Encyclopedia of Cryptography and Security

2005 Edition
| Editors: Henk C. A. van Tilborg

Universal One-Way Hash Functions

  • Bart Preneel
Reference work entry
DOI: https://doi.org/10.1007/0-387-23483-7_447

A Universal One-Way Hash Function (UOWHF) is a class of hash functions indexed by a public parameter (called a key), for which finding a second preimage is hard. The main idea is that first the challenge input is selected, and subsequently the function instance (or parameter) is chosen. Only then should the opponent try to find a second input with the same output as the challenge. A UOWHF is a weaker notion than a collision resistanthash function (CRHF). In a CRHF, the opponent is first given the key and then he has to produce two colliding inputs. Finding collisions for a fixed parameter of a UOWHF may be rather easy, but this will not help the opponent to violate the security requirement, as the instance is chosen after the challenge. This also implies that the birthday paradox does not apply to a UOWHF and a hash result of 80 bits may offer adequate security (in 2004). Simon [8] has shown that there exists an oracle relative to which a UOWHF exists, but no CRHF.

The concept of UOWHF...

This is a preview of subscription content, log in to check access.


  1. [1]
    Bellare, M. and P. Rogaway (1997). “Collision-resistant hashing: Towards making UOWHFs practical.” Advances in Cryptology—CRYPTO'97, Lecture Notes in Computer Science, vol. 1294, ed. B. Kaliski. Springer-Verlag, Berlin, 470–484.Google Scholar
  2. [2]
    Impagliazzo, R. and M. Naor (1996). “Efficient cryptographic schemes provably as secure as subset sum.” Journal of Cryptology, 9 (4), 199–216.zbMATHMathSciNetCrossRefGoogle Scholar
  3. [3]
    Lee, W., D. Chang, S. Lee, S. Sung, and N. Nandi (2003). “New parallel domain extenders for UOWHFs.” Advances in Cryptology—ASIACRYPT 2003, Lecture Notes in Computer Science, vol. 2894, ed. C.S. Lai. Springer-Verlag, Berlin, 208–227.Google Scholar
  4. [4]
    Mironov, I. (2001). “Hash functions: from Merkle-Damgård to Shoup.” Advances in Cryptology—EUROCRYPT 2001, Lecture Notes in Computer Science, vol. 2045, ed. B. Pfitzmann. Springer-Verlag, Berlin, 166–181.Google Scholar
  5. [5]
    Naor, M. and M. Yung (1990). “Universal one-way hash functions and their cryptographic applications.” Proceedings of 21st ACM Symposium on the Theory of Computing, 387–394.Google Scholar
  6. [6]
    Rompel, J. (1990). “One-way functions are necessary and sufficient for secure signatures.” Proceedings of 22nd ACM Symposium on the Theory of Computing, ACM, New York, 387–394.Google Scholar
  7. [7]
    Shoup, V. (2000). “A composition theorem for universal one-way hash functions.” Advances in Cryptology—EUROCRYPT 2000, Lecture Notes in Computer Science, vol. 1807, ed. B. Preneel. Springer-Verlag, Berlin, 445–452.Google Scholar
  8. [8]
    Simon, D. (1998). “Finding collisions on a one-way street: Can secure hash functions be based on general assumptions?” Advances in Cryptology—EUROCRYPT'98, Lecture Notes in Computer Science, vol. 1403, ed. K. Nyberg. Springer-Verlag, Berlin, 334–345.Google Scholar
  9. [9]
    Zheng, Y., T. Matsumoto, and H. Imai (1990). “Connections between several versions of one way hash functions.” Transactions on IEICE E, E73 (7), 1092–1099.Google Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • Bart Preneel

There are no affiliations available