Scope and Objectives

“content”: “

Cryptographic hash functions are essential building blocks in modern information security, underpinning digital signatures, message authentication codes, and data integrity checks. ISO/IEC 10118-1:2018 (adopted as CAN/CSA-ISO/IEC 10118-1-18) establishes the general framework and requirements for designing and evaluating such hash functions. This article provides a technical overview of the standard, its scope, key technical requirements, practical implementation considerations, and compliance guidance.

Scope and Objectives

ISO/IEC 10118-1:2018 is the first part of the ISO/IEC 10118 series on Information technology — Security techniques — Hash-functions. It defines the fundamental concepts, terminology, and security requirements applicable to all subsequent parts (e.g., Part 2 dedicated hash-functions, Part 3 for DSA-based hash functions, Part 4 for dedicated hash-functions with short output length, etc.). The standard applies to any entity implementing or verifying hash functions in security products, cryptographic protocols, or data integrity mechanisms.

The primary goal is to provide a coherent set of definitions and security properties—such as preimage resistance, second-preimage resistance, and collision resistance—and to specify the general model that any compliant hash function must follow. The standard does not specify particular hash algorithms (these are covered in subsequent parts) but rather establishes the criteria that algorithms must meet to be considered secure.

Tip: ISO/IEC 10118-1 serves as a foundation for understanding and comparing different hash function designs. Engineers should read this part before diving into algorithmic specifications in Parts 2, 3, or 4.

Technical Requirements

ISO/IEC 10118-1 imposes several high-level security and operational requirements on hash functions. These include:

Security Properties

Preimage Resistance (One-wayness): Given a hash value h, it must be computationally infeasible to find any input x such that H(x) = h.
Second-preimage Resistance (Weak Collision Resistance): Given an input x and its hash H(x), it must be infeasible to find another input x’ ≠ x with H(x’) = H(x).
Collision Resistance (Strong Collision Resistance): It must be infeasible to find any two distinct inputs x and x’ that produce the same hash output.

Classification of Hash Functions

The standard categorizes hash functions into three broad families. The following table summarizes their characteristics and examples referenced in the ISO/IEC 10118 series:

Family	Description	Examples (from ISO/IEC 10118 Parts)
Dedicated Hash-Functions	Algorithms designed specifically for hashing, often using iterative (Merkle–Damgård) or sponge constructions.	RIPEMD-160 (ISO/IEC 10118-3), SHA-256
Hash-Functions Based on Block Ciphers	Construct hash functions from symmetric block ciphers (e.g., AES) using modes like Matyas–Meyer–Oseas or Davies–Meyer.	Whirlpool (ISO/IEC 10118-3)
Custom Hash-Functions	Algorithms with specialized designs not falling into the above categories (e.g., using modular arithmetic).	MD2 (historic), SHA-1 (retired)

Operational Requirements

Variable Input Length: The hash function must accept any input length (up to a specified maximum).
Fixed Output Length: The output length must be fixed and specified for the algorithm.
Efficiency: The algorithm should be computationally efficient to compute for any given input.
Determinism: The same input must always produce the same hash output.

Caution: Even if a hash function meets all requirements in ISO/IEC 10118-1, it may still become weak over time due to cryptanalytic advances. Periodic reassessment of the chosen algorithm is essential.

Implementation Highlights

When implementing a hash function compliant with ISO/IEC 10118-1, developers should pay attention to the following aspects:

Padding: The standard specifies that the input message must be padded to a multiple of the block size. The padding rules (e.g., append a ‘1’ bit followed by ‘0’ bits and a length block) are detailed in the relevant part for each algorithm.
Initialization Vector (IV) and Constants: Every dedicated hash function uses a predefined IV and often round constants. These must be implemented exactly as specified to ensure interoperability.
Security Margin: For new designs, the standard recommends a conservative security margin against known attacks (e.g., resistance to differential cryptanalysis).
Side-Channel Resistance: Although not explicitly required by ISO/IEC 10118-1, implementations should avoid timing or power analysis side channels when integrated into security products.

Best Practice: Use well-reviewed, high-level cryptographic libraries that already implement ISO/IEC 10118-compliant algorithms (e.g., OpenSSL, Bouncy Castle). Avoid rolling your own hash function implementation unless you have deep expertise in cryptanalysis and side-channel mitigation.

Compliance Notes

Organizations seeking conformance to ISO/IEC 10118-1:2018 should consider the following points:

Algorithm Selection: Choose a hash function from the subsequent parts of the series (e.g., ISO/IEC 10118-2, 3, or 4) that meets the required security level for the intended application.
Documentation: All security properties, output length, and usage constraints must be clearly documented in the product’s security policy.
Testing: Conformance testing should include verification of the three security properties (preimage, second-preimage, collision resistance) through known test vectors provided in the standard.
Updates and Revisions: The standard was last reviewed and confirmed in 2022. Users should track any amendments or corrigenda that may affect compliance.

Important: Compliance with ISO/IEC 10118-1 alone does not guarantee overall system security. It must be integrated with appropriate key management, protocol design, and other cryptographic primitives as part of a complete security architecture.

Frequently Asked Questions

Q: Is ISO/IEC 10118-1:2018 equivalent to the US standard FIPS 180-4 (Secure Hash Standard)?
A: No, they are separate standards. ISO/IEC 10118-1 provides a general framework and can be used with multiple hash algorithm families (including some from FIPS 180-4, like SHA-256). FIPS 180-4 specifies only the SHA family. However, both share common security requirements.

Q: Does ISO/IEC 10118-1 require a specific hash length?
A: No, the standard does not mandate a particular output length. It only requires that the output length be fixed and specified. The choice of length depends on the required security level (e.g., 160, 256, 512 bits). Longer outputs generally provide higher collision resistance.

Q: Can a custom hash function be claimed as “ISO/IEC 10118-1 compliant”?
A: Only if it fully conforms to the definitions, security requirements, and model described in Part 1, and optionally references a specific algorithm from Parts 2-4. Simply claiming compliance without meeting all criteria can be misleading. Third-party evaluation is recommended.

Q: How often is the standard updated?
A: ISO/IEC 10118-1 is periodically reviewed and revised. The 2018 edition replaced the 2016 edition. Users should monitor ISO or national standards bodies (like CSA) for the latest version. The next review may incorporate newer cryptographic requirements, such as resistance to quantum computer attacks in future editions.

By understanding the general framework laid out in ISO/IEC 10118-1:2018, engineers and security practitioners can make informed decisions about selecting, implementing, and auditing cryptographic hash functions. For detailed algorithm specifications and test vectors, refer to the complementary parts of the ISO/IEC 10118 series.

”

📥 Standard Documents Download

🔒

Please wait 10 seconds, the download links will appear after the ad loads

Scope and Objectives

Technical Requirements

Security Properties

Classification of Hash Functions

Operational Requirements

Implementation Highlights

Compliance Notes

Frequently Asked Questions

📥 Standard Documents Download

Leave a ReplyCancel Reply

Trending now