Journal of Cryptology

, Volume 22, Issue 1, pp 93–113 | Cite as

Cryptographic Hash Functions from Expander Graphs

  • Denis X. Charles
  • Kristin E. Lauter
  • Eyal Z. Goren
Article

Abstract

We propose constructing provable collision resistant hash functions from expander graphs in which finding cycles is hard. As examples, we investigate two specific families of optimal expander graphs for provable collision resistant hash function constructions: the families of Ramanujan graphs constructed by Lubotzky-Phillips-Sarnak and Pizer respectively. When the hash function is constructed from one of Pizer’s Ramanujan graphs, (the set of supersingular elliptic curves over \({\mathbb{F}}_{p^{2}}\) with -isogenies, a prime different from p), then collision resistance follows from hardness of computing isogenies between supersingular elliptic curves. For the LPS graphs, the underlying hard problem is a representation problem in group theory. Constructing our hash functions from optimal expander graphs implies that the outputs closely approximate the uniform distribution. This property is useful for arguing that the output is indistinguishable from random sequences of bits. We estimate the cost per bit to compute these hash functions, and we implement our hash function for several members of the Pizer and LPS graph families and give actual timings.

Keywords

Cryptographic hash functions Expander graphs Elliptic curve cryptography Isogenies Ramanujan graphs Supersingular elliptic curves. 

References

  1. [1]
    K.S. Abdukhalikov, C. Kim, On the security of the hashing scheme based on SL2. In Fast Software Encryption 1998. Lecture Notes Computer Science, vol. 1372 (Springer, Berlin, 1998), pp. 93–102. CrossRefGoogle Scholar
  2. [2]
    N. Alon, Eigenvalues and expanders. Combinatorica 6, 83–98 (1986). MATHCrossRefMathSciNetGoogle Scholar
  3. [3]
    I. Blake, G. Seroussi, N. Smart, Elliptic Curves in Cryptography. Lond. Math. Soc., Lecture Note Series, vol. 265 (Cambridge University Press, Cambridge, 1999). MATHGoogle Scholar
  4. [4]
    A. Bostan, F. Morain, B. Salvy, E. Schost, Fast algorithms for computing isogenies between elliptic curves, http://arxiv.org/abs/cs/0609020.
  5. [5]
    J.M. Cerviño, On the correspondence between supersingular elliptic curves and maximal quaternionic orders, http://arxiv.org/abs/math/0404538.
  6. [6]
    D. Charles, K. Lauter, Computing modular polynomials. Lond. Math. Soc. J. Comput. Math. 8, 195–204 (2005). MATHMathSciNetGoogle Scholar
  7. [7]
    C. Charnes, J. Pieprzyk, Attacking the SL2 hashing scheme. In Advances in Cryptology—ASIACRYPT’94, ed. by J. Pieprzyk, R. Safavi-Naini. Lecture Notes in Computer Science, vol. 917 (Springer, Berlin, 1995), pp. 322–330. Google Scholar
  8. [8]
    S. Contini, A.K. Lenstra, R. Steinfeld, VSH, an efficient and provable collision resistant hash function. In Eurocrypt 2006. Lecture Notes in Computer Science, vol. 4004 (Springer, Berlin, 2006), pp. 165–182. CrossRefGoogle Scholar
  9. [9]
    M. Eichler, Quaternäre quadratische Formen und die Riemannsche Vermutung für die Kongruenzzetafunktion. Arch. Math. 5, 355–366 (1954). MATHCrossRefMathSciNetGoogle Scholar
  10. [10]
    S. Galbraith, Constructing isogenies between elliptic curves over finite fields. Lond. Math. Soc. J. Comput. Math. 2, 118–138 (1999). MATHMathSciNetGoogle Scholar
  11. [11]
    O. Goldreich, Randomized methods in computation, Lecture Notes, http://www.wisdom.weizmann.ac.il/~oded/rnd-sum.html.
  12. [12]
    B.H. Gross, Heights and the special values of L-series. In Number Theory, Montreal, Que. 1985. CMS Conf. Proc., vol. 7 (Am. Math. Soc., Providence, 1987), pp. 115–187. Google Scholar
  13. [13]
    J.L. Hafner, K.S. McCurley, A rigorous subexponential algorithm for computation of class groups. J. Am. Math. Soc. 2, 837–850 (1989). MATHCrossRefMathSciNetGoogle Scholar
  14. [14]
    S. Hamdy, B. Möller, Security of cryptosystems based on class groups of imaginary quadratic orders. In Advances in Cryptology ASIACRYPT 2000, ed by T. Okamoto. Lecture Notes in Computer Science, vol. 1976 (Springer, Berlin, 2000), pp. 234–247. CrossRefGoogle Scholar
  15. [15]
    A.K. Lenstra, D. Page, M. Stam, Discrete logarithm variants of VSH. In Proceedings Vietcrypt 2006. Lecture Notes in Computer Science, vol. 4341 (Springer, Berlin, 2006), pp. 229–242. CrossRefGoogle Scholar
  16. [16]
    A. Lubotzky, R. Phillips, P. Sarnak, Ramanujan graphs. Combinatorica 8(3), 261–277 (1988). MATHCrossRefMathSciNetGoogle Scholar
  17. [17]
    A.K. Pizer, An algorithm for computing modular forms on Γ0(N). J. Algebra 64(2), 340–390 (1980). MATHCrossRefMathSciNetGoogle Scholar
  18. [18]
    A.K. Pizer, Ramanujan graphs and Hecke operators. Bull. AMS 23(1) (1990). Google Scholar
  19. [19]
    P. Sarnak, Some Applications of Modular Forms. Cambridge Tracts in Mathematics, vol. 99 (Cambridge University Press, Cambridge, 1990). MATHGoogle Scholar
  20. [20]
    G. Shimura, Correspondances modulaires et les fonctions zeta de courbes algébriques. J. Math. Soc. Jpn. 10, 1–28 (1958). MATHMathSciNetCrossRefGoogle Scholar
  21. [21]
    C.L. Siegel, Uber die Classenzahl quadratischer Zahlkorper. Acta Arith. 1, 83–86 (1935). MATHGoogle Scholar
  22. [22]
    J.H. Silverman, The Arithmetic of Elliptic Curves. Graduate Texts in Mathematics, vol. 106 (Springer, Berlin, 1986). MATHGoogle Scholar
  23. [23]
    R. Steinwandt, M. Grassl, W. Geiselmann, Beth, T., Weaknesses in the \(\mathrm{SL}_{2}(\mathbb{F}_{2^{n}})\) hashing scheme. In CRYPTO 2000. Lecture Notes Computer Science, vol. 1880 (Springer, Berlin, 2000), pp. 287–299. Google Scholar
  24. [24]
    J. Vélu, Isogénies entre courbes elliptiques. C. R. Acad. Sc. Paris 273, 238–241 (1971). MATHGoogle Scholar
  25. [25]
    G. Zémor, Hash functions and Cayley graphs. Des. Codes Cryptogr. 4, 381–394 (1994). MATHCrossRefMathSciNetGoogle Scholar
  26. [26]
    G. Zémor, J.-P. Tillich, Group theoretic hash functions. In The First French-Israeli Workshop on Algebraic Coding. Lecture Notes in Computer Science, vol. 781 (Springer, Berlin, 1993). Google Scholar
  27. [27]
    G. Zémor, J.-P. Tillich, Hashing with SL2. In Advances in Cryptology, Crypto’94. Lecture Notes in Computer Science, vol. 839 (Springer, Berlin, 1994). Google Scholar

Copyright information

© International Association for Cryptologic Research 2007

Authors and Affiliations

  • Denis X. Charles
    • 1
  • Kristin E. Lauter
    • 1
  • Eyal Z. Goren
    • 2
  1. 1.Microsoft ResearchRedmondUSA
  2. 2.McGill UniversityMontréalCanada

Personalised recommendations