Merkle Damgard transform

The Merkle Damgard transform is quite simple. Suppose that the compression function takes inputs of length m and produces an output  of a smaller length n. The input to the hash function, which can be of any size, is divided into blocks of length m - n. The construction works as follows: pass each block together with the output of the previous block into the compression function. Notice that input length will then be (m-n) + n = m, which is the input length to the compression function. For the first block, to which there is no previous block output, we instead use and initialization vector (IV). This number is reused for every call to the hash function, and in practice you can just look it up in the standards document. The last block's output is the result that you return.


Narayanan, Arvind, et al. (2017). Bitcoin and Cryptocurrency Technologies. United States: Princeton Press

Leave a Reply

Your email address will not be published. Required fields are marked *