efficient collision resistant hashing from worst case
play

Efficient Collision-Resistant Hashing from Worst-Case Assumptions on - PowerPoint PPT Presentation

May 29, 2023 •268 likes •897 views

Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices Chris Peikert 1 Alon Rosen 2 1 MIT CSAIL 2 Harvard DEAS Theory of Cryptography Conference 5 March 2006 Chris Peikert, Alon Rosen (MIT, Harvard) Efficient

  1. Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices Chris Peikert 1 Alon Rosen 2 1 MIT CSAIL 2 Harvard DEAS Theory of Cryptography Conference 5 March 2006 Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 1 / 12

  2. One-Wayness vs. Collision-Resistance One-Way Function (family): → x ′ ∈ f − 1 hard a , y = f a ( x ) − a ( y ) ✔ Sufficient for some crypto PRG comm . . . sig ZK Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  3. One-Wayness vs. Collision-Resistance One-Way Function (family): → x ′ ∈ f − 1 hard a , y = f a ( x ) − a ( y ) ✔ Sufficient for some crypto ✗ But applications use OWFs inefficiently . . . This is inherent (black-box)! [GeTr, GGK, HoKa] PRG comm . . . sig owf ZK Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  4. One-Wayness vs. Collision-Resistance One-Way Function (family): → x ′ ∈ f − 1 hard a , y = f a ( x ) − a ( y ) ✔ Sufficient for some crypto ✗ But applications use OWFs inefficiently . . . This is inherent (black-box)! [GeTr, GGK, HoKa] PRG comm . . . owf sig owf ZK Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  5. One-Wayness vs. Collision-Resistance One-Way Function (family): → x ′ ∈ f − 1 hard a , y = f a ( x ) − a ( y ) ✔ Sufficient for some crypto ✗ But applications use OWFs inefficiently . . . This is inherent (black-box)! [GeTr, GGK, HoKa] PRG comm . . . owf sig owf owf ZK Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  6. One-Wayness vs. Collision-Resistance One-Way Function (family): → x ′ ∈ f − 1 hard a , y = f a ( x ) − a ( y ) ✔ Sufficient for some crypto ✗ But applications use OWFs inefficiently . . . This is inherent (black-box)! [GeTr, GGK, HoKa] PRG comm . . . owf owf sig owf owf ZK Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  7. One-Wayness vs. Collision-Resistance One-Way Function (family): → x ′ ∈ f − 1 hard a , y = f a ( x ) − a ( y ) ✔ Sufficient for some crypto ✗ But applications use OWFs inefficiently . . . This is inherent (black-box)! [GeTr, GGK, HoKa] PRG comm . . . owf owf sig owf owf owf ZK Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  8. One-Wayness vs. Collision-Resistance One-Way Function (family): → x ′ ∈ f − 1 hard a , y = f a ( x ) − a ( y ) ✔ Sufficient for some crypto ✗ But applications use OWFs inefficiently . . . This is inherent (black-box)! [GeTr, GGK, HoKa] PRG comm . . . owf owf owf sig owf owf owf ZK Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  9. One-Wayness vs. Collision-Resistance One-Way Function (family): → x ′ ∈ f − 1 hard a , y = f a ( x ) − a ( y ) ✔ Sufficient for some crypto ✗ But applications use OWFs inefficiently . . . This is inherent (black-box)! [GeTr, GGK, HoKa] PRG comm . . . owf owf owf sig owf owf owf owf ZK Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  10. One-Wayness vs. Collision-Resistance One-Way Function (family): → x ′ ∈ f − 1 hard a , y = f a ( x ) − a ( y ) ✔ Sufficient for some crypto ✗ But applications use OWFs inefficiently . . . This is inherent (black-box)! [GeTr, GGK, HoKa] ✗ Can’t realize some notions at all! (black-box) PRG comm . . . owf owf owf sig owf owf owf owf ZK Ind Sets owf owf Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  11. One-Wayness vs. Collision-Resistance Collision-Resistant Hash (family): → x , x ′ : f a ( x ) = f a ( x ′ ) hard − a ✔ Can construct more applications PRG comm . . . sig ZK Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  12. One-Wayness vs. Collision-Resistance Collision-Resistant Hash (family): → x , x ′ : f a ( x ) = f a ( x ′ ) hard − a ✔ Can construct more applications ✔ Applications use hashing efficiently! PRG comm . . . sig collision resist hash ZK coll resist hash Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  13. One-Wayness vs. Collision-Resistance Collision-Resistant Hash (family): → x , x ′ : f a ( x ) = f a ( x ′ ) hard − a ✔ Can construct more applications ✔ Applications use hashing efficiently! ?? BUT: is the hash itself efficient? PRG comm . . . sig collision resist hash ZK coll resist hash Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  14. One-Wayness vs. Collision-Resistance Collision-Resistant Hash (family): → x , x ′ : f a ( x ) = f a ( x ′ ) hard − a ✔ Can construct more applications ✔ Applications use hashing efficiently! ?? BUT: is the hash itself efficient? ☞ MD5, SHA-1 highlight need for sound & efficient hashes PRG comm . . . sig collision resist hash ZK coll resist hash Ind Sets Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 2 / 12

  15. Our Contributions Hash Function ✔ Very efficient: evaluate with just a few FFTs ✔ Collision-resistant: worst-case assumption on cyclic lattices ✔ Tighter & simpler security reduction than related works Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 3 / 12

  16. Our Contributions Hash Function ✔ Very efficient: evaluate with just a few FFTs ✔ Collision-resistant: worst-case assumption on cyclic lattices ✔ Tighter & simpler security reduction than related works Understanding ✔ New algebraic interpretation of cyclic lattices ✔ New and tight connections among problems on cyclic lattices Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 3 / 12

  17. Our Contributions Hash Function ✔ Very efficient: evaluate with just a few FFTs ✔ Collision-resistant: worst-case assumption on cyclic lattices ✔ Tighter & simpler security reduction than related works Understanding ✔ New algebraic interpretation of cyclic lattices ✔ New and tight connections among problems on cyclic lattices Our function is a certain kind of knapsack. . . ☞ Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 3 / 12

  18. Generalized Knapsack Function [Mic02] Let R be a ring with + and × , and let S ⊆ R . For: • A = ( a 1 , . . . , a m ) ∈ R m — m “weights”: key • X = ( x 1 , . . . , x m ) ∈ S m — m “coeffs”: input m � f A ( X ) = a i × x i i = 1 Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 4 / 12

  19. Generalized Knapsack Function [Mic02] Let R be a ring with + and × , and let S ⊆ R . For: • A = ( a 1 , . . . , a m ) ∈ R m — m “weights”: key • X = ( x 1 , . . . , x m ) ∈ S m — m “coeffs”: input m � f A ( X ) = a i × x i i = 1 Efficiency determined by m (“width”); runtime of × , + . ☞ Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 4 / 12

  20. Generalized Knapsack Function [Mic02] Let R be a ring with + and × , and let S ⊆ R . For: • A = ( a 1 , . . . , a m ) ∈ R m — m “weights”: key • X = ( x 1 , . . . , x m ) ∈ S m — m “coeffs”: input m � f A ( X ) = a i × x i i = 1 Efficiency determined by m (“width”); runtime of × , + . ☞ Lineage of Cryptographic Knapsacks Knapsack Function Security Notion Efficient? [Ajt96, GGH97] collision-resistant ✗ [Mic02] one-way ✔ Today collision-resistant ✔✔ Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 4 / 12

  21. Micciancio’s Function • R = ( Z n p , + , ⊗ ) , where ⊗ is cyclic convolution:     · · · a 0 a n − 1 a 1 x 0     | | · · ·  a 1 a 0 a 2   x 1   ⊗  =      · a x . . . .   ...  . . .   .  . . . .    | | a n − 1 a n − 2 · · · a 0 x n − 1 Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 5 / 12

  22. Micciancio’s Function • R = ( Z n p , + , ⊗ ) , where ⊗ is cyclic convolution:     · · · a 0 a n − 1 a 1 x 0     | | · · ·  a 1 a 0 a 2   x 1   ⊗  =      · a x . . . .   ...  . . .   .  . . . .    | | a n − 1 a n − 2 · · · a 0 x n − 1 • S = { x ∈ R : � x � ∞ is small } . (Note: | S | is exponential in n .) Chris Peikert, Alon Rosen (MIT, Harvard) Efficient Collision-Resistant Hashing TCC 2006 5 / 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Collision Resistant Hashing for Paranoids: Dealing with Multiple Collisions Eylon Yogev Weizmann

Collision Resistant Hashing for Paranoids: Dealing with Multiple Collisions Eylon Yogev Weizmann

Collision Resistant Hashing for Paranoids: Dealing with Multiple Collisions Eylon Yogev Weizmann Institute of Science & Moni Naor Ilan Komargodski Eurocrypt 2018, Tel Aviv Ask less of a hash function and it is less likely to disappoint!

422 views • 24 slides
Collision Resistant Usage of SHA-1 via Message Pre-processing Michael Szydlo RSA Security

Collision Resistant Usage of SHA-1 via Message Pre-processing Michael Szydlo RSA Security

Collision Resistant Usage of SHA-1 via Message Pre-processing Michael Szydlo RSA Security Yiqun Lisa Yin Independent Consultant Recent Advances in Hash Collision Attacks Efficient collisions found for MD4, MD5 Improved techniques

442 views • 28 slides
Collision Resistant Usage of SHA-1 via Message Pre-processing Michael Szydlo RSA Security

Collision Resistant Usage of SHA-1 via Message Pre-processing Michael Szydlo RSA Security

Collision Resistant Usage of SHA-1 via Message Pre-processing Michael Szydlo RSA Security Yiqun Lisa Yin Independent Consultant Recent Advances in Hash Collision Attacks Efficient collisions found for MD4, MD5 Improved techniques

800 views • 10 slides
10. Repetition Binary Search Trees and Disadvantages of hashing: linear access time in worst case.

10. Repetition Binary Search Trees and Disadvantages of hashing: linear access time in worst case.

Dictionary implementation Hashing: implementation of dictionaries with expected very fast access times. 10. Repetition Binary Search Trees and Disadvantages of hashing: linear access time in worst case. Some Heaps operations not supported at

173 views • 16 slides
Space Efficient Hash Tables with Worst Case Constant Access Time Dimitris Fotakis and Peter

Space Efficient Hash Tables with Worst Case Constant Access Time Dimitris Fotakis and Peter

Fotakis/Pagh/Sanders/Spirakis: d -ary Cuckoo Hashing 1 INFORMATIK Space Efficient Hash Tables with Worst Case Constant Access Time Dimitris Fotakis and Peter Sanders (MPII) Rasmus Pagh (IT U. Copenhagen) Paul

153 views • 12 slides
Union-Find [10] In the last class Hashing Collision Handling for Hashing Closed

Union-Find [10] In the last class Hashing Collision Handling for Hashing Closed

Algorithm : Design & Analysis Union-Find [10] In the last class Hashing Collision Handling for Hashing Closed Address Hashing Open Address Hashing Hash Functions Array Doubling and Amortized Analysis Union-Find

618 views • 33 slides
14. Hashing Gloal: Efficient management of a table of all n ETH-students of Possible Requirement:

14. Hashing Gloal: Efficient management of a table of all n ETH-students of Possible Requirement:

Motivating Example 14. Hashing Gloal: Efficient management of a table of all n ETH-students of Possible Requirement: fast access (insertion, removal, find) of a Hash Tables, Pre-Hashing, Hashing, Resolving Collisions using dataset by name

158 views • 15 slides
Worst-case-efficient dynamic arrays in practice Jyrki Katajainen Department of Computer Science

Worst-case-efficient dynamic arrays in practice Jyrki Katajainen Department of Computer Science

4 April, 2016 ARCO Meeting, Odense Last revision: 17 October, 2018 Worst-case-efficient dynamic arrays in practice Jyrki Katajainen Department of Computer Science University of Copenhagen paper code goto my research information system at

335 views • 21 slides
Jubilee lecture, October 2004/January 2005 Title: Anatomy of a worst-case efficient priority

Jubilee lecture, October 2004/January 2005 Title: Anatomy of a worst-case efficient priority

Jubilee lecture, October 2004/January 2005 Title: Anatomy of a worst-case efficient priority queue Speaker: Jyrki Katajainen Co-workers: Amr Elmasry and Claus Jensen These slides are available at http://www.cphstl.dk/ . Performance

297 views • 28 slides
Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing

Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing

Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing Modes Xiaoyang Dong and Xiaoyun Wang Shandong University, Tsinghua University FSE 2017 Tokyo, Japan Outline 2 Secret-key and Open-key Models u

526 views • 24 slides
Comparison of Efficiency Binary Binomial Procedure (worst- (worst- (amortized) case) case)

Comparison of Efficiency Binary Binomial Procedure (worst- (worst- (amortized) case) case)

Comparison of Efficiency Binary Binomial Procedure (worst- (worst- (amortized) case) case) Make - Heap (1) (1) (1) (lg n ) O (lg n ) (1) Insert (1) O (lg n ) (1) Minimum Extract - Min (lg n ) (lg n ) O (lg n ) ( n

376 views • 16 slides
Overview Intro to Hashing Intro to Hashing Hashing with Chaining Whats hashing?

Overview Intro to Hashing Intro to Hashing Hashing with Chaining Whats hashing?

Overview Intro to Hashing Intro to Hashing Hashing with Chaining Whats hashing? Distribute key/value pairs across bins with a hash function , Hashing Performance Hashing (Application of Probability) which maps elements from

497 views • 3 slides
Hash Tables Outline Definition Hash functions Open hashing Closed hashing

Hash Tables Outline Definition Hash functions Open hashing Closed hashing

Hash Tables Outline Definition Hash functions Open hashing Closed hashing collision resolution techniques Efficiency EECS 268 Programming II 1 Overview Implementation style for the Table ADT that is good in a wide

237 views • 20 slides
Lattices: From Worst-Case, to Average-Case, to Cryptography Chris Peikert Georgia Institute of

Lattices: From Worst-Case, to Average-Case, to Cryptography Chris Peikert Georgia Institute of

Lattices: From Worst-Case, to Average-Case, to Cryptography Chris Peikert Georgia Institute of Technology Public Key Cryptography and the Geometry of Numbers 6 May 2010 1 / 16 Talk Agenda 1 Smoothing and discrete Gaussians 2 From worst-case

1.43k views • 74 slides
Lattices that Admit Logarithmic Worst-Case to Average-Case Connection Factors Chris Peikert 1

Lattices that Admit Logarithmic Worst-Case to Average-Case Connection Factors Chris Peikert 1

Lattices that Admit Logarithmic Worst-Case to Average-Case Connection Factors Chris Peikert 1 Alon Rosen 2 1 SRI International 2 Harvard SEAS IDC Herzliya STOC 2007 1 / 15 Worst-case versus average-case complexity Lattices are an

851 views • 58 slides
PSCC: Parallel Self-Collision Culling with Spatial Hashing on GPUs

PSCC: Parallel Self-Collision Culling with Spatial Hashing on GPUs

PSCC: Parallel Self-Collision Culling with Spatial Hashing on GPUs https://min-tang.github.io/home/PSCC/ Min Tang 1,2 , Zhongyuan Liu 1 , Ruofeng Tong 1 , Dinesh Manocha 1,3 1 Zhejiang University 2 Alibaba-Zhejiang University Joint Institute of

898 views • 40 slides
Abstraction 1/ 45 Abstraction the interactions of difgerent components can be simplifjed by

Abstraction 1/ 45 Abstraction the interactions of difgerent components can be simplifjed by

Abstraction 1/ 45 Abstraction the interactions of difgerent components can be simplifjed by hiding the details of each components implementation from the rest of the system. protecting it with an interface . system is invariant to changes

691 views • 47 slides
Analyzing a Factorial ANOVA: Non-significant interaction Rick Balkin, Ph.D., LPC-S, NCC

Analyzing a Factorial ANOVA: Non-significant interaction Rick Balkin, Ph.D., LPC-S, NCC

Analyzing a Factorial ANOVA: Non-significant interaction Rick Balkin, Ph.D., LPC-S, NCC Department of Counseling Texas A&M University-Commerce Rick_balkin@tamu-commerce.edu Balkin, R. S. (2008) 1 Analyzing a Factorial ANOVA:

447 views • 11 slides
Generic functional programming Basic idea: define generic functions by induction on the

Generic functional programming Basic idea: define generic functions by induction on the

A Hitchhikers Guide to the Universes (Universes for Generic Programs and Proofs) Marcin Benke Peter Dybjer Patrik Jansson Chalmers Technical University Main goals: extend generic programming to functional languages with dependent types

250 views • 10 slides
Overview and Update LAUSDs Work to Date on Educator Effectiveness 3 1 Teachers and leaders

Overview and Update LAUSDs Work to Date on Educator Effectiveness 3 1 Teachers and leaders

THE SCHOOL I MPROVEMENT GRANT AND EDUCATOR EFFECTI VENESS An overview session for teachers and leaders at SI G schools. March 2011 1 Agenda I. Overview and Update LAUSDs Work to Date on Educator Effectiveness II. Facilitated

339 views • 10 slides
MARS: Monetized Ad-Hoc Routing Systems Bernardo David, Rafael Dowsley, Mario Larangeira Agenda

MARS: Monetized Ad-Hoc Routing Systems Bernardo David, Rafael Dowsley, Mario Larangeira Agenda

MARS: Monetized Ad-Hoc Routing Systems Bernardo David, Rafael Dowsley, Mario Larangeira Agenda Introduction Our Contributions Related Works Building Blocks MARS Protocol Future Works Destination Introduction Mobile

537 views • 16 slides
DYNALLOY : AN EXTENSION OF ALLOY FOR WRITING AND ANALYZING BEHAVIOURAL MODELS Germn Regis |

DYNALLOY : AN EXTENSION OF ALLOY FOR WRITING AND ANALYZING BEHAVIOURAL MODELS Germn Regis |

DYNALLOY : AN EXTENSION OF ALLOY FOR WRITING AND ANALYZING BEHAVIOURAL MODELS Germn Regis | Csar Cornejo | Simn Gutirrez Brida | Mariano Politano | Fernando Raverta | Pablo Ponzio | Nazareno Aguirre | Juan Pablo Galeotti | Marcelo Frias

450 views • 23 slides
N-way conformation Danil Sokolov, Victor Khomenko, Alex Yakovlev Newcastle University, UK

N-way conformation Danil Sokolov, Victor Khomenko, Alex Yakovlev Newcastle University, UK

N-way conformation Danil Sokolov, Victor Khomenko, Alex Yakovlev Newcastle University, UK Conformation The circuit modules never break their environment by producing unexpected outputs If at some state a module produces an output event x+ ,

121 views • 11 slides
Di Discovering Graph Patterns for Fact ct Check cking in Knowledge Graphs Peng Lin Qi Song

Di Discovering Graph Patterns for Fact ct Check cking in Knowledge Graphs Peng Lin Qi Song

Di Discovering Graph Patterns for Fact ct Check cking in Knowledge Graphs Peng Lin Qi Song Jialiang Shen Yinghui Wu Washington State University Beijing University of Washington State University Posts and

362 views • 21 slides

More recommend