A Design Principle for Hash Functions

  • Ivan Bjerre Damgård
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 435)


We show that if there exists a computationally collision free function f from m bits to t bits where m > t, then there exists a computationally collision free function h mapping messages of arbitrary polynomial lengths to t-bit strings.

Let n be the length of the message. h can be constructed either such that it can be evaluated in time linear in n using 1 processor, or such that it takes time O(log(n)) using O(n) processors, counting evaluations of f as one step. Finally, for any constant k and large n, a speedup by a factor of k over the first construction is available using k processors.

Apart from suggesting a generally sound design principle for hash functions, our results give a unified view of several apparently unrelated constructions of hash functions proposed earlier. It also suggests changes to other proposed constructions to make a proof of security potentially easier.

We give three concrete examples of constructions, based on modular squaring, on Wolfram’s pseudoranddom bit generator [Wo], and on the knapsack problem.


Hash Function Knapsack Problem Function Family Digital Signature Scheme Probabilistic Polynomial 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [Da]
    Damgård: “Collision Free Hash Functions and Public Key Signature Schemes”, Proceedings of EuroCrypt 87, Springer.Google Scholar
  2. [De]
    D. Denning: “Digital Signatures with RSA and other Public Key Cryptosystems”, CACM, vol.27, 1984, pp.441–448.MathSciNetGoogle Scholar
  3. [DP]
    Davis and Price: “The Application of Digital Signatures Based on Public Key Crypto-Systems”, Proc. of CompCon 1980, pp.525–530.Google Scholar
  4. [GC]
    Godlewski and Camion: “Manipulation and Errors, Localization and Detection”, Proceedings of EuroCrypt 88, Springer.Google Scholar
  5. [Gi]
    Gibson: “A Collision Free Hash Function and the Discrete Logarithm Problem for a Composite Modulus”, Manuscript, 1/10/88, London, England.Google Scholar
  6. [Gir]
    Girault: “Hash Functions Using Modulo-n Operations”, Proceedings of EuroCrypt 87, Springer.Google Scholar
  7. [GTV]
    Girault, Toffin and Vallée: “Computation of Approximate L-th Roots Modulon and Application to Cryptography”, Proceedings of Crypto 88, Springer.Google Scholar
  8. [ImNa]
    Impagliazzo and Naor: “Efficient Cryptographic Schemes Provably as Secure as Subset Sum”, Proc. of FOCS 89.Google Scholar
  9. [Me]
    Merkle: “One Way Hash Functions and DES”, these proceedings.Google Scholar
  10. [NaYu]
    Naor and Yung: “Universal One-Way Hash Functions”, Proc. of STOC 89.Google Scholar
  11. [Wi]
    Winternitz: “Producing a one-way Hash Function from DES”, Proceedings of Crypto 83, Springer.Google Scholar
  12. [Wo]
    Wolfram: “Random Sequence Generation by Cellular Automata”, Adv. Appl. Math., vol 7, 123–169, 1986.zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1990

Authors and Affiliations

  • Ivan Bjerre Damgård

There are no affiliations available

Personalised recommendations