I have found in a Wireless Sensor Networks security paper, operations where cryptographic hash functions are elevated to the power of 2 and to the power of 3 (i.e. $h^2(x)$ and $h^3(x)$).
This might be a very simple question but I haven't found this notation in other literature. I wonder: does this notation mean that you need to compute the hash twice or thrice (i.e. $h(h(x))$ and $h(h(h(x)))$?
In the paper, $h$ is defined as a collision free one-way hash function.
Yes, these notations always seem to mean that H^n(x) (or $H^n(x)$ in mathematical notation) means that $x$ is the first input, and that the next outputs are a hash of the previous output:
H^0(x) = x // just defined as x below
H^1(x) = H(x)
H^2(x) = H(H^1(x)) = H(H(x))
H^3(x) = H(H^2(x)) = ... = H(H(H(x)))
H^4(x) = ............... = H(H(H(H(x))))
...
so another way to define it is $H^n(x)=H(H^{n-1}(x))$ where $H^0(x)=x$. I've used uppercase H as that seems to be more common.
The construct seems to comply with the exponentiation property within abstract algebra as only the less strong power associativity is required for the function composition of the (hash) functions (beware - the answer on the math site requires some mathematical background).
Usually this kind of construction is used for key stretching; a method of calculating a key from a password (or other low entropy secret) that includes a work factor. In other words, both the user and an attacker are required to perform a number of operations, which makes attacking the password harder.
