The right way to understand modern general-purpose cryptographic hash functions (like SHA2) is just to understand block ciphers. A hash function is a block cipher's permutation core, wired to a "compression" function (much simpler than compression as typically understood; somewhat analogous to the chaining CBC does) that feeds blocks through the same permutation continuously, scrambling state as it goes.

Everything gets tweaked differently because you have different constraints and parameters for a hash function than for a block cipher (though: there were SHA3 contestants that used Rijndael/AES for the core permutation, which is attractive because it has broad hardware support), but the core doodads are basically the same.

(And of course, you can run this argument in reverse and derive a cipher from a hash function trivially. That's how Chapoly happened.)

▲

ksenzee 3 hours ago | parent [-]

> just to understand block ciphers

I have a decent intuition for what a hash function does after twenty years of encountering them in the wild. I don't even know what a block cipher is. I understand hash functions less after reading this than I did before. My conclusion is that a hash function is just a block cipher in the category of endofunctors.

▲

tptacek 3 hours ago | parent [-]

You know what they do, right, that's what you mean by having an intuition for them? Do you understand how they work? Why they're designed the way they are? I'm not saying you need to, but that's what the article is about.

▲

ksenzee 44 minutes ago | parent [-]

I read and understood the article, including the math in it, then came here (I know, that’s the wrong order) and read your comment, and promptly decided I knew less than I did before I started. It was very much like learning to use a monad in Haskell without knowing category theory, and then reading an article about them. Just because you understand an article written for the educated general public doesn’t mean you have the vocabulary to understand experts speaking to other experts.

	▲	tptacek 42 minutes ago \| parent [-]
		Yeah, I'm not vouching for the article, just saying my response to it was that the simpler explanation for cryptographic hash functions is that they're a specialized application of a block cipher core. The job of a modern block cipher core is to take a (heavily) iterated function, figure out how to apply a single input key securely to each of those iterated rounds, thoroughly combining the key with the block of data, achieving indistinguishability from random as quickly into the sequence of rounds as possible (in the same kind of simple step process as a Rubik's Cube), while breaking structure (like linearity) that would solve for the key or the data mathematically.