Cryptographic hash functions are ubiquitous in modern cryptography. They are an integral part of digital signature and public-key encryption schemes, access control mechanisms, digital time-stamping routines, message authentication codes, and file synchronization utilities. They are implemented in point-of-sale terminals, ATM machines, operating systems, web browsers, routers, and mobile phones, to name just a few. Yet the design and analysis of hash functions has received relatively little attention from the cryptographic community, a shortcoming underscored by recent high-profile attacks on the often-used MD5 and SHA-1 hash functions.
This work aims to advance our understanding of cryptographic hash functions in theory and practice by developing three complementary themes. First, it further solidifies the formal foundations of hashing. This means establishing new and meaningful notions of what means for a hash function to be "good". Additionally it explores the powers and limitations of new analytic frameworks (for example, indifferentiability and human-ignorance), and search for a sharper view of design heuristics (in particular the random-oracle and ideal-cipher models.) Second, it investigates the design of "small" hash functions, called compression functions, with small domains and fixed ranges. Designs based on permutations, blockciphers and tweakable blockciphers are especially interesting. Third, it develops methods for transforming compression functions into "big" hash functions with flexible domains and ranges; traditionally, the range of a hash function is a string of a single fixed length. Also targetted is the problem of combining the outputs of multiple primitives for the purpose of security preservation in the presence of faults.
