Cryptographic hash functions are fundamental building blocks in security protocols, digital signatures, and blockchain technologies. While they may seem simple at first glance, their design, construction, and misuse can lead to subtle but critical vulnerabilities.
This masterclass dives into the theoretical foundations and practical implementation of hash functions. You’ll explore the key design principles behind cryptographic hashes — from Merkle–Damgård and compression functions to sponge constructions used in SHA-3 and advanced schemes like Poseidon, tailored for ZK-SNARKs.
You’ll also get hands-on experience identifying weak constructions, understanding real-world attacks like length extension, and recognizing common implementation mistakes in cryptographic software.
This masterclass offers practical demos, implementation exercises, and security-oriented analysis to help you build, break, and secure cryptographic hash functions effectively.
Trusted by Security Engineers at Leading Companies
Mathematical definition of a hash function
One-way function: definition and role.
Non-Cryptographic hashes
Typical usages (hash tables, checksums, etc.).
Examples (e.g., MurmurHash, CityHash).
Conditions and limitations.
Deep dive into a specific non-cryptographic hash.
Practical implementation exercise.
Security criteria for cryptographic hashes
Collision resistance, preimage resistance, second-preimage resistance.
Balancing security vs performance.
General principles: how cryptographic hashes are designed.
Merkle–Damgård construction
Historical context.
Inner workings.
Security considerations and applications.
Compression functions
Block cipher based approaches.
Variants: Davies-Meyer, Matyas-Meyer-Oseas, Miyaguchi-Preneel.
Hands-on: implement Davies-Meyer.
Permutation-based constructions.
Sponge construction
Core principles, used in SHA-3 (Keccak).
Duplex construction
Extensions of the sponge.
Poseidon hash
A specialized sponge for ZK-SNARKs and blockchain use cases.
Tree hashing
Parallelizable approach for large data sets.
Vulnerabilities of constructions
Length-extension attacks (Merkle–Damgård).
Small capacity sponges and their risks.
Vulnerabilities of implementations
Faulty or incomplete implementations.
Memory handling issues.
Incorrect or missing hash validation.
Good practices
Always use well-studied, standardized hashes (SHA-2, SHA-3, BLAKE2/3).
Correct implementation, validation, and testing.
Performance/security trade-offs in practice.
🔑 Immediate access to all the content
⏱️ Hours of curated and practical knowledge
🎞️ Easy-to-digest, on-demand videos
👨💻 Hands-on exercises & labs
♾️ Lifetime access
📖 Digital and printable slides
📝 Assignments to apply your new skills
💯 Certificate of completion
This masterclass is designed for anyone looking to gain hands-on experience with cryptographic hash functions and understand their design, implementation, and security pitfalls, including:
✔ Software developers
✔ Security engineers
✔ Cryptography Enthusiasts
✔ Pentesters & Red team professionals
⚠️ This masterclass is currently in pre-sales and it will be release in less than 3 months.
We speak, train, and compete at the world’s most respected security conferences.
Please, contact us here if you have any other question!