# Checksum Verification Using an Encryption Algorithm Cipher That Avoids Collisions

In this post, I will choose an encryption algorithm cipher that avoids collision, and I will use the cipher to generate a checksum verification for a given string in Java.

What is a Checksum?

The hash produced by a cryptographic function, such as SHA-256, is a checksum.

I will use the Java MessageDigest class to generate the checksum verification and instantiate it with one of the documented options in the Java Security Standard Algorithm Names for `MessageDigest`.

Recommended algorithm name

SHA-256 is the algorithm name that I have chosen to use from the list of algorithm names that are used to generate an instance of MessageDigest.

What is a Hash Function?

A hash function satisfies three properties:

1. Collision resistance. It is computationally infeasible to find two distinct bit strings s ≠ s’ such that H ( s ) = H ( s ‘ ).
2. Pre-image resistance. Given a hash value t in the range of H, it is computationally infeasible to find a string s for which H ( s ) = t.
3. nd Pre-image resistance. Given a string s and hash value t such that H ( s ) = t, it is computationally infeasible to find a second string s ‘ such that H ( s’ ) = t as well.

(Walker, J., Kounavis, M., Gueron, S., & Graunke, G. (2009)

Check out Cryptographic hash functions for a simplified explanation if you are not familiar with discrete math symbols.

## SHA-256 is a Hash Function

Secure Hash Algorithm (SHA-256) is a cryptographic hash (digest) function used for verifying the integrity of a piece of text.

Hash functions are used to produce a unique (collision-free) hash value from a piece of text. The hash is not decryptable (The hash cannot be used to regenerate the original text)

Example

The hash value for the “ABC” text using SHA-256 is:

``ba7816bf8f01cfea414140de5daeb0061a96177a9cb410ff61f0015ad``

A secure hash function will make it infeasible for anyone to figure out that the above hash was produced using the “ABC” string.

## Hash Function Usage

Hash functions are used in handshake authentication, password verification, digital signatures, and other security applications. What guarantees do we have that a downloaded file from the internet was not corrupted or comprised? Hash functions solve that problem.

Scenario

A website allows the download of files and publicly publishes the hash values and the algorithm name used to produce the hash for the downloads. You can generate a hash on your computer for the downloaded file to verify that your hash matches the publisher’s hash value. The integrity of a file is compromised when the new hash does not match the old hash. This indicates that the file’s contents have changed, even by a single character.

## How Secure is SHA-256

SHA-256 is secure enough to be trusted by the United States Federal Government. On December 1, 015, the Department of Defense (DoD) published memorandum with the subject “Revised Schedule to Update DoD Public Key Infrastructure Certificates to Secure Hash Algorithm-256.”

## Is SHA-256 Collision Resistant?

In cryptography, a collision is when two different texts produce the same hash.

According privacycanada.net, there is a ^256 chance for a collision in SHA-56. ^256 is slightly less than the number of atoms in the known universe, which is about 10^8 atoms, according to Harry Baker (2021). To date, SHA-256 has not produced any known collisions.

Comparison

``SHA-256 chance of collission = ^256 = 11579089716195457098500868790785699846656405640945758400791196996``
``Number of atoms in the known universe = 10^8 = 10000000000000000000000000000000000000000000000000000000000000000000000000000000000``

This comparison is just for visual and does not say anything about the security of SHA-256 because computers are becoming faster at processing data.

## Java Code to generate a Checksum

``import org.springframework.boot.SpringApplication;``import org.springframework.boot.autoconfigure.SpringBootApplication;``import org.springframework.web.bind.annotation.RequestMapping;``import org.springframework.web.bind.annotation.RestController;``import java.security.MessageDigest;``import java.security.NoSuchAlgorithmException;``@SpringBootApplication``public class ServerApplication {``	public static void main(String[] args) {``		SpringApplication.run(ServerApplication.class, args);``	}``}``@RestController``class ServerController{``    @RequestMapping("/hash")``    public String myHash(){``    ``    	MessageDigest messageDigest = null; 			// declare MessageDigest object``    	String data 				= "Test string";	// data string``    	String checkSum 			= null; 			// Checksum value``    ``    	try {``		messageDigest = MessageDigest.getInstance("SHA-256");	// initialize object using SHA-256  ``	} catch (NoSuchAlgorithmException e) {``		e.printStackTrace();									``	}``    ``    	messageDigest.update(data.getBytes());		// pass data to messageDigest``	byte[] digest = messageDigest.digest();		// compute messageDigest``	checkSum = this.bytesToHex(digest);		// create hash value``    ``	// return formatted string``        return "<p>Data: " + data + "<br>Name of the algorithm cipher used: SHA-256" + "<br>Checksum hash value: " + checkSum + "</p>";``    }``   // Converts a byte array to a hexadecimal string``   public String bytesToHex(byte[] bytes) {``       StringBuilder springBuilder = new StringBuilder();``       // loop through byte array``       for (byte hashByte : bytes) {``           int intVal = 0xff & hashByte;``           if (intVal < 0x10) {``        	   springBuilder.append('0');	// append elements``           }``           springBuilder.append(Integer.toHexString(intVal));``       }``       return springBuilder.toString();		// return hexadecimal string``   }``}``

## References

Baker, H. (2021). How many atoms are in the observable universe?. https://www.livescience.com/how-many-atoms-in-universe.html

Department of Defense. (2015). Memorandum for secretaries of the military departments. https://www.acf.hhs.gov/sites/default/files/documents/ocse/dcl_08_07a.pdf