This may seem like basic crypto knowledge, but why do hash functions like SHA-2 and Whirlpool have round constants that are absorbed into their respective states?
I can understand that in a cipher you need some way to incorporate a variable secret key, but there are no such user keys for hash functions. All the round constants start off from fixed (and publicly known) values. I thought that substitution and permutation operations were sufficient for encryption. So, why XOR in round constants?
There are attacks on both blockciphers and hash functions that can exploit symmetry in the round functions. For example, completely identical round functions can permit Slide Attacks on Hash Functions, and rotational symmetries of the round function can permit rotational cryptanalysis. The round constant addition or 'iota' step of the Keccak Hash Function is designed to break up the self-similarity symmetry of the round function. Similar tweaks to the 'key schedule' (i.e. round) constant of Threefish/Skein were intended to break up rotational symmetries (see section 9.5.2 of the latest specification for details).
The up shot is that too much symmetry can be very dangerous, even for hash functions, and opens the door to attacks. Round constants are an easy and cheap way to close that door.
