This page uses content from Wikipedia and is licensed under CC BY-SA.

In cryptography, **N-Hash** is a cryptographic hash function based on the FEAL round function, and is now considered insecure. It was proposed in 1990 by Miyaguchi et al.; weaknesses were published the following year.

N-Hash has a 128-bit hash size. A message is divided into 128-bit blocks, and each block is combined with the hash value computed so far using the *g* compression function. *g* contains eight rounds, each of which uses an *F* function, similar to the one used by FEAL.

Eli Biham and Adi Shamir (1991) applied the technique of differential cryptanalysis to N-Hash, and showed that collisions could be generated faster than by a birthday attack for N-Hash variants with even up to 12 rounds.

- Eli Biham, Adi Shamir (1991). "Differential Cryptanalysis of Feal and N-Hash".
*EUROCRYPT*: 1–16. doi:10.1007/3-540-46416-6_1. - S. Miyaguchi, K. Ohta, and M. Iwata (November 1990). "128-bit hash function (N-hash)".
*NTT Review*.**2**(6): 128–132.

This cryptography-related article is a stub. You can help Wikipedia by expanding it. |