The theory of hash functions encompasses most of traditional complexity theory, and complexity theory related to cryptographic constructs, as well as coding theory and statistics.
From a theoretical point of view, collision resistant hash functions are one-way functions, and the former is not known to be based on the latter. Further, one-way functions are more or less ruled out to be based just on the NP \= BPP conjecture.
Nevertheless, collision resistant hash functions have recently been constructed based on stronger assumptions (i.e. stronger variations of standard hardness assumptions like factoring, and shortest vector problem -- the former not NP-hard, and the latter NP-hard). The jury is still out on whether this means that the designed hash functions are secure, or the stronger assumptions are too strong to be true.
It is often observed that the real primitive required for most practical applications is not a collision resistant hash function, but a target collision resistant hash function (also known as second preimage reistant hash function, or in more theoretical terms a universal one-way hash function). It is well known how to build such a function based on one-way functions; but then again it is unlikely that one-way functions can be based on NP \= BPP. Hence we rely on standard hardness assumptions like the RSA function being hard, or the discrete log being hard.
In light of this, it is not remiss to design practical collision resistant hash functions which are based on their own practical and heurisitic assumptions. Most hash functions which are actually used are developed using such heuristics -- it is an evolutionary process -- as new attacks are discovered, the designs are advanced to counter the additional attacks.
Needless to say, the field of hash function design and its theoretical underpinnings should whet anyone's intellect.