Cryptographic Hash Functions from Expander Graphs


We propose constructing provable collision resistant hash functions from expander graphs in which finding cycles is hard. As examples, we investigate two specific families of optimal expander graphs for provable collision resistant hash function constructions: the families of Ramanujan graphs constructed by Lubotzky-Phillips-Sarnak and Pizer respectively. When the hash function is constructed from one of Pizer’s Ramanujan graphs, (the set of supersingular elliptic curves over \({\mathbb{F}}_{p^{2}}\) with -isogenies, a prime different from p), then collision resistance follows from hardness of computing isogenies between supersingular elliptic curves. For the LPS graphs, the underlying hard problem is a representation problem in group theory. Constructing our hash functions from optimal expander graphs implies that the outputs closely approximate the uniform distribution. This property is useful for arguing that the output is indistinguishable from random sequences of bits. We estimate the cost per bit to compute these hash functions, and we implement our hash function for several members of the Pizer and LPS graph families and give actual timings.


  1. [1]

    K.S. Abdukhalikov, C. Kim, On the security of the hashing scheme based on SL2. In Fast Software Encryption 1998. Lecture Notes Computer Science, vol. 1372 (Springer, Berlin, 1998), pp. 93–102.

    Google Scholar 

  2. [2]

    N. Alon, Eigenvalues and expanders. Combinatorica 6, 83–98 (1986).

    MATH  Article  MathSciNet  Google Scholar 

  3. [3]

    I. Blake, G. Seroussi, N. Smart, Elliptic Curves in Cryptography. Lond. Math. Soc., Lecture Note Series, vol. 265 (Cambridge University Press, Cambridge, 1999).

    Google Scholar 

  4. [4]

    A. Bostan, F. Morain, B. Salvy, E. Schost, Fast algorithms for computing isogenies between elliptic curves,

  5. [5]

    J.M. Cerviño, On the correspondence between supersingular elliptic curves and maximal quaternionic orders,

  6. [6]

    D. Charles, K. Lauter, Computing modular polynomials. Lond. Math. Soc. J. Comput. Math. 8, 195–204 (2005).

    MATH  MathSciNet  Google Scholar 

  7. [7]

    C. Charnes, J. Pieprzyk, Attacking the SL2 hashing scheme. In Advances in Cryptology—ASIACRYPT’94, ed. by J. Pieprzyk, R. Safavi-Naini. Lecture Notes in Computer Science, vol. 917 (Springer, Berlin, 1995), pp. 322–330.

    Google Scholar 

  8. [8]

    S. Contini, A.K. Lenstra, R. Steinfeld, VSH, an efficient and provable collision resistant hash function. In Eurocrypt 2006. Lecture Notes in Computer Science, vol. 4004 (Springer, Berlin, 2006), pp. 165–182.

    Google Scholar 

  9. [9]

    M. Eichler, Quaternäre quadratische Formen und die Riemannsche Vermutung für die Kongruenzzetafunktion. Arch. Math. 5, 355–366 (1954).

    MATH  Article  MathSciNet  Google Scholar 

  10. [10]

    S. Galbraith, Constructing isogenies between elliptic curves over finite fields. Lond. Math. Soc. J. Comput. Math. 2, 118–138 (1999).

    MATH  MathSciNet  Google Scholar 

  11. [11]

    O. Goldreich, Randomized methods in computation, Lecture Notes,

  12. [12]

    B.H. Gross, Heights and the special values of L-series. In Number Theory, Montreal, Que. 1985. CMS Conf. Proc., vol. 7 (Am. Math. Soc., Providence, 1987), pp. 115–187.

    Google Scholar 

  13. [13]

    J.L. Hafner, K.S. McCurley, A rigorous subexponential algorithm for computation of class groups. J. Am. Math. Soc. 2, 837–850 (1989).

    MATH  Article  MathSciNet  Google Scholar 

  14. [14]

    S. Hamdy, B. Möller, Security of cryptosystems based on class groups of imaginary quadratic orders. In Advances in Cryptology ASIACRYPT 2000, ed by T. Okamoto. Lecture Notes in Computer Science, vol. 1976 (Springer, Berlin, 2000), pp. 234–247.

    Google Scholar 

  15. [15]

    A.K. Lenstra, D. Page, M. Stam, Discrete logarithm variants of VSH. In Proceedings Vietcrypt 2006. Lecture Notes in Computer Science, vol. 4341 (Springer, Berlin, 2006), pp. 229–242.

    Google Scholar 

  16. [16]

    A. Lubotzky, R. Phillips, P. Sarnak, Ramanujan graphs. Combinatorica 8(3), 261–277 (1988).

    MATH  Article  MathSciNet  Google Scholar 

  17. [17]

    A.K. Pizer, An algorithm for computing modular forms on Γ0(N). J. Algebra 64(2), 340–390 (1980).

    MATH  Article  MathSciNet  Google Scholar 

  18. [18]

    A.K. Pizer, Ramanujan graphs and Hecke operators. Bull. AMS 23(1) (1990).

  19. [19]

    P. Sarnak, Some Applications of Modular Forms. Cambridge Tracts in Mathematics, vol. 99 (Cambridge University Press, Cambridge, 1990).

    Google Scholar 

  20. [20]

    G. Shimura, Correspondances modulaires et les fonctions zeta de courbes algébriques. J. Math. Soc. Jpn. 10, 1–28 (1958).

    MATH  MathSciNet  Article  Google Scholar 

  21. [21]

    C.L. Siegel, Uber die Classenzahl quadratischer Zahlkorper. Acta Arith. 1, 83–86 (1935).

    MATH  Google Scholar 

  22. [22]

    J.H. Silverman, The Arithmetic of Elliptic Curves. Graduate Texts in Mathematics, vol. 106 (Springer, Berlin, 1986).

    Google Scholar 

  23. [23]

    R. Steinwandt, M. Grassl, W. Geiselmann, Beth, T., Weaknesses in the \(\mathrm{SL}_{2}(\mathbb{F}_{2^{n}})\) hashing scheme. In CRYPTO 2000. Lecture Notes Computer Science, vol. 1880 (Springer, Berlin, 2000), pp. 287–299.

    Google Scholar 

  24. [24]

    J. Vélu, Isogénies entre courbes elliptiques. C. R. Acad. Sc. Paris 273, 238–241 (1971).

    MATH  Google Scholar 

  25. [25]

    G. Zémor, Hash functions and Cayley graphs. Des. Codes Cryptogr. 4, 381–394 (1994).

    MATH  Article  MathSciNet  Google Scholar 

  26. [26]

    G. Zémor, J.-P. Tillich, Group theoretic hash functions. In The First French-Israeli Workshop on Algebraic Coding. Lecture Notes in Computer Science, vol. 781 (Springer, Berlin, 1993).

    Google Scholar 

  27. [27]

    G. Zémor, J.-P. Tillich, Hashing with SL2. In Advances in Cryptology, Crypto’94. Lecture Notes in Computer Science, vol. 839 (Springer, Berlin, 1994).

    Google Scholar 

Download references

Author information



Corresponding author

Correspondence to Kristin E. Lauter.

Additional information

Communicated by Arjen Lenstra

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Charles, D.X., Lauter, K.E. & Goren, E.Z. Cryptographic Hash Functions from Expander Graphs. J Cryptol 22, 93–113 (2009).

Download citation


  • Cryptographic hash functions
  • Expander graphs
  • Elliptic curve cryptography
  • Isogenies
  • Ramanujan graphs
  • Supersingular elliptic curves.