Cryptographic hash function

A cryptographic hash function maps input of any length to a fixed-size digest in a way that is fast to compute and infeasible to reverse. Three properties define it: preimage resistance (a digest cannot be traced back to an input), second preimage resistance (a given input cannot be matched by a second, different input), and collision resistance (no two colliding inputs can be found at all).

Standard functions

The SHA-2 family (FIPS 180-4) and the SHA-3 family (FIPS 202) are the NIST-standardized general-purpose hashes; SHA-256 and SHA-384 dominate deployed protocols.

Quantum impact

Grover's search (Grover's algorithm) gives at most a quadratic speedup, so the theoretical preimage margin of SHA-256 drops from 2^256 to about 2^128 quantum operations. Collision resistance is governed by the classical birthday bound (2^128 for SHA-256), and known quantum collision algorithms need so much memory that they offer little practical advantage. Hash functions with adequate output size are therefore treated as post-quantum safe, which is why Merkle tree constructions and hash-based signatures count among the most conservative post-quantum choices.

Sources

  1. FIPS 180-4, Secure Hash Standard (SHS) (NIST, 2015)
  2. FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions (NIST, 2015)
  3. A fast quantum mechanical algorithm for database search (arXiv, 1996)
Cite this entry
"Cryptographic hash function." postquantum.wiki. Updated July 11, 2026. https://postquantum.wiki/hash-function@misc{pqwiki-hash-function, title = {Cryptographic hash function}, howpublished = {\url{https://postquantum.wiki/hash-function}}, year = {2026}, note = {postquantum.wiki, updated 2026-07-11} }