Journal of Cryptology

, Volume 22, Issue 1, pp 93–113 | Cite as

Cryptographic Hash Functions from Expander Graphs

  • Denis X. Charles
  • Kristin E. LauterEmail author
  • Eyal Z. Goren


We propose constructing provable collision resistant hash functions from expander graphs in which finding cycles is hard. As examples, we investigate two specific families of optimal expander graphs for provable collision resistant hash function constructions: the families of Ramanujan graphs constructed by Lubotzky-Phillips-Sarnak and Pizer respectively. When the hash function is constructed from one of Pizer’s Ramanujan graphs, (the set of supersingular elliptic curves over \({\mathbb{F}}_{p^{2}}\) with -isogenies, a prime different from p), then collision resistance follows from hardness of computing isogenies between supersingular elliptic curves. For the LPS graphs, the underlying hard problem is a representation problem in group theory. Constructing our hash functions from optimal expander graphs implies that the outputs closely approximate the uniform distribution. This property is useful for arguing that the output is indistinguishable from random sequences of bits. We estimate the cost per bit to compute these hash functions, and we implement our hash function for several members of the Pizer and LPS graph families and give actual timings.


Cryptographic hash functions Expander graphs Elliptic curve cryptography Isogenies Ramanujan graphs Supersingular elliptic curves. 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    K.S. Abdukhalikov, C. Kim, On the security of the hashing scheme based on SL2. In Fast Software Encryption 1998. Lecture Notes Computer Science, vol. 1372 (Springer, Berlin, 1998), pp. 93–102. CrossRefGoogle Scholar
  2. [2]
    N. Alon, Eigenvalues and expanders. Combinatorica 6, 83–98 (1986). zbMATHCrossRefMathSciNetGoogle Scholar
  3. [3]
    I. Blake, G. Seroussi, N. Smart, Elliptic Curves in Cryptography. Lond. Math. Soc., Lecture Note Series, vol. 265 (Cambridge University Press, Cambridge, 1999). zbMATHGoogle Scholar
  4. [4]
    A. Bostan, F. Morain, B. Salvy, E. Schost, Fast algorithms for computing isogenies between elliptic curves,
  5. [5]
    J.M. Cerviño, On the correspondence between supersingular elliptic curves and maximal quaternionic orders,
  6. [6]
    D. Charles, K. Lauter, Computing modular polynomials. Lond. Math. Soc. J. Comput. Math. 8, 195–204 (2005). zbMATHMathSciNetGoogle Scholar
  7. [7]
    C. Charnes, J. Pieprzyk, Attacking the SL2 hashing scheme. In Advances in Cryptology—ASIACRYPT’94, ed. by J. Pieprzyk, R. Safavi-Naini. Lecture Notes in Computer Science, vol. 917 (Springer, Berlin, 1995), pp. 322–330. Google Scholar
  8. [8]
    S. Contini, A.K. Lenstra, R. Steinfeld, VSH, an efficient and provable collision resistant hash function. In Eurocrypt 2006. Lecture Notes in Computer Science, vol. 4004 (Springer, Berlin, 2006), pp. 165–182. CrossRefGoogle Scholar
  9. [9]
    M. Eichler, Quaternäre quadratische Formen und die Riemannsche Vermutung für die Kongruenzzetafunktion. Arch. Math. 5, 355–366 (1954). zbMATHCrossRefMathSciNetGoogle Scholar
  10. [10]
    S. Galbraith, Constructing isogenies between elliptic curves over finite fields. Lond. Math. Soc. J. Comput. Math. 2, 118–138 (1999). zbMATHMathSciNetGoogle Scholar
  11. [11]
    O. Goldreich, Randomized methods in computation, Lecture Notes,
  12. [12]
    B.H. Gross, Heights and the special values of L-series. In Number Theory, Montreal, Que. 1985. CMS Conf. Proc., vol. 7 (Am. Math. Soc., Providence, 1987), pp. 115–187. Google Scholar
  13. [13]
    J.L. Hafner, K.S. McCurley, A rigorous subexponential algorithm for computation of class groups. J. Am. Math. Soc. 2, 837–850 (1989). zbMATHCrossRefMathSciNetGoogle Scholar
  14. [14]
    S. Hamdy, B. Möller, Security of cryptosystems based on class groups of imaginary quadratic orders. In Advances in Cryptology ASIACRYPT 2000, ed by T. Okamoto. Lecture Notes in Computer Science, vol. 1976 (Springer, Berlin, 2000), pp. 234–247. CrossRefGoogle Scholar
  15. [15]
    A.K. Lenstra, D. Page, M. Stam, Discrete logarithm variants of VSH. In Proceedings Vietcrypt 2006. Lecture Notes in Computer Science, vol. 4341 (Springer, Berlin, 2006), pp. 229–242. CrossRefGoogle Scholar
  16. [16]
    A. Lubotzky, R. Phillips, P. Sarnak, Ramanujan graphs. Combinatorica 8(3), 261–277 (1988). zbMATHCrossRefMathSciNetGoogle Scholar
  17. [17]
    A.K. Pizer, An algorithm for computing modular forms on Γ0(N). J. Algebra 64(2), 340–390 (1980). zbMATHCrossRefMathSciNetGoogle Scholar
  18. [18]
    A.K. Pizer, Ramanujan graphs and Hecke operators. Bull. AMS 23(1) (1990). Google Scholar
  19. [19]
    P. Sarnak, Some Applications of Modular Forms. Cambridge Tracts in Mathematics, vol. 99 (Cambridge University Press, Cambridge, 1990). zbMATHGoogle Scholar
  20. [20]
    G. Shimura, Correspondances modulaires et les fonctions zeta de courbes algébriques. J. Math. Soc. Jpn. 10, 1–28 (1958). zbMATHMathSciNetCrossRefGoogle Scholar
  21. [21]
    C.L. Siegel, Uber die Classenzahl quadratischer Zahlkorper. Acta Arith. 1, 83–86 (1935). zbMATHGoogle Scholar
  22. [22]
    J.H. Silverman, The Arithmetic of Elliptic Curves. Graduate Texts in Mathematics, vol. 106 (Springer, Berlin, 1986). zbMATHGoogle Scholar
  23. [23]
    R. Steinwandt, M. Grassl, W. Geiselmann, Beth, T., Weaknesses in the \(\mathrm{SL}_{2}(\mathbb{F}_{2^{n}})\) hashing scheme. In CRYPTO 2000. Lecture Notes Computer Science, vol. 1880 (Springer, Berlin, 2000), pp. 287–299. Google Scholar
  24. [24]
    J. Vélu, Isogénies entre courbes elliptiques. C. R. Acad. Sc. Paris 273, 238–241 (1971). zbMATHGoogle Scholar
  25. [25]
    G. Zémor, Hash functions and Cayley graphs. Des. Codes Cryptogr. 4, 381–394 (1994). zbMATHCrossRefMathSciNetGoogle Scholar
  26. [26]
    G. Zémor, J.-P. Tillich, Group theoretic hash functions. In The First French-Israeli Workshop on Algebraic Coding. Lecture Notes in Computer Science, vol. 781 (Springer, Berlin, 1993). Google Scholar
  27. [27]
    G. Zémor, J.-P. Tillich, Hashing with SL2. In Advances in Cryptology, Crypto’94. Lecture Notes in Computer Science, vol. 839 (Springer, Berlin, 1994). Google Scholar

Copyright information

© International Association for Cryptologic Research 2007

Authors and Affiliations

  • Denis X. Charles
    • 1
  • Kristin E. Lauter
    • 1
    Email author
  • Eyal Z. Goren
    • 2
  1. 1.Microsoft ResearchRedmondUSA
  2. 2.McGill UniversityMontréalCanada

Personalised recommendations