A hash chain is the successive application of a cryptographic hash function to a piece of data.
In computer security, a hash chain is a method used to produce many one-time keys from a single key or password.
For non-repudiation, a hash function can be applied successively to additional pieces of data in order to record the chronology of data's existence.
gives a hash chain of length 4, often denoted
Leslie Lamport[1] suggested the use of hash chains as a password protection scheme in an insecure environment.
A server which needs to provide authentication may store a hash chain rather than a plain text password and prevent theft of the password in transmission or theft from the server.
For example, a server begins by storing
When the user wishes to authenticate, they supply
and verifies this matches the hash chain it has stored.
for the next time the user wishes to authenticate.
Due to the one-way property of cryptographically secure hash functions, it is infeasible for the eavesdropper to reverse the hash function and obtain an earlier piece of the hash chain.
In this example, the user could authenticate 1000 times before the hash chain were exhausted.
Each time the hash value is different, and thus cannot be duplicated by an attacker.
The above diagram shows a hash tree consisting of eight leaf nodes and the hash chain for the third leaf node.
In addition to the hash values themselves the order of concatenation (right or left 1,0) or "order bits" are necessary to complete the hash chain.
The chain is parameterized by the Winternitz parameter w (number of bits in a "digit" d) and security parameter n (number of bits in the hash value, typically double the security strength,[3] 256 or 512).
values that are results of repeated application of a one-way "chain" function F to a secret key sk:
The chain function is typically based on a standard cryptographic hash, but needs to be parameterized ("randomized"[4]), so it involves few invocations of the underlying hash.
[5] In the Winternitz signature scheme a chain is used to encode one digit of the m-bit message, so the Winternitz signature uses approximately
bits, its calculation takes about
applications of the function F.[3] Note that some signature standards (like Extended Merkle signature scheme, XMSS) define w as the number of possible values in a digit, so
in standards (like Leighton-Micali Signature, LMS) that define w in the same way as above - as a number of bits in the digit.
[6] A hash chain is similar to a blockchain, as they both utilize a cryptographic hash function for creating a link between two nodes.
However, a blockchain (as used by Bitcoin and related systems) is generally intended to support distributed agreement around a public ledger (data), and incorporates a set of rules for encapsulation of data and associated data permissions.