The universality of iterated hashing over variable-length strings

Iterated hash functions process strings recursively, one character at a time. At each iteration, they compute a new hash value from the preceding hash value and the next character. We prove that iterated hashing can be pairwise independent, but never 3-wise independent. We show that it can be almost universal over strings much longer than the number of hash values; we bound the maximal string length given the collision probability.

💡 Research Summary

The paper investigates the theoretical limits and practical capabilities of iterated hash functions applied to variable‑length strings. An iterated hash processes a string one character at a time: starting from an initial state h₀, a fixed transition function f combines the current state with the next character to produce a new state hᵢ = f(hᵢ₋₁, cᵢ). The final hash value is hₙ after the last character. This model captures classic polynomial hashing, CRCs, and many cryptographic constructions.

The first major contribution is a constructive proof that iterated hashing can achieve pairwise independence. By choosing f as an invertible linear transformation over a finite field and selecting the initial state uniformly at random, the authors show that for any two distinct strings x and y the joint distribution of (H(x), H(y)) is uniform over the m² possible pairs, where m is the size of the hash range. Formally, Pr