Cryptographic Hash Functions (Course)

Lecturer: Prof. Dr. Stefan Lucks

On the one hand, cryptographic hash functions are unusual cryptographic algorithms. In comparison with block ciphers or MACs they work without a key. On the other hand, they are the beasts of burden (i.e., the eager beavers) in many applications. These hash functions mainly appear in cryptographic protocols, such as SSH, SSL, and RSA-OAEP.

Since 2000, cryptographers have found some crucial weaknesses in common cryptographic hash functions, e.g., MD5 and SHA-1. Only the SHA-2 family seems to be resistent against published attacks. As the structure of SHA-2 is similar to the structure of SHA-1, the National Institute of Standards and Technlogy (NIST) introduced a public hash function challenge (SHA-3 contest) to find a new standard, 64 first round candidates were submitted, including two candidates designed by the chair of Media Security in Weimar. One of them (Skein) is one out of the five finalists.

The first part of this course introduces cryptographic hash functions and their application in practice. The second part will show generic attacks and their impact in practice.  Furthermore, this course will teach you approaches used for the design of a cryptographic hash function. The third part is about the finalists of the SHA-3 competition. The last part will be about password hashing, where we consider candidates of the currently running Password Hashing Competition (PHC) and their properties as well as possible attacks against them.

Class Meeting: Wednesday, 11:00 - 12:30 a.m. (Karl-Haußknecht-Straße 7 (HK 7), Lecture Room)

First Meeting: 14.10.2015


  • Introduction
  • Iterated Cryptographic Hash Functions
  • Generic Attacks on Random Hash Functions
  • Block Cipher Based Compression Function
  • Dedicated Compression Functions
  • Tree Hashing and Hash Trees
  • SHA-3 Competition
  • Password Hashing
  • Catena


Oral examination (Admission due to a successful take out of the problem session)

Target audience:

Computer Science and Media, M.Sc.


  • Articles Full-Domain Hash and Simulator Approach, Random Oracle Model (do not distribute),
  • Bellare, Rogaway: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. ACM Conference on Computer and Communications Security 1993:62-73.