A fast software one-way hash function | SpringerLink



Journal of Cryptology

January 1990, Volume 3, Issue 1, pp 43–58 | Cite as

A fast software one-way hash function

  • Ralph C. Merkle
ArticleReceived: 07 November 1989 Revised: 18 July 1990


One way hash functions are an important cryptographic primitive, and can be used to solve a wide variety of problems involving authentication and integrity. It would be useful to adopt a standard one-way hash function for use in a wide variety of systems throughout the world. Such a standard one-way hash function should be easy to implement, use, and understand; resistant to cryptographic attack, and should be fast when implemented in software. We present a candidate one-way hash function which appears to have these desirable properties. Further analysis of its cryptographic security is required before it can be considered for widespread use.

Key words

One-way hash function Message digest algorithm One-way function Manipulation detection code MDC Authentication Integrity  This is a preview of subscription content, log in to check access.


Unable to display preview. Download preview PDF.


  1. 1. Secrecy, Authentication, and Public Key Systems, by Ralph C. Merkle, Ph.D. thesis, Stanford University, 1979.Google Scholar
  2. 2. A Certified Digital Signature: that antique paper from 1979, Advances in Cryptology—Crypto '89, Lecture Notes on Computer Science, Vol. 435, Springer-Verlag, Berlin, pages 218–238.Google Scholar
  3. 3. Universal one-way hash functions and their cryptographic applications, by Moni Naor and Moti Yung, Proceedings of the Twenty-First Annual ACM Symposium on Theory of Computing, Seattle, Washington, May 15–17,1989, pages 33–43.Google Scholar
  4. 4. A high speed manipulation detection code, by Robert R. Jueneman, Advances in Crytopology—Crypto '86, Lecture Notes on Computer Science, Vol. 263, Berlin, pages 327–346.Google Scholar
  5. 5. Another birthday attack, by Don Coppersmith. Advances in Cryptology—Crypto '85, Lecture Notes on Computer Science, Vol. 218, Springer-Verlag, Berlin, pages 14–17.Google Scholar
  6. 6. A digital signature based on a conventional encryption function, by Ralph C. Merkle, Advances in Cryptology—Crypto '87, Lecture Notes on Computer Science, Vol. 293, Springer-Verlag, Berlin, pages 369–378.Google Scholar
  7. 7. Cryptography and Data Security, by Dorothy E. R. Denning, Addison-Welsey, Reading, MA, 1982, page 170.Google Scholar
  8. 8. On the security of multiple encryption, by Ralph C. Merkle, Communication of the Association for Computing Machinery, Vol. 24, No. 7, July 1981, pages 465–467.Google Scholar
  9. 9. Results of an initial attempt to cryptanalze the NBS Data Encryption Standard, by Martin Hellman et al., Information System Lab. Report SEL 76–042, Stanford University, 1976.Google Scholar
  10. 10. Communication theory of secrecy systems, by C. E. Shannon, Bell Systems Technical Journal, Vol. 28, Oct. 1949, pages 656–715.Google Scholar
  11. 11. Message authentication, by R. R. Jueneman, S. M. Matyas, and C. H. Meyer, IEEE Communications Magazine, Vol. 23, No. 9, September 1985, pages 29–40.Google Scholar
  12. 12. Generating strong one-way functions with cryptographic algorithm, by S. M. Matyas, C. H. Meyer, and J. Oseas, IBM Technical Disclosure Bulletin, Vol. 27, No. 10A, March 1985, pages 5658–5659Google Scholar
  13. 13. Analysis of Jueneman's MDC Scheme, by Don Coppersmith, preliminary version, June 9, 1988. Analysis of the system presented in [4] A high speed manipulation detection code, by Robert R. Jueneman, Advances in Crytopology—Crypto '86, Lecture Notes on Computer Science, Vol. 263, Berlin, pages 327–346.Google Scholar
  14. 14. The Data Encryption Standard: past and future, by M. E. Smid and D. K. Branstad, Proceedings of the IEEE, Vol. 76, No. 5, May 1988, pages 550–559.Google Scholar
  15. 15. Defending Secrets, Sharing Data: New Locks and Keys for Electric Information, U.S. Congress, Office of Technology Assessment, OTA-CIT-310, U.S. Government Printing Office, Washington, October 1987Google Scholar
  16. 16. Exhaustive cryptanalysis of the NBS data encryption standard, by Whitfield Diffie and Martin Hellman, Computer, June 1977, pages 74–78.Google Scholar
  17. 17. Cryptography: A New Dimension in Data Security, by Carl H. Meyer and Stephen M. Matyas, Wiley, New York, 1982.Google Scholar
  18. 18. One Way Hash Functions and DES, by Ralph C. Merkle, Crypto '89.Google Scholar
  19. 19. Data Encryption Standard (DES), Federal Information Processing Standards Publication 46, National Bureau of Standards (U.S.), National Technical Information Service, Springfield, VA, April 1977.Google Scholar
  20. 20. Cryptography and Computer Privacy, by H. Feistel, Scientific American, Vol. 228, No. 5, May 1973, pages 15–23.Google Scholar
  21. 21. Maximum Likelihood Estimation Applied to Cryptanalysis, by Dov Andelman, Ph.D. thesis, Stanford University, 1979.Google Scholar
  22. 22. Secure program code with modification detection code, by Carl H. Meyer and Michael Schilling, Proceedings of the Fifth Worwide Congress on Computers and Communication Security and Protection—Securicom '88, SEDEP, Paris, pages 111–130.Google Scholar
  23. 23. Cryptography—a state of the art review, by Carl H. Meyer, Proceedings of the Third Annual European Computer Conference—Comeuro '89, Hamburg, May 8–12, 1989, pages 150–154.Google Scholar
  24. 24. Design Principles for Hash Functions, by Ivan Damgaard, Crypto '89.Google Scholar
  25. 25. Don Coppersmith, private communication.Google Scholar
  26. 26. The MD4 Message Digest Algorithm, by Ron Rivest, Crypto '90.Google Scholar
  27. 27. Unpublished cryptanalysis of the 2-pass version of Snefru by Eli Biham.Google Scholar

Copyright information

© International Association for Cryptologic Research 1990

Authors and Affiliations

  • Ralph C. Merkle
    • 1
  1. 1.Xerox PARCPalo AltoUSA

Personalised recommendations

Cite article

Buy options