A preimage is the original input value (or set of input values) that produces a given output through a function. If you have a function f and it turns the value “a” into the value “b,” then “a” is the preimage of “b.” It’s a way of working backward from a result to find what created it.
How Preimages Work
Every function takes an input, does something to it, and produces an output. The input lives in a set called the domain, and the output lands in a set called the codomain. When you ask “what is the preimage of this output?” you’re asking which inputs in the domain map to that particular output.
Here’s a concrete example. Take the function f(x) = x², which squares any number you give it. The preimage of 4 under this function is the set {2, −2}, because both 2 and −2 produce 4 when squared. Those are all the inputs that lead to that output. Notice the preimage can contain more than one value. In this case, two different inputs give the same result.
You can also find the preimage of an entire range of outputs. For the same squaring function, the preimage of all numbers between 0 and 4 is all numbers between −2 and 2. Every number in that interval, when squared, lands somewhere between 0 and 4.
The Notation
Preimages are written using the notation f⁻¹(Y), where Y is the output value or set of values you’re working backward from. If f maps set A to set B, and Y is some subset of B, then f⁻¹(Y) = {a ∈ A | f(a) ∈ Y}. In plain terms: it’s the collection of all elements in A whose outputs fall within Y.
This notation can be misleading because it looks identical to the notation for an inverse function. But a preimage and an inverse function are not the same thing.
Preimage vs. Inverse Function
An inverse function only exists when the original function is both one-to-one (every input maps to a unique output) and onto (every possible output is actually hit by some input). Not every function meets those requirements. The squaring function, for instance, doesn’t have a true inverse over all real numbers because two different inputs can produce the same output.
A preimage, on the other hand, is defined for any function, regardless of whether it’s one-to-one or onto. You can always ask “which inputs produce this output?” even if the answer is multiple values, or no values at all. When a function does happen to have an inverse, the preimage and the inverse give you the same answer, which is why they share the same notation. But the preimage concept is broader and doesn’t depend on the function being invertible.
Preimages of Sets
The preimage concept extends naturally from single values to entire subsets of the codomain. Given a function f: A → B and a subset D of B, the preimage of D is the set of all elements in A whose outputs land somewhere in D. A few properties follow from this definition.
- The preimage of the entire codomain is always the entire domain. Every input maps somewhere, so every element in A is included.
- The preimage of a subset can be empty. If no input maps to any element in D, then f⁻¹(D) = ∅. This happens when part of the codomain isn’t “reached” by the function.
- A function is onto if and only if the preimage of every single element in the codomain is nonempty. In other words, every possible output is actually produced by at least one input.
These properties make preimages a useful tool for analyzing whether a function is onto, and for understanding the structure of how a function distributes its inputs across its outputs.
Preimages in Cryptography
Outside of pure mathematics, the preimage concept plays a critical role in computer security. Cryptographic hash functions take data of any size and compress it into a fixed-length string of characters, called a digest. One of the fundamental security requirements for these functions is called preimage resistance: given a hash output, it should be computationally infeasible to find any input that produces it.
In other words, you shouldn’t be able to work backward from the output to discover the original data. The National Institute of Standards and Technology (NIST) defines this as a core property that any secure hash function must have.
There’s also a related concept called second preimage resistance. In a second preimage attack, an adversary starts with a known message and tries to find a different message that produces the same hash output. For an ideal hash function that outputs n bits, the computational effort required to pull this off is on the order of 2ⁿ operations, which for modern hash lengths is astronomically large. These two forms of preimage resistance are what make hash functions trustworthy for things like password storage, digital signatures, and verifying file integrity.
Why the Concept Matters
Preimages give you a way to reason backward through any function, even when no formal inverse exists. In a math course, you’ll encounter them in proofs about whether functions are one-to-one or onto, in set theory when analyzing how functions transform collections of elements, and in abstract algebra where the structure of preimage sets reveals important properties about mappings between groups or rings.
The size of a preimage set tells you something fundamental about how a function behaves. If every output has exactly one preimage, the function is one-to-one (a bijection if it’s also onto), and its preimage structure is perfectly uniform. If some output has a preimage containing every element in the domain, you’re looking at a constant function that sends everything to the same place. Most functions fall somewhere between these extremes, with preimage sets of varying sizes across different outputs.