Accept unbounded size input
+Map to a bounded output
+Be fast to compute
+Be computable strictly one-way
(difficult to find a pre-image for a hash)
Resist pre-image attacks
(attacker controls one input)
Second pre-image resistance: Given an input and output
(resisting second pre-image attacks).
Resist collisions
(attacker controls both inputs)
Bitcoin PoW is a partial pre-image attack.
+Prefix/suffix pre-image attack resistance reduces opportunity for UI attacks for address spoofing.
+Prefix collision resistance important to rationalize costs for some cryptographic data structures.
+