# Hash Functions Based on Block Ciphers

- First Online:

DOI: 10.1007/3-540-47555-9_5

## Abstract

Iterated hash functions based on block ciphers are treated. Five attacks on an iterated hash function and on its round function are formulated. The wisdom of strengthening such hash functions by constraining the last block of the message to be hashed is stressed. Schemes for constructing *m*-bit and 2*m*-bit hash round functions from *m*-bit block ciphers are studied. A principle is formalized for evaluating the strength of hash round functions, viz., that applying computationally simple (in both directions) invertible transformations to the input and output of a hash round function yields a new hash round function with the same security. By applying this principle, four attacks on three previously proposed 2*m*-bit hash round functions are formulated. Finally, three new hash round functions based on an *m*-bit block cipher with a 2*m*-bit key are proposed.