We propose a new cryptographic construction called 3C, which works as a pseudorandom function (PRF), message authentication code (MAC) and cryptographic hash function. The 3C-construction is obtained by modifying the Merkle-Damgård iterated construction used to construct iterated hash functions. We assume that the compression functions of Merkle-Damg˚ard iterated construction realize a family of fixed-length-input pseudorandom functions (FI-PRFs). A concrete security analysis for the family of 3C-variable-length-input pseudorandom functions (VI-PRFs) is provided in a precise and quantitative manner. The 3C-VI-PRF is then used to realize the 3C-MAC construction called one-key NMAC (O-NMAC). O-NMAC is a more efficient variant of NMAC and HMAC in the applications where key changes frequently and the key cannot be cached. The 3C-construction works as a new mode of hash function operation for the hash functions based on Merkle-Damgård construction such as MD5 and SHA-1. The generic 3C-hash function is more resistant against the recent differential multi-block collision attacks than the Merkle-Damg˚ard hash functions and the extension attacks do not work on the 3C-hash function. The 3C-X hash function is the simplest and efficient variant of the generic 3C hash function and it is the simplest modification to the Merkle-Damgård hash function that one can achieve. We provide the security analysis for the functions 3C and 3C-X against multi-block collision attacks and generic attacks on hash functions. We combine the wide-pipe hash function with the 3C hash function for even better security against some generic attacks and differential attacks. The 3C-construction has all these features at the expense of one extra iteration of the compression function over the Merkle-Damgård construction.

Abstract. In this paper, the author studies the fast cryptographic hash function. This work suggests a different notion with respect to the traditional hash functions, MD5, SHA-1, and Whirlpool. The notion of block cipher based hash function is abandoned. According to the flexibility of attack, it shows how this hash function is no longer vulnerable to the known collision attacks. Finally, the author proves that the TWOBLOCK output bit value problem is NP-hard.