Abstract
The paper investigates the influence of cryptographic hash function architecture on their cryptographic strength. The main focus is on a comparative analysis of the classical Merkle–Damgård architecture used in the SHA-2 family and the Sponge architecture implemented in the SHA-3 standard. It is shown how the design features of the Sponge architecture, in particular the division of the internal state into speed (rate) and capacity parts, provide an increased margin of cryptographic strength and ensure low vulnerability to the inherent Merkle–Damgård constructions, including the message extension attack. The possibility of estimating the dispersion index for attributing a hash function to a cryptographic type has been confirmed. At the same time, the question remains about the unambiguity of the correspondence between theoretical statistical indicators of the quality of hash functions. The only known indicator of the quality of hash functions is based on the variance indicator and unambiguously shows only whether a particular hash function belongs to cryptographic or non-cryptographic. At the same time, it has been confirmed that the χ² test, as a “bias detector” can prove that the hash function is hack-resistant with high probability. But the question remains about the unambiguity of the correspondence between theoretical statistical indicators of the hash functions quality.Received 2026-03-19Accepted 2026-04-13