Open In App

Davies-Meyer Hash Function

Improve
Improve
Like Article
Like
Save
Share
Report

Pre-requisites:  Merkle-Damgard construction

A Merkle-Damgard construction for collision-resistant hash functions required us to design a fixed-length, collision-resistant compression function (h) first.

Now the question arises, how do we construct ‘h’, such that h:{0, 1}l+n -> {0, 1}n.

There are two approaches:

  •  The first approach is based on number-theoretic assumptions, which are not practical as the computations involved are in the order of several magnitudes.
  • The second approach is block ciphers.

This brings us to Davies-Meyer construction, It uses a block cipher that essentially is a keyed Pseudo Random Permutation (PRP).

Block Cipher

Block Cipher

  • k‘ belongs to the key set (K)
  • x‘ belongs to the block set (X)
  • The result of the PRP (y) is Fk(x) which is of the same size as the block used, and belongs to the block set (X).

Using this, we construct the iterated Davies-Meyer compression function (hDM) as follows:

Davies-Meyer Construction

Davies-Meyer Construction

  • hDM is a PRP taking 2 inputs (‘m‘ and ‘t‘)
  • m‘ acts as the key for the PRP
  • t‘ acts as the message block
  • The result Fm(t) is then ‘xored’ with ‘t‘, which is essential to avoid collisions.

Properties:

  • Can be chained, i.e: you can feed the result of a block as the plaintext of the succeeding block.
  • Preimage and second preimage resistance.
  • Collision resistance under strict assumptions.

Last Updated : 09 Mar, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads