Computing and Informatics

The security of iterated hash functions relies on the properties of underlying compression functions. We study highly efficient compression functions based on block ciphers. We propose a model for high-rate compression functions, and give an upper bound for the rate of any collision resistant compression function in our model. In addition, we show that natural generalizations of constructions by Preneel, Govaerts, and Vandewalle to the case of rate-2 compression functions are not collision resistant.