as well (again bell curve). The only formula that describes this is, of course, the hash function itself.
      $endgroup$
      – Maarten Bodewes
      7 hours ago










    • $begingroup$
      "The chance that exactly half the bits changing is the highest" could you please elaborate on this?
      $endgroup$
      – Vasu Deo.S
      6 hours ago










    • $begingroup$
      I did elaborate on it. Bell curve. The highest bar is the most likely. Just like 7 is most likely if you throw two dice.
      $endgroup$
      – Maarten Bodewes
      5 hours ago
















    $begingroup$
    So, does that mean that the change does occur in the resultant hash, but it is not guided by a predefined value. Meaning change in bits will occur, but the no. of changed bits won't be obtainable by using a formula
    $endgroup$
    – Vasu Deo.S
    8 hours ago




    $begingroup$
    So, does that mean that the change does occur in the resultant hash, but it is not guided by a predefined value. Meaning change in bits will occur, but the no. of changed bits won't be obtainable by using a formula
    $endgroup$
    – Vasu Deo.S
    8 hours ago












    $begingroup$
    Yes, exactly. The chance of no change is the same as finding a specific collision of course. The chance of all bits changing is exactly as low (bell curve, right?). The chance that exactly half the bits changing is the highest, but the chance that half minus one bits are changing is pretty high as well (again bell curve). The only formula that describes this is, of course, the hash function itself.
    $endgroup$
    – Maarten Bodewes
    7 hours ago




    $begingroup$
    Yes, exactly. The chance of no change is the same as finding a specific collision of course. The chance of all bits changing is exactly as low (bell curve, right?). The chance that exactly half the bits changing is the highest, but the chance that half minus one bits are changing is pretty high as well (again bell curve). The only formula that describes this is, of course, the hash function itself.
    $endgroup$
    – Maarten Bodewes
    7 hours ago












    $begingroup$
    "The chance that exactly half the bits changing is the highest" could you please elaborate on this?
    $endgroup$
    – Vasu Deo.S
    6 hours ago




    $begingroup$
    "The chance that exactly half the bits changing is the highest" could you please elaborate on this?
    $endgroup$
    – Vasu Deo.S
    6 hours ago












    $begingroup$
    I did elaborate on it. Bell curve. The highest bar is the most likely. Just like 7 is most likely if you throw two dice.
    $endgroup$
    – Maarten Bodewes
    5 hours ago





    $begingroup$
    I did elaborate on it. Bell curve. The highest bar is the most likely. Just like 7 is most likely if you throw two dice.
    $endgroup$
    – Maarten Bodewes
    5 hours ago














    0












    $begingroup$

    Actually, the number of changed bits is obtainable by using a formula. It's about 80 with a 6% probability. As you've guessed, the hash exhibits an avalanche effect. On average each output bit will flip with a probability $P =0.5$ if an input bit flips. And the output bits are independent of each other (as far as we can tell). Thus one input flip or multiple input flips has the same effect. That generates a classic Binomial distribution defined as $Bin(160, 0.5)$, resulting in $mu = frac1602, sigma = fracsqrt1602$.



    And it will look like this:-



    dist






    share|improve this answer









    $endgroup$








    • 1




      $begingroup$
      "The number of changed bits" is an absolute, not a probability that at least 80 bits are changed. You can calculate the probability that a certain range of bits is changed, but the formula cannot give an exact answer.
      $endgroup$
      – Maarten Bodewes
      5 hours ago















    0












    $begingroup$

    Actually, the number of changed bits is obtainable by using a formula. It's about 80 with a 6% probability. As you've guessed, the hash exhibits an avalanche effect. On average each output bit will flip with a probability $P =0.5$ if an input bit flips. And the output bits are independent of each other (as far as we can tell). Thus one input flip or multiple input flips has the same effect. That generates a classic Binomial distribution defined as $Bin(160, 0.5)$, resulting in $mu = frac1602, sigma = fracsqrt1602$.



    And it will look like this:-



    dist






    share|improve this answer









    $endgroup$








    • 1




      $begingroup$
      "The number of changed bits" is an absolute, not a probability that at least 80 bits are changed. You can calculate the probability that a certain range of bits is changed, but the formula cannot give an exact answer.
      $endgroup$
      – Maarten Bodewes
      5 hours ago













    0












    0








    0





    $begingroup$

    Actually, the number of changed bits is obtainable by using a formula. It's about 80 with a 6% probability. As you've guessed, the hash exhibits an avalanche effect. On average each output bit will flip with a probability $P =0.5$ if an input bit flips. And the output bits are independent of each other (as far as we can tell). Thus one input flip or multiple input flips has the same effect. That generates a classic Binomial distribution defined as $Bin(160, 0.5)$, resulting in $mu = frac1602, sigma = fracsqrt1602$.



    And it will look like this:-



    dist






    share|improve this answer









    $endgroup$



    Actually, the number of changed bits is obtainable by using a formula. It's about 80 with a 6% probability. As you've guessed, the hash exhibits an avalanche effect. On average each output bit will flip with a probability $P =0.5$ if an input bit flips. And the output bits are independent of each other (as far as we can tell). Thus one input flip or multiple input flips has the same effect. That generates a classic Binomial distribution defined as $Bin(160, 0.5)$, resulting in $mu = frac1602, sigma = fracsqrt1602$.



    And it will look like this:-



    dist







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered 6 hours ago









    Paul UszakPaul Uszak

    8,1961 gold badge17 silver badges39 bronze badges




    8,1961 gold badge17 silver badges39 bronze badges







    • 1




      $begingroup$
      "The number of changed bits" is an absolute, not a probability that at least 80 bits are changed. You can calculate the probability that a certain range of bits is changed, but the formula cannot give an exact answer.
      $endgroup$
      – Maarten Bodewes
      5 hours ago












    • 1




      $begingroup$
      "The number of changed bits" is an absolute, not a probability that at least 80 bits are changed. You can calculate the probability that a certain range of bits is changed, but the formula cannot give an exact answer.
      $endgroup$
      – Maarten Bodewes
      5 hours ago







    1




    1




    $begingroup$
    "The number of changed bits" is an absolute, not a probability that at least 80 bits are changed. You can calculate the probability that a certain range of bits is changed, but the formula cannot give an exact answer.
    $endgroup$
    – Maarten Bodewes
    5 hours ago




    $begingroup$
    "The number of changed bits" is an absolute, not a probability that at least 80 bits are changed. You can calculate the probability that a certain range of bits is changed, but the formula cannot give an exact answer.
    $endgroup$
    – Maarten Bodewes
    5 hours ago











    0












    $begingroup$


    how many bits in the resultant hash will change, if the x bits are changed in its the original input




    50% on average, regardless of how many bits are changed.




    SHA-1, like all cryptographic hash functions, attempts to model a pseudorandom function according to the random oracle model.* This means that any change to the input will result in, on average, 50% of the output bits changing. Another way to put it is that each bit has exactly a 50% chance of toggling when the input changes. It doesn't matter what the input is and whether it differs by a single bit or nineteen bits.



    In the random oracle model, every output bit is completely independent of every other bit. Because we don't have access to a "real" random oracle, we can only approximate it using mathematical functions. While this does mean that the output bits are not independent, they appear to be, and any distinguisher would constitute a cryptanalytic attack against the core hash function, which would be pretty big news.



    * It doesn't model it perfectly, as evidenced by both the length extension attack and extant collision attacks, but that doesn't matter for the sake of your question. Despite its weaknesses, it still exhibits the avalanche effect extremely well.






    share|improve this answer











    $endgroup$

















      0












      $begingroup$


      how many bits in the resultant hash will change, if the x bits are changed in its the original input




      50% on average, regardless of how many bits are changed.




      SHA-1, like all cryptographic hash functions, attempts to model a pseudorandom function according to the random oracle model.* This means that any change to the input will result in, on average, 50% of the output bits changing. Another way to put it is that each bit has exactly a 50% chance of toggling when the input changes. It doesn't matter what the input is and whether it differs by a single bit or nineteen bits.



      In the random oracle model, every output bit is completely independent of every other bit. Because we don't have access to a "real" random oracle, we can only approximate it using mathematical functions. While this does mean that the output bits are not independent, they appear to be, and any distinguisher would constitute a cryptanalytic attack against the core hash function, which would be pretty big news.



      * It doesn't model it perfectly, as evidenced by both the length extension attack and extant collision attacks, but that doesn't matter for the sake of your question. Despite its weaknesses, it still exhibits the avalanche effect extremely well.






      share|improve this answer











      $endgroup$















        0












        0








        0





        $begingroup$


        how many bits in the resultant hash will change, if the x bits are changed in its the original input




        50% on average, regardless of how many bits are changed.




        SHA-1, like all cryptographic hash functions, attempts to model a pseudorandom function according to the random oracle model.* This means that any change to the input will result in, on average, 50% of the output bits changing. Another way to put it is that each bit has exactly a 50% chance of toggling when the input changes. It doesn't matter what the input is and whether it differs by a single bit or nineteen bits.



        In the random oracle model, every output bit is completely independent of every other bit. Because we don't have access to a "real" random oracle, we can only approximate it using mathematical functions. While this does mean that the output bits are not independent, they appear to be, and any distinguisher would constitute a cryptanalytic attack against the core hash function, which would be pretty big news.



        * It doesn't model it perfectly, as evidenced by both the length extension attack and extant collision attacks, but that doesn't matter for the sake of your question. Despite its weaknesses, it still exhibits the avalanche effect extremely well.






        share|improve this answer











        $endgroup$




        how many bits in the resultant hash will change, if the x bits are changed in its the original input




        50% on average, regardless of how many bits are changed.




        SHA-1, like all cryptographic hash functions, attempts to model a pseudorandom function according to the random oracle model.* This means that any change to the input will result in, on average, 50% of the output bits changing. Another way to put it is that each bit has exactly a 50% chance of toggling when the input changes. It doesn't matter what the input is and whether it differs by a single bit or nineteen bits.



        In the random oracle model, every output bit is completely independent of every other bit. Because we don't have access to a "real" random oracle, we can only approximate it using mathematical functions. While this does mean that the output bits are not independent, they appear to be, and any distinguisher would constitute a cryptanalytic attack against the core hash function, which would be pretty big news.



        * It doesn't model it perfectly, as evidenced by both the length extension attack and extant collision attacks, but that doesn't matter for the sake of your question. Despite its weaknesses, it still exhibits the avalanche effect extremely well.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited 56 mins ago

























        answered 1 hour ago









        forestforest

        6,5641 gold badge21 silver badges52 bronze badges




        6,5641 gold badge21 silver badges52 bronze badges



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Cryptography Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            Use MathJax to format equations. MathJax reference.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f71988%2fhow-many-bits-in-the-resultant-hash-will-change-if-the-x-bits-are-changed-in-it%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            19. јануар Садржај Догађаји Рођења Смрти Празници и дани сећања Види још Референце Мени за навигацијуу

            Israel Cuprins Etimologie | Istorie | Geografie | Politică | Demografie | Educație | Economie | Cultură | Note explicative | Note bibliografice | Bibliografie | Legături externe | Meniu de navigaresite web oficialfacebooktweeterGoogle+Instagramcanal YouTubeInstagramtextmodificaremodificarewww.technion.ac.ilnew.huji.ac.ilwww.weizmann.ac.ilwww1.biu.ac.ilenglish.tau.ac.ilwww.haifa.ac.ilin.bgu.ac.ilwww.openu.ac.ilwww.ariel.ac.ilCIA FactbookHarta Israelului"Negotiating Jerusalem," Palestine–Israel JournalThe Schizoid Nature of Modern Hebrew: A Slavic Language in Search of a Semitic Past„Arabic in Israel: an official language and a cultural bridge”„Latest Population Statistics for Israel”„Israel Population”„Tables”„Report for Selected Countries and Subjects”Human Development Report 2016: Human Development for Everyone„Distribution of family income - Gini index”The World FactbookJerusalem Law„Israel”„Israel”„Zionist Leaders: David Ben-Gurion 1886–1973”„The status of Jerusalem”„Analysis: Kadima's big plans”„Israel's Hard-Learned Lessons”„The Legacy of Undefined Borders, Tel Aviv Notes No. 40, 5 iunie 2002”„Israel Journal: A Land Without Borders”„Population”„Israel closes decade with population of 7.5 million”Time Series-DataBank„Selected Statistics on Jerusalem Day 2007 (Hebrew)”Golan belongs to Syria, Druze protestGlobal Survey 2006: Middle East Progress Amid Global Gains in FreedomWHO: Life expectancy in Israel among highest in the worldInternational Monetary Fund, World Economic Outlook Database, April 2011: Nominal GDP list of countries. Data for the year 2010.„Israel's accession to the OECD”Popular Opinion„On the Move”Hosea 12:5„Walking the Bible Timeline”„Palestine: History”„Return to Zion”An invention called 'the Jewish people' – Haaretz – Israel NewsoriginalJewish and Non-Jewish Population of Palestine-Israel (1517–2004)ImmigrationJewishvirtuallibrary.orgChapter One: The Heralders of Zionism„The birth of modern Israel: A scrap of paper that changed history”„League of Nations: The Mandate for Palestine, 24 iulie 1922”The Population of Palestine Prior to 1948originalBackground Paper No. 47 (ST/DPI/SER.A/47)History: Foreign DominationTwo Hundred and Seventh Plenary Meeting„Israel (Labor Zionism)”Population, by Religion and Population GroupThe Suez CrisisAdolf EichmannJustice Ministry Reply to Amnesty International Report„The Interregnum”Israel Ministry of Foreign Affairs – The Palestinian National Covenant- July 1968Research on terrorism: trends, achievements & failuresThe Routledge Atlas of the Arab–Israeli conflict: The Complete History of the Struggle and the Efforts to Resolve It"George Habash, Palestinian Terrorism Tactician, Dies at 82."„1973: Arab states attack Israeli forces”Agranat Commission„Has Israel Annexed East Jerusalem?”original„After 4 Years, Intifada Still Smolders”From the End of the Cold War to 2001originalThe Oslo Accords, 1993Israel-PLO Recognition – Exchange of Letters between PM Rabin and Chairman Arafat – Sept 9- 1993Foundation for Middle East PeaceSources of Population Growth: Total Israeli Population and Settler Population, 1991–2003original„Israel marks Rabin assassination”The Wye River Memorandumoriginal„West Bank barrier route disputed, Israeli missile kills 2”"Permanent Ceasefire to Be Based on Creation Of Buffer Zone Free of Armed Personnel Other than UN, Lebanese Forces"„Hezbollah kills 8 soldiers, kidnaps two in offensive on northern border”„Olmert confirms peace talks with Syria”„Battleground Gaza: Israeli ground forces invade the strip”„IDF begins Gaza troop withdrawal, hours after ending 3-week offensive”„THE LAND: Geography and Climate”„Area of districts, sub-districts, natural regions and lakes”„Israel - Geography”„Makhteshim Country”Israel and the Palestinian Territories„Makhtesh Ramon”„The Living Dead Sea”„Temperatures reach record high in Pakistan”„Climate Extremes In Israel”Israel in figures„Deuteronom”„JNF: 240 million trees planted since 1901”„Vegetation of Israel and Neighboring Countries”Environmental Law in Israel„Executive branch”„Israel's election process explained”„The Electoral System in Israel”„Constitution for Israel”„All 120 incoming Knesset members”„Statul ISRAEL”„The Judiciary: The Court System”„Israel's high court unique in region”„Israel and the International Criminal Court: A Legal Battlefield”„Localities and population, by population group, district, sub-district and natural region”„Israel: Districts, Major Cities, Urban Localities & Metropolitan Areas”„Israel-Egypt Relations: Background & Overview of Peace Treaty”„Solana to Haaretz: New Rules of War Needed for Age of Terror”„Israel's Announcement Regarding Settlements”„United Nations Security Council Resolution 497”„Security Council resolution 478 (1980) on the status of Jerusalem”„Arabs will ask U.N. to seek razing of Israeli wall”„Olmert: Willing to trade land for peace”„Mapping Peace between Syria and Israel”„Egypt: Israel must accept the land-for-peace formula”„Israel: Age structure from 2005 to 2015”„Global, regional, and national disability-adjusted life years (DALYs) for 306 diseases and injuries and healthy life expectancy (HALE) for 188 countries, 1990–2013: quantifying the epidemiological transition”10.1016/S0140-6736(15)61340-X„World Health Statistics 2014”„Life expectancy for Israeli men world's 4th highest”„Family Structure and Well-Being Across Israel's Diverse Population”„Fertility among Jewish and Muslim Women in Israel, by Level of Religiosity, 1979-2009”„Israel leaders in birth rate, but poverty major challenge”„Ethnic Groups”„Israel's population: Over 8.5 million”„Israel - Ethnic groups”„Jews, by country of origin and age”„Minority Communities in Israel: Background & Overview”„Israel”„Language in Israel”„Selected Data from the 2011 Social Survey on Mastery of the Hebrew Language and Usage of Languages”„Religions”„5 facts about Israeli Druze, a unique religious and ethnic group”„Israël”Israel Country Study Guide„Haredi city in Negev – blessing or curse?”„New town Harish harbors hopes of being more than another Pleasantville”„List of localities, in alphabetical order”„Muncitorii români, doriți în Israel”„Prietenia româno-israeliană la nevoie se cunoaște”„The Higher Education System in Israel”„Middle East”„Academic Ranking of World Universities 2016”„Israel”„Israel”„Jewish Nobel Prize Winners”„All Nobel Prizes in Literature”„All Nobel Peace Prizes”„All Prizes in Economic Sciences”„All Nobel Prizes in Chemistry”„List of Fields Medallists”„Sakharov Prize”„Țara care și-a sfidat "destinul" și se bate umăr la umăr cu Silicon Valley”„Apple's R&D center in Israel grew to about 800 employees”„Tim Cook: Apple's Herzliya R&D center second-largest in world”„Lecții de economie de la Israel”„Land use”Israel Investment and Business GuideA Country Study: IsraelCentral Bureau of StatisticsFlorin Diaconu, „Kadima: Flexibilitate și pragmatism, dar nici un compromis în chestiuni vitale", în Revista Institutului Diplomatic Român, anul I, numărul I, semestrul I, 2006, pp. 71-72Florin Diaconu, „Likud: Dreapta israeliană constant opusă retrocedării teritoriilor cureite prin luptă în 1967", în Revista Institutului Diplomatic Român, anul I, numărul I, semestrul I, 2006, pp. 73-74MassadaIsraelul a crescut in 50 de ani cât alte state intr-un mileniuIsrael Government PortalIsraelIsraelIsraelmmmmmXX451232cb118646298(data)4027808-634110000 0004 0372 0767n7900328503691455-bb46-37e3-91d2-cb064a35ffcc1003570400564274ge1294033523775214929302638955X146498911146498911

            Кастелфранко ди Сопра Становништво Референце Спољашње везе Мени за навигацију43°37′18″ СГШ; 11°33′32″ ИГД / 43.62156° СГШ; 11.55885° ИГД / 43.62156; 11.5588543°37′18″ СГШ; 11°33′32″ ИГД / 43.62156° СГШ; 11.55885° ИГД / 43.62156; 11.558853179688„The GeoNames geographical database”„Istituto Nazionale di Statistica”проширитиууWorldCat156923403n850174324558639-1cb14643287r(подаци)