The third security property we're going to need from hash functions is that they are puzzle friendly.
A hash function H is said to be puzzle friendly if for every possible n-bit output value y, if k is chosen from a distribution with high min-entropy, then it is infeasible to find x such that H (k II x) = y in time significantly less then 2^n.
Intuitively, if someone wants to target the hash function to have some particular output value y, and if part of the input has been chosen in a suitably randomized way, then it's very difficult to find another value that hits exactly that target.
Narayanan, Arvind, et al. (2016). Bitcoin and Cryptocurrency Technologies. United States: Princeton Press