Conference on the Theory and Application of Cryptology

CRYPTO 1989: Advances in Cryptology — CRYPTO’ 89 Proceedings pp 416-427

A Design Principle for Hash Functions

  • Ivan Bjerre Damgård
Conference paper

DOI: 10.1007/0-387-34805-0_39

Volume 435 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Damgård I.B. (1990) A Design Principle for Hash Functions. In: Brassard G. (eds) Advances in Cryptology — CRYPTO’ 89 Proceedings. CRYPTO 1989. Lecture Notes in Computer Science, vol 435. Springer, New York, NY


We show that if there exists a computationally collision free function f from m bits to t bits where m > t, then there exists a computationally collision free function h mapping messages of arbitrary polynomial lengths to t-bit strings.

Let n be the length of the message. h can be constructed either such that it can be evaluated in time linear in n using 1 processor, or such that it takes time O(log(n)) using O(n) processors, counting evaluations of f as one step. Finally, for any constant k and large n, a speedup by a factor of k over the first construction is available using k processors.

Apart from suggesting a generally sound design principle for hash functions, our results give a unified view of several apparently unrelated constructions of hash functions proposed earlier. It also suggests changes to other proposed constructions to make a proof of security potentially easier.

We give three concrete examples of constructions, based on modular squaring, on Wolfram’s pseudoranddom bit generator [Wo], and on the knapsack problem.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 1990

Authors and Affiliations

  • Ivan Bjerre Damgård

There are no affiliations available