efficient collision resistant hashing from worst case
play

Efficient Collision-Resistant Hashing from Worst-Case Assumptions on - PowerPoint PPT Presentation

May 29, 2023 •268 likes •897 views

Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices Chris Peikert 1 Alon Rosen 2 1 MIT CSAIL 2 Harvard DEAS Theory of Cryptography Conference 5 March 2006 Chris Peikert, Alon Rosen (MIT, Harvard) Efficient

  1. Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices Chris Peikert 1 Alon Rosen 2 1 MIT CSAIL 2 Harvard DEAS Theory of Cryptography Conference 5 March 2006 Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 1 / 12

  2. One-Wayness vs. Collision-Resistance One-Way Function (family): → x ′ ∈ f − 1 hard a , y = f a ( x ) − a ( y ) ✔ Sufficient for some crypto PRG comm . . . sig ZK Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  3. One-Wayness vs. Collision-Resistance One-Way Function (family): → x ′ ∈ f − 1 hard a , y = f a ( x ) − a ( y ) ✔ Sufficient for some crypto ✗ But applications use OWFs inefficiently . . . This is inherent (black-box)! [GeTr, GGK, HoKa] PRG comm . . . sig owf ZK Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  4. One-Wayness vs. Collision-Resistance One-Way Function (family): → x ′ ∈ f − 1 hard a , y = f a ( x ) − a ( y ) ✔ Sufficient for some crypto ✗ But applications use OWFs inefficiently . . . This is inherent (black-box)! [GeTr, GGK, HoKa] PRG comm . . . owf sig owf ZK Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  5. One-Wayness vs. Collision-Resistance One-Way Function (family): → x ′ ∈ f − 1 hard a , y = f a ( x ) − a ( y ) ✔ Sufficient for some crypto ✗ But applications use OWFs inefficiently . . . This is inherent (black-box)! [GeTr, GGK, HoKa] PRG comm . . . owf sig owf owf ZK Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  6. One-Wayness vs. Collision-Resistance One-Way Function (family): → x ′ ∈ f − 1 hard a , y = f a ( x ) − a ( y ) ✔ Sufficient for some crypto ✗ But applications use OWFs inefficiently . . . This is inherent (black-box)! [GeTr, GGK, HoKa] PRG comm . . . owf owf sig owf owf ZK Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  7. One-Wayness vs. Collision-Resistance One-Way Function (family): → x ′ ∈ f − 1 hard a , y = f a ( x ) − a ( y ) ✔ Sufficient for some crypto ✗ But applications use OWFs inefficiently . . . This is inherent (black-box)! [GeTr, GGK, HoKa] PRG comm . . . owf owf sig owf owf owf ZK Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  8. One-Wayness vs. Collision-Resistance One-Way Function (family): → x ′ ∈ f − 1 hard a , y = f a ( x ) − a ( y ) ✔ Sufficient for some crypto ✗ But applications use OWFs inefficiently . . . This is inherent (black-box)! [GeTr, GGK, HoKa] PRG comm . . . owf owf owf sig owf owf owf ZK Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  9. One-Wayness vs. Collision-Resistance One-Way Function (family): → x ′ ∈ f − 1 hard a , y = f a ( x ) − a ( y ) ✔ Sufficient for some crypto ✗ But applications use OWFs inefficiently . . . This is inherent (black-box)! [GeTr, GGK, HoKa] PRG comm . . . owf owf owf sig owf owf owf owf ZK Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  10. One-Wayness vs. Collision-Resistance One-Way Function (family): → x ′ ∈ f − 1 hard a , y = f a ( x ) − a ( y ) ✔ Sufficient for some crypto ✗ But applications use OWFs inefficiently . . . This is inherent (black-box)! [GeTr, GGK, HoKa] ✗ Can’t realize some notions at all! (black-box) PRG comm . . . owf owf owf sig owf owf owf owf ZK Ind Sets owf owf Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  11. One-Wayness vs. Collision-Resistance Collision-Resistant Hash (family): → x , x ′ : f a ( x ) = f a ( x ′ ) hard − a ✔ Can construct more applications PRG comm . . . sig ZK Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  12. One-Wayness vs. Collision-Resistance Collision-Resistant Hash (family): → x , x ′ : f a ( x ) = f a ( x ′ ) hard − a ✔ Can construct more applications ✔ Applications use hashing efficiently! PRG comm . . . sig collision resist hash ZK coll resist hash Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  13. One-Wayness vs. Collision-Resistance Collision-Resistant Hash (family): → x , x ′ : f a ( x ) = f a ( x ′ ) hard − a ✔ Can construct more applications ✔ Applications use hashing efficiently! ?? BUT: is the hash itself efficient? PRG comm . . . sig collision resist hash ZK coll resist hash Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  14. One-Wayness vs. Collision-Resistance Collision-Resistant Hash (family): → x , x ′ : f a ( x ) = f a ( x ′ ) hard − a ✔ Can construct more applications ✔ Applications use hashing efficiently! ?? BUT: is the hash itself efficient? ☞ MD5, SHA-1 highlight need for sound & efficient hashes PRG comm . . . sig collision resist hash ZK coll resist hash Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  15. Our Contributions Hash Function ✔ Very efficient: evaluate with just a few FFTs ✔ Collision-resistant: worst-case assumption on cyclic lattices ✔ Tighter & simpler security reduction than related works Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 3 / 12

  16. Our Contributions Hash Function ✔ Very efficient: evaluate with just a few FFTs ✔ Collision-resistant: worst-case assumption on cyclic lattices ✔ Tighter & simpler security reduction than related works Understanding ✔ New algebraic interpretation of cyclic lattices ✔ New and tight connections among problems on cyclic lattices Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 3 / 12

  17. Our Contributions Hash Function ✔ Very efficient: evaluate with just a few FFTs ✔ Collision-resistant: worst-case assumption on cyclic lattices ✔ Tighter & simpler security reduction than related works Understanding ✔ New algebraic interpretation of cyclic lattices ✔ New and tight connections among problems on cyclic lattices Our function is a certain kind of knapsack. . . ☞ Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 3 / 12

  18. Generalized Knapsack Function [Mic02] Let R be a ring with + and × , and let S ⊆ R . For: • A = ( a 1 , . . . , a m ) ∈ R m — m “weights”: key • X = ( x 1 , . . . , x m ) ∈ S m — m “coeffs”: input m � f A ( X ) = a i × x i i = 1 Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 4 / 12

  19. Generalized Knapsack Function [Mic02] Let R be a ring with + and × , and let S ⊆ R . For: • A = ( a 1 , . . . , a m ) ∈ R m — m “weights”: key • X = ( x 1 , . . . , x m ) ∈ S m — m “coeffs”: input m � f A ( X ) = a i × x i i = 1 Efficiency determined by m (“width”); runtime of × , + . ☞ Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 4 / 12

  20. Generalized Knapsack Function [Mic02] Let R be a ring with + and × , and let S ⊆ R . For: • A = ( a 1 , . . . , a m ) ∈ R m — m “weights”: key • X = ( x 1 , . . . , x m ) ∈ S m — m “coeffs”: input m � f A ( X ) = a i × x i i = 1 Efficiency determined by m (“width”); runtime of × , + . ☞ Lineage of Cryptographic Knapsacks Knapsack Function Security Notion Efficient? [Ajt96, GGH97] collision-resistant ✗ [Mic02] one-way ✔ Today collision-resistant ✔✔ Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 4 / 12

  21. Micciancio’s Function • R = ( Z n p , + , ⊗ ) , where ⊗ is cyclic convolution:     · · · a 0 a n − 1 a 1 x 0     | | · · ·  a 1 a 0 a 2   x 1   ⊗  =      · a x . . . .   ...  . . .   .  . . . .    | | a n − 1 a n − 2 · · · a 0 x n − 1 Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 5 / 12

  22. Micciancio’s Function • R = ( Z n p , + , ⊗ ) , where ⊗ is cyclic convolution:     · · · a 0 a n − 1 a 1 x 0     | | · · ·  a 1 a 0 a 2   x 1   ⊗  =      · a x . . . .   ...  . . .   .  . . . .    | | a n − 1 a n − 2 · · · a 0 x n − 1 • S = { x ∈ R : � x � ∞ is small } . (Note: | S | is exponential in n .) Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 5 / 12

Recommend

Collision Resistant Hashing for Paranoids: Dealing with Multiple Collisions Eylon Yogev Weizmann

Collision Resistant Hashing for Paranoids: Dealing with Multiple Collisions Eylon Yogev Weizmann

Collision Resistant Hashing for Paranoids: Dealing with Multiple Collisions Eylon Yogev Weizmann Institute of Science & Moni Naor Ilan Komargodski Eurocrypt 2018, Tel Aviv Ask less of a hash function and it is less likely to disappoint!

422 views • 24 slides
Collision Resistant Usage of SHA-1 via Message Pre-processing Michael Szydlo RSA Security

Collision Resistant Usage of SHA-1 via Message Pre-processing Michael Szydlo RSA Security

Collision Resistant Usage of SHA-1 via Message Pre-processing Michael Szydlo RSA Security Yiqun Lisa Yin Independent Consultant Recent Advances in Hash Collision Attacks Efficient collisions found for MD4, MD5 Improved techniques

442 views • 28 slides
Collision Resistant Usage of SHA-1 via Message Pre-processing Michael Szydlo RSA Security

Collision Resistant Usage of SHA-1 via Message Pre-processing Michael Szydlo RSA Security

Collision Resistant Usage of SHA-1 via Message Pre-processing Michael Szydlo RSA Security Yiqun Lisa Yin Independent Consultant Recent Advances in Hash Collision Attacks Efficient collisions found for MD4, MD5 Improved techniques

800 views • 10 slides
10. Repetition Binary Search Trees and Disadvantages of hashing: linear access time in worst case.

10. Repetition Binary Search Trees and Disadvantages of hashing: linear access time in worst case.

Dictionary implementation Hashing: implementation of dictionaries with expected very fast access times. 10. Repetition Binary Search Trees and Disadvantages of hashing: linear access time in worst case. Some Heaps operations not supported at

173 views • 16 slides
Space Efficient Hash Tables with Worst Case Constant Access Time Dimitris Fotakis and Peter

Space Efficient Hash Tables with Worst Case Constant Access Time Dimitris Fotakis and Peter

Fotakis/Pagh/Sanders/Spirakis: d -ary Cuckoo Hashing 1 INFORMATIK Space Efficient Hash Tables with Worst Case Constant Access Time Dimitris Fotakis and Peter Sanders (MPII) Rasmus Pagh (IT U. Copenhagen) Paul

153 views • 12 slides
Union-Find [10] In the last class Hashing Collision Handling for Hashing Closed

Union-Find [10] In the last class Hashing Collision Handling for Hashing Closed

Algorithm : Design & Analysis Union-Find [10] In the last class Hashing Collision Handling for Hashing Closed Address Hashing Open Address Hashing Hash Functions Array Doubling and Amortized Analysis Union-Find

618 views • 33 slides
14. Hashing Gloal: Efficient management of a table of all n ETH-students of Possible Requirement:

14. Hashing Gloal: Efficient management of a table of all n ETH-students of Possible Requirement:

Motivating Example 14. Hashing Gloal: Efficient management of a table of all n ETH-students of Possible Requirement: fast access (insertion, removal, find) of a Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using dataset by name

158 views • 15 slides
Worst-case-efficient dynamic arrays in practice Jyrki Katajainen Department of Computer Science

Worst-case-efficient dynamic arrays in practice Jyrki Katajainen Department of Computer Science

4 April, 2016 ARCO Meeting, Odense Last revision: 17 October, 2018 Worst-case-efficient dynamic arrays in practice Jyrki Katajainen Department of Computer Science University of Copenhagen paper code goto my research information system at

335 views • 21 slides
Jubilee lecture, October 2004/January 2005 Title: Anatomy of a worst-case efficient priority

Jubilee lecture, October 2004/January 2005 Title: Anatomy of a worst-case efficient priority

Jubilee lecture, October 2004/January 2005 Title: Anatomy of a worst-case efficient priority queue Speaker: Jyrki Katajainen Co-workers: Amr Elmasry and Claus Jensen These slides are available at http://www.cphstl.dk/ . Performance

297 views • 28 slides
Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing

Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing

Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing Modes Xiaoyang Dong and Xiaoyun Wang Shandong University, Tsinghua University FSE 2017 Tokyo, Japan Outline 2 Secret-key and Open-key Models u

526 views • 24 slides
Comparison of Efficiency Binary Binomial Procedure (worst- (worst- (amortized) case) case)

Comparison of Efficiency Binary Binomial Procedure (worst- (worst- (amortized) case) case)

Comparison of Efficiency Binary Binomial Procedure (worst- (worst- (amortized) case) case) Make - Heap (1) (1) (1) (lg n ) O (lg n ) (1) Insert (1) O (lg n ) (1) Minimum Extract - Min (lg n ) (lg n ) O (lg n ) ( n

376 views • 16 slides
Overview Intro to Hashing Intro to Hashing Hashing with Chaining Whats hashing?

Overview Intro to Hashing Intro to Hashing Hashing with Chaining Whats hashing?

Overview Intro to Hashing Intro to Hashing Hashing with Chaining Whats hashing? Distribute key/value pairs across bins with a hash function , Hashing Performance Hashing (Application of Probability) which maps elements from

497 views • 3 slides
Hash Tables Outline Definition Hash functions Open hashing Closed hashing

Hash Tables Outline Definition Hash functions Open hashing Closed hashing

Hash Tables Outline Definition Hash functions Open hashing Closed hashing collision resolution techniques Efficiency EECS 268 Programming II 1 Overview Implementation style for the Table ADT that is good in a wide

237 views • 20 slides
Lattices: From Worst-Case, to Average-Case, to Cryptography Chris Peikert Georgia Institute of

Lattices: From Worst-Case, to Average-Case, to Cryptography Chris Peikert Georgia Institute of

Lattices: From Worst-Case, to Average-Case, to Cryptography Chris Peikert Georgia Institute of Technology Public Key Cryptography and the Geometry of Numbers 6 May 2010 1 / 16 Talk Agenda 1 Smoothing and discrete Gaussians 2 From worst-case

1.43k views • 74 slides
Lattices that Admit Logarithmic Worst-Case to Average-Case Connection Factors Chris Peikert 1

Lattices that Admit Logarithmic Worst-Case to Average-Case Connection Factors Chris Peikert 1

Lattices that Admit Logarithmic Worst-Case to Average-Case Connection Factors Chris Peikert 1 Alon Rosen 2 1 SRI International 2 Harvard SEAS IDC Herzliya STOC 2007 1 / 15 Worst-case versus average-case complexity Lattices are an

851 views • 58 slides
PSCC: Parallel Self-Collision Culling with Spatial Hashing on GPUs

PSCC: Parallel Self-Collision Culling with Spatial Hashing on GPUs

PSCC: Parallel Self-Collision Culling with Spatial Hashing on GPUs https://min-tang.github.io/home/PSCC/ Min Tang 1,2 , Zhongyuan Liu 1 , Ruofeng Tong 1 , Dinesh Manocha 1,3 1 Zhejiang University 2 Alibaba-Zhejiang University Joint Institute of

898 views • 40 slides
Worst-case Ethernet Network Latency for Shaped Sources Max Azarov, Standard Microsystems (SMSC)

Worst-case Ethernet Network Latency for Shaped Sources Max Azarov, Standard Microsystems (SMSC)

Worst-case Ethernet Network Latency for Shaped Sources Max Azarov, Standard Microsystems (SMSC) Background Deterministic QoS guarantees dictate a need for an analytical evaluation of QoS parameters: worst-case latency, worst- case

211 views • 6 slides
Typical versus Worst Case Design in Networking Nandita Dukkipati Yashar Ganjali, Rui Zhang-Shen

Typical versus Worst Case Design in Networking Nandita Dukkipati Yashar Ganjali, Rui Zhang-Shen

Typical versus Worst Case Design in Networking Nandita Dukkipati Yashar Ganjali, Rui Zhang-Shen High Performance Networking Group Stanford University HotNets-IV, November 2005 Introduction: Worst-case design Preference for worst-case

1.24k views • 14 slides
An Efficient Quantum Collision Search Algorithm and Implications on Symmetric Cryptography

An Efficient Quantum Collision Search Algorithm and Implications on Symmetric Cryptography

Cryptographic context Quantum collision search: a brief state of the art Our collision algorithm An Efficient Quantum Collision Search Algorithm and Implications on Symmetric Cryptography Andr Chailloux, Mara Naya-Plasencia, Andr

321 views • 28 slides
14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple Uniform Hashing, Popular Hash Functions, Table-Doubling, Open Addressing: Probing, Uniform Hashing, Universal Hashing, Perfect Hashing [Ottman/Widmayer,

1.5k views • 58 slides
14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple

14. Hashing Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using Chaining, Simple Uniform Hashing, Popular Hash Functions, Table-Doubling, Open Addressing: Probing, Uniform Hashing, Universal Hashing, Perfect Hashing [Ottman/Widmayer,

1.25k views • 98 slides
Collision Detection I Motivation F d X S, X Collision Force detection response F d F r

Collision Detection I Motivation F d X S, X Collision Force detection response F d F r

CPSC 599.86 / 601.86 Sonny Chan - University of Calgary Collision Detection I Motivation F d X S, X Collision Force detection response F d F r Control algorithms Haptic rendering Problem Definition We seek efficient algorithms to

822 views • 42 slides
Worst-Case Ef fi cient External-Memory Priority Queues Gerth Stlting Brodal

Worst-Case Ef fi cient External-Memory Priority Queues Gerth Stlting Brodal

Worst-Case Ef fi cient External-Memory Priority Queues Gerth Stlting Brodal MaxPlanckInstitut f ur Informatik Saarbr ucken Germany Jyrki Katajainen Datalogisk Institut Kbenhavns Universitet Denmark July 1998 Worst-Case Ef

161 views • 12 slides
Worst-Case to Average-Case Reduction for SIS Vadim Lyubashevsky INRIA / ENS, Paris

Worst-Case to Average-Case Reduction for SIS Vadim Lyubashevsky INRIA / ENS, Paris

Worst-Case to Average-Case Reduction for SIS Vadim Lyubashevsky INRIA / ENS, Paris Lattice-Based Crypto & Applications 1 Bar-Ilan University Israel 2012 Session Outline Average-Case Problems The Small Integer Solution (SIS)

909 views • 63 slides

More recommend