N-hash

Last updated
N-hash
General
DesignersS. Miyaguchi
K. Ohta
M. Iwata
First published1990
Derived from FEAL
Detail
Digest sizes 128 bits
StructureIterated hash function
Rounds 8

In cryptography, N-hash is a cryptographic hash function based on the FEAL round function, and is now considered insecure. It was proposed in 1990 in an article by Miyaguchi, Ohta, and Iwata; [1] weaknesses were published the following year. [2]

Contents

N-hash has a 128-bit hash size. A message is divided into 128-bit blocks, and each block is combined with the hash value computed so far using the g compression function. g contains eight rounds, each of which uses an F function, similar to the one used by FEAL.

Eli Biham and Adi Shamir (1991) applied the technique of differential cryptanalysis to N-hash, and showed that collisions could be generated faster than by a birthday attack for N-hash variants with even up to 12 rounds. [2]

Design

N-hash follows an early block cipher–based approach to cryptographic hash function design, in which the compression function is constructed from a cipher-like round function rather than from a dedicated hash-specific primitive. Such designs were common in the late 1980s and early 1990s, prior to the widespread adoption of purpose-built hash functions. [3] [4] [5] The chaining mechanism of N-hash combines the output of the round function with both the current message block and the previous hash state. This structure was later studied in the context of generic block cipher–based hash constructions and their resistance to known cryptanalytic techniques. [2] [6]

Cryptanalysis

The cryptanalysis of N-hash highlighted the risks of directly reusing block cipher components in hash function design without sufficient security margins. Attacks on N-hash demonstrated that structural properties exploitable in encryption algorithms could also undermine collision resistance when applied in a hashing context. [2] [7] [8] As a result of these findings, N-hash was never adopted in practical cryptographic applications. It is cited primarily in academic literature as an early example that influenced later research into secure hash function construction and the separation of design principles for encryption and hashing. [9]

References

  1. S. Miyaguchi; K. Ohta; M. Iwata (November 1990). "128-bit hash function (N-hash)". NTT Review. 2 (6): 128–132.
  2. 1 2 3 4 Eli Biham; Adi Shamir (1991). "Differential Cryptanalysis of Feal and N-Hash". In Donald W. Davies (ed.). Advances in Cryptology — EUROCRYPT '91. Workshop on the Theory and Application of Cryptographic Techniques, Brighton, UK, April 8–11, 1991. Proceedings. Lecture Notes in Computer Science. Vol. 547. pp. 1–16. doi: 10.1007/3-540-46416-6_1 . ISBN   978-3-540-54620-7.
  3. Preneel, Bart (1993). Analysis and Design of Cryptographic Hash Functions (PDF) (PhD dissertation). Katholieke Universiteit Leuven. Archived from the original (PDF) on 2024-04-22. Retrieved 2025-12-22.
  4. Ismailova, R. (2012). Block Cipher Based Hashed Functions (PDF) (PhD thesis). Middle East Technical University. Retrieved 2025-12-22.
  5. Thomsen, S.S. (2012). Cryptographic Hash Functions (PDF) (PhD thesis). Technical University of Denmark. Archived from the original (PDF) on 2019-02-25. Retrieved 2025-12-22.
  6. Danda, M.K.R. (2007). Design and Analysis of Hash Functions (PDF) (PhD thesis). Victoria University. Archived from the original (PDF) on 2025-03-21. Retrieved 2025-12-22.
  7. Khovratovich, Dmitry (2009). Cryptanalysis of Hash Functions with Structures. Selected Areas in Cryptography (SAC) 2009. Lecture Notes in Computer Science. Vol. 5867. pp. 108–125. doi :10.1007/978-3-642-05445-7_7. Archived from the original on 2018-06-18. Retrieved 2025-12-22.
  8. Phan, Raphael C.-W.; Aumasson, Jean-Philippe (2009). On Hashing With Tweakable Ciphers (PDF). Archived from the original (PDF) on 2025-04-16. Retrieved 2025-12-22.
  9. Lai, Xucjia; Massey, James L. (1993). Rueppel, Rainer A. (ed.). "Hash Functions Based on Block Ciphers". Advances in Cryptology — EUROCRYPT’ 92. Berlin, Heidelberg: Springer: 55–70. doi:10.1007/3-540-47555-9_5. ISBN   978-3-540-47555-2. Archived from the original on 2023-10-08.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.