In cryptography, N-hash is a cryptographic hash function based on the FEAL round function, and is now considered insecure. It was proposed in 1990 in an article by Miyaguchi, Ohta, and Iwata; weaknesses were published the following year.
Design
N-hash follows an early block cipher–based approach to cryptographic hash function design, in which the compression function is constructed from a cipher-like round function rather than from a dedicated hash-specific primitive. Such designs were common in the late 1980s and early 1990s, prior to the widespread adoption of purpose-built hash functions. The chaining mechanism of N-hash combines the output of the round function with both the current message block and the previous hash state. This structure was later studied in the context of generic block cipher–based hash constructions and their resistance to known cryptanalytic techniques.
Cryptanalysis
The cryptanalysis of N-hash highlighted the risks of directly reusing block cipher components in hash function design without sufficient security margins. Attacks on N-hash demonstrated that structural properties exploitable in encryption algorithms could also undermine collision resistance when applied in a hashing context. As a result of these findings, N-hash was never adopted in practical cryptographic applications. It is cited primarily in academic literature as an early example that influenced later research into secure hash function construction and the separation of design principles for encryption and hashing.