Amplifying Collision Resistance: A Complexity-Theoretic Treatment

  • Ran Canetti
  • Ron Rivest
  • Madhu Sudan
  • Luca Trevisan
  • Salil Vadhan
  • Hoeteck Wee
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4622)


We initiate a complexity-theoretic treatment of hardness amplification for collision-resistant hash functions, namely the transformation of weakly collision-resistant hash functions into strongly collision-resistant ones in the standard model of computation. We measure the level of collision resistance by the maximum probability, over the choice of the key, for which an efficient adversary can find a collision. The goal is to obtain constructions with short output, short keys, small loss in adversarial complexity tolerated, and a good trade-off between compression ratio and computational complexity. We provide an analysis of several simple constructions, and show that many of the parameters achieved by our constructions are almost optimal in some sense.


collision resistance hash functions hardness amplification combiners 


  1. 1.
    Anderson, R.: The classification of hash functions. In: Cryptography and Coding ’93 (1993)Google Scholar
  2. 2.
    Boneh, D., Boyen, X.: On the impossibility of efficiently combining collision resistant hash functions. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damgård revisited: How to construct a hash function. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, Springer, Heidelberg (2006)Google Scholar
  4. 4.
    Damgård, I.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, Springer, Heidelberg (1990)Google Scholar
  5. 5.
    De Santis, A., Di Crescenzo, G., Persiano, G.: Randomness-optimal characterization of two NP proof systems. In: Rolim, J.D.P., Vadhan, S.P. (eds.) RANDOM 2002. LNCS, vol. 2483, Springer, Heidelberg (2002)Google Scholar
  6. 6.
    Dobbertin, H.: Cryptanalysis of MD4. In: Fast Software Encryption (1996)Google Scholar
  7. 7.
    Fischlin, M., Lehmann, A.: Security-amplifying combiners for collision-resistant hash functions. In: these proceedings (2007)Google Scholar
  8. 8.
    Gibson, J.K.: Discrete logarithm hash function that is collision free and one way. IEE Proceedings - E 138(6), 407–410 (1991)Google Scholar
  9. 9.
    Goldreich, O.: A sample of samplers - a computational perspective on sampling. ECCC TR97-020 (1997)Google Scholar
  10. 10.
    Goldreich, O.: Candidate one-way functions based on expander graphs. Cryptology ePrint Archive, Report 2000/063 (2000)Google Scholar
  11. 11.
    Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press, Cambridge (2001)MATHGoogle Scholar
  12. 12.
    Herzberg, A.: Tolerant combiners: Resilient cryptographic design. Cryptology ePrint Archive, Report 2002/135 (2002)Google Scholar
  13. 13.
    Hsiao, C.-Y., Reyzin, L.: Finding collisions on a public road, or do secure hash functions need secret coins? In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, Springer, Heidelberg (2004)Google Scholar
  14. 14.
    Knudsen, L.R., Preneel, B.: Construction of secure and fast hash functions using nonbinary error-correcting codes. IEEE Transactions on Information Theory 48(9), 2524–2539 (2002)MATHCrossRefGoogle Scholar
  15. 15.
    Lin, H., Trevisan, L., Wee, H.: On hardness amplification of one-way functions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, Springer, Heidelberg (2005)Google Scholar
  16. 16.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton, USA (1996)Google Scholar
  17. 17.
    Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, Springer, Heidelberg (1990)Google Scholar
  18. 18.
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: Proc. 20th STOC (1989)Google Scholar
  19. 19.
    Pietrzak, K.: Non-trivial black-box combiners for collision-resistant hash-functions don’t exist. In: Proc. Eurocrypt ’07, Cryptology ePrint Archive, Report 2006/348 (2007)Google Scholar
  20. 20.
    Preneel, B.: Hash functions - present state of art. ECrypt Conference on Hash Functions (2005)Google Scholar
  21. 21.
    Rogaway, P.: Formalizing human ignorance: Collision-resistant hashing without the keys. In: Nguyen, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Schmidt, J.P., Siegel, A., Srinivasan, A.: Chernoff-Hoeffding bounds for applications with limited independence. SIAM J. Discrete Math 8(2), 223–250 (1995)MATHCrossRefGoogle Scholar
  23. 23.
    Shaltiel, R.: Towards proving strong direct product theorems. Computational Complexity 12(1–2), 1–22 (2003)MATHCrossRefGoogle Scholar
  24. 24.
    Shoup, V.: A composition theorem for universal one-way hash functions. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, Springer, Heidelberg (2000)Google Scholar
  25. 25.
    Simon, D.R.: Finding collisions on a one-way street: Can secure hash functions be based on general assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, Springer, Heidelberg (1998)CrossRefGoogle Scholar
  26. 26.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, Springer, Heidelberg (2005)Google Scholar
  27. 27.
    Yao, A.: Theory and applications of trapdoor functions. In: Proc. 23rd FOCS (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Ran Canetti
    • 1
  • Ron Rivest
    • 2
  • Madhu Sudan
    • 2
  • Luca Trevisan
    • 3
  • Salil Vadhan
    • 4
  • Hoeteck Wee
    • 3
  1. 1.IBM Research 
  2. 2.MIT CSAIL 
  3. 3.UC Berkeley 
  4. 4.Harvard University 

Personalised recommendations