Skip to main content

Navigating in the Cayley graph of \(SL_2(\mathbb {F}_p)\) and applications to hashing

Abstract

Cayley hash functions are based on a simple idea of using a pair of (semi)group elements, A and B, to hash the 0 and 1 bit, respectively, and then to hash an arbitrary bit string in the natural way, by using multiplication of elements in the (semi)group. In this paper, we focus on hashing with \(2 \times 2\) matrices over \(\mathbb {F}_p\). Since there are many known pairs of \(2 \times 2\) matrices over \(\mathbb {Z}\) that generate a free monoid, this yields numerous pairs of matrices over \(\mathbb {F}_p\), for a sufficiently large prime p, that are candidates for collision-resistant hashing. However, this trick has a flip side, and lifting matrix entries to \(\mathbb {Z}\) may facilitate finding a collision. This “lifting attack” was successfully used by Tillich and Zémor in the special case where two matrices A and B generate (as a monoid) the whole monoid \(SL_2(\mathbb {Z}_+)\). However, in this paper we show that the situation with other, “similar”, pairs of matrices from \(SL_2(\mathbb {Z})\) is different, and the “lifting attack” can (in some cases) produce collisions in the group generated by A and B, but not in the positive monoid. Therefore, we argue that for these pairs of matrices, there are no known attacks at this time that would affect security of the corresponding hash functions. We also give explicit lower bounds on the length of collisions for hash functions corresponding to some particular pairs of matrices from \(SL_2(\mathbb {F}_p)\).

This is a preview of subscription content, access via your institution.

References

  1. 1.

    Bourgain, J., Gamburd, A.: Uniform expansion bounds for Cayley graphs of \(SL_2({\bf F}_p)\). Ann. Math. 167(2), 625–642 (2008)

    MathSciNet  Article  MATH  Google Scholar 

  2. 2.

    Contini, S., Lenstra, A.K., Steinfeld, R.: VSH, an efficient and provable collision resistant hash function. In: Eurocrypt 2006. Lecture Notes in Computer Science, vol. 4004, pp. 165–182 (2006)

  3. 3.

    Epstein, D.B.A., Cannon, J., Holt, D.F., Levy, S.V.F., Paterson, M.S., Thurston, W.P.: Word Processing in Groups. Jones and Bartlett Publishers, Boston (1992)

    MATH  Google Scholar 

  4. 4.

    Grassl, M., Ilić, I., Magliveras, S., Steinwandt, R.: Cryptanalysis of the Tillich–Zémor hash function. J. Cryptol. 24, 148–156 (2011)

    Article  MATH  Google Scholar 

  5. 5.

    Helfgott, H.A.: Growth and generation in \(SL_2(\mathbb{Z}/p\mathbb{Z})\). Ann. Math. 167(2), 601–623 (2008)

    MathSciNet  Article  Google Scholar 

  6. 6.

    Larsen, M.: Navigating the Cayley graph of \(SL_2({\bf F}_p)\). Int. Math. Res. Not. 27, 1465–1471 (2003)

    Article  MATH  Google Scholar 

  7. 7.

    Lubotzky, A.: Discrete Groups, Expanding Graphs and Invariant Measures. Progress in Mathematics, vol. 125. Birkhäuser Verlag, Basel (1994)

    Book  MATH  Google Scholar 

  8. 8.

    Margulis, G.A.: Explicit constructions of concentrators. Probl. Inf. Transm. 9(4), 325–332 (1973)

    Google Scholar 

  9. 9.

    Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)

    MATH  Google Scholar 

  10. 10.

    Mullan, C., Tsaban, B.: \(SL_2\) homomorphic hash functions: Worst case to average case reduction and short collision search. Design Code Cryptogr, to appear

  11. 11.

    Petit, C.: On graph-based cryptographic hash functions. Ph.D. thesis (2009)

  12. 12.

    Petit, C., Quisquater, J.: Preimages for the Tillich–Zémor hash function. In: SAC 10. Lecture Notes in Computer Science, vol. 6544, pp. 282–301 (2010)

  13. 13.

    Petit, C., Quisquater, J.-J.: Rubik’s for cryptographers. Not. Am. Math. Soc. 60, 733–739 (2013)

    MathSciNet  Article  MATH  Google Scholar 

  14. 14.

    Sanov, I.N.: A property of a representation of a free group (Russian). Doklady Akad. Nauk SSSR (N.S.) 57, 657–659 (1947)

    MathSciNet  Google Scholar 

  15. 15.

    Tillich, J.-P., Zémor, G.: Group-theoretic hash functions. In: Proceedings of the First French-Israeli Workshop on Algebraic Coding. Lecture Notes in Computer Science, vol. 781, pp. 90–110 (1993)

  16. 16.

    Tillich, J.-P., Zémor, G.: Hashing with \(SL_2\). In: CRYPTO. Lecture Notes in Computer Science, vol. 839, pp. 40–49 (1994)

Download references

Acknowledgments

We are grateful to Ilya Kapovich for helpful comments, in particular for pointing out the relevance of some results from [3] to our work. We are also grateful to Harald Helfgott for useful discussion. Research of the second author was partially supported by the NSF Grant CNS-1117675

Author information

Affiliations

Authors

Corresponding author

Correspondence to Lisa Bromberg.

Additional information

Communicated by Benjamin Steinberg.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Bromberg, L., Shpilrain, V. & Vdovina, A. Navigating in the Cayley graph of \(SL_2(\mathbb {F}_p)\) and applications to hashing. Semigroup Forum 94, 314–324 (2017). https://doi.org/10.1007/s00233-015-9766-5

Download citation

Keywords

  • Hash function
  • Cayley graph
  • Matrix semigroup