N-hash

{{Short description|Cryptographic hash function}}

In cryptography, N-hash is a cryptographic hash function based on the FEAL round function, and is now considered insecure. It was proposed in 1990 in an article by Miyaguchi, Ohta, and Iwata;{{cite journal

| title=128-bit hash function (N-hash)

|author1=S. Miyaguchi |author2=K. Ohta |author3=M. Iwata

| journal=NTT Review

| volume=2

| number=6

| date=November 1990

| pages=128–132}} weaknesses were published the following year.

N-hash has a 128-bit hash size. A message is divided into 128-bit blocks, and each block is combined with the hash value computed so far using the g compression function. g contains eight rounds, each of which uses an F function, similar to the one used by FEAL.

Eli Biham and Adi Shamir (1991) applied the technique of differential cryptanalysis to N-hash, and showed that collisions could be generated faster than by a birthday attack for N-hash variants with even up to 12 rounds.{{cite conference

|conference=Workshop on the Theory and Application of Cryptographic Techniques, Brighton, UK, April 8–11, 1991. Proceedings

|author=Eli Biham |author2=Adi Shamir

|title=Advances in Cryptology — EUROCRYPT '91 |chapter=Differential Cryptanalysis of Feal and N-Hash | title-link=EUROCRYPT

| series=Lecture Notes in Computer Science

| year=1991

| volume=547

| pages=1–16

| doi= 10.1007/3-540-46416-6_1| editor= Donald W. Davies |isbn=978-3-540-54620-7| doi-access=free

}}