Here, ⊕ is the bitwise exclusive-or. All these mappings can easily be computed (assuming that this is the case for ck), but they are difficult to invert if we have a good encryption function. More robust statements are usually not available. On the one hand, this is because such statements about the security of encryption functions are not known; however on the other hand, it is also important how ⊕ and ck behave relative to each other. If, for example, ck(x) = x ⊕ k, then all of the above compression functions are easy to invert.
Merkle–Damgård construction
We now assume that we have a collision resistant compression function g : 
2n →n; for example, ...
Get Discrete Algebraic Methods now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
