Hash Function: The Cryptographic Foundation of EUDI Wallet Integrity

A cryptographic hash function is a mathematical algorithm that takes an input (message) of arbitrary length and produces a fixed-size output (hash value or digest) with specific security properties: it is computationally infeasible to reverse the hash to find the input (preimage resistance), to find two different inputs that produce the same hash (collision resistance), or to find a second input that matches a given input's hash (second preimage resistance). In the EUDI Wallet ecosystem, hash functions are foundational cryptographic primitives used in digital signatures (ECDSA hashes the message before signing), selective disclosure (SD-JWT hashes individual claims for privacy), certificate validation (certificate fingerprints), and data integrity verification throughout the credential lifecycle.

A cryptographic hash function processes input data through a series of mathematical operations to produce a fixed-size digest. For SHA-256, the process involves padding the input to a multiple of 512 bits, splitting it into blocks, and processing each block through 64 rounds of compression using bitwise operations, modular addition, and logical functions. The result is a 256-bit (32-byte) hash value.

Three security properties make hash functions useful for cryptographic applications:

• •Preimage resistance: Given a hash value h, it is computationally infeasible to find any input m such that hash(m) = h. This means you cannot work backwards from a hash to discover the original data.
• •Second preimage resistance: Given an input m1, it is infeasible to find a different input m2 such that hash(m1) = hash(m2). This prevents an attacker from substituting different data that produces the same hash.
• •Collision resistance: It is infeasible to find any two different inputs m1 and m2 such that hash(m1) = hash(m2). This is the strongest property, essential for digital signature security.

Hash functions appear at virtually every stage of the EUDI credential lifecycle:

• •Credential signing: Before the issuer signs a credential with ECDSA, the credential content is hashed with SHA-256. The signature is computed on the hash, not the original data. This is essential because ECDSA operates on fixed-size inputs, and hashing provides the fixed-size representation of arbitrarily large credentials.
• •Selective disclosure: SD-JWT uses SHA-256 to hash each disclosable claim with a random salt. The credential contains the hash array, and the wallet reveals selected claim values during presentation. The verifier rehashes disclosed claims to confirm they match the signed hashes.
• •mdoc integrity: In ISO mdoc format, the Mobile Security Object contains hash values (ValueDigests) for each data element. During presentation, disclosed elements are hashed and verified against the signed digests.
• •Certificate fingerprints: X.509 certificates are identified by their SHA-256 fingerprint (hash of the DER-encoded certificate). These fingerprints appear in Trusted Lists and are used for certificate pinning.

A important property of cryptographic hash functions is the avalanche effect: changing even a single bit of the input completely changes the output hash. For example, hashing "credential_valid: true" and "credential_valid: false" with SHA-256 produces entirely different 256-bit hashes with no discernible relationship. Approximately half of the output bits will differ.

This property is essential for EUDI Wallet security. If an attacker modifies a credential (changing a name, date of birth, or validity status), the hash of the modified credential will be completely different from the original hash. Since the issuer's ECDSA signature was computed on the original hash, the signature verification will fail, immediately detecting the tampering. This makes credential forgery computationally infeasible without access to the issuer's private signing key.