A Short Universal Hash Function from Bit Rotation, and Applications to Blockcipher Modes

  • Kazuhiko Minematsu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8209)


In this paper we propose a new universal hash function based on bit rotation. The proposed scheme, called Circulant hash, is a variant of the classical random matrix-based hash of Carter and Wegman, called H3, and Toeplitz hash by Krawczyk. However, Circulant hash has a smaller key space and the proved differential probability is not implied by the previous analyses on these functions.

Since Circulant hash is an almost XOR-universal hash function for balanced input/output, it may not be a perfect substitute for H3 and Toeplitz hash. However, we show that Circulant hash is a useful tool for blockcipher modes, specifically as an alternative to Galois field constant multiplications. We provide some illustrative examples of the constructions of tweakable blockcipher and vector-input pseudorandom function using Circulant hash. Our schemes are as efficient as previous ones using GF constant multiplications, and provide some unique features.


Bit rotation Toeplitz hash Blockcipher Mode 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    The On-Line Encyclopedia of Integer Sequences: A046145 Smallest primitive root of n, or 0 if no root exists, http://oeis.org/A046145/
  3. 3.
    Alon, N., Goldreich, O., Håstad, J., Peralta, R.: Simple Constructions of Almost k-Wise Independent Random Variables. In: FOCS, pp. 544–553. IEEE Computer Society (1990)Google Scholar
  4. 4.
    Aumasson, J.P., Henzen, L., Meier, W., Phan, R.C.W.: SHA-3 proposal BLAKE, Round 2 (2009)Google Scholar
  5. 5.
    Bellare, M., Goldreich, O., Goldwasser, S.: Incremental cryptography and application to virus protection. In: Leighton, F.T., Borodin, A. (eds.) STOC, pp. 45–56. ACM (1995)Google Scholar
  6. 6.
    Bernstein, D.J.: The Salsa20 Family of Stream Ciphers. In: Robshaw, Billet (eds.) [32], pp. 84–97Google Scholar
  7. 7.
    Black, J., Rogaway, P.: A Block-Cipher Mode of Operation for Parallelizable Message Authentication. In: Knudsen (ed.) [18], pp. 384–397Google Scholar
  8. 8.
    Boesgaard, M., Christensen, T., Zenner, E.: Badger – A Fast and Provably Secure MAC. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 176–191. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Bösch, C., Guajardo, J., Sadeghi, A.-R., Shokrollahi, J., Tuyls, P.: Efficient Helper Data Key Extractor on FPGAs. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 181–197. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Carter, L., Wegman, M.N.: Universal Classes of Hash Functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979)MathSciNetCrossRefMATHGoogle Scholar
  11. 11.
    Contini, S., Yin, Y.L.: On differential properties of data-dependent rotations and their use in MARS and RC6 (Extended Abstract). In: Proceedings of the Second AES Candidate Conference, pp. 230–239 (2000)Google Scholar
  12. 12.
    Daykin, D.E.: On the Rank of the Matrix f(A) and the Enumeration of Certain Matrices over a Finite Field. Journal of the London Mathematical Society s1-35(1), 36–42 (1960)Google Scholar
  13. 13.
    Dworkin, M.: Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices. Special Publication 800-38E pp. 175–182 (2010)Google Scholar
  14. 14.
    Ferguson, N., Lucks, S., Schneier, B., Whiting, D., Bellare, M., Kohno, T., Callas, J., Walker, J.: The Skein Hash Function Family. Submission to the NIST SHA-3 Competition, Round 2 (2009)Google Scholar
  15. 15.
    Fleischmann, E., Forler, C., Lucks, S.: McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 196–215. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  16. 16.
    Iwata, T., Kurosawa, K.: OMAC: One-Key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Jetchev, D., Özen, O., Stam, M.: Understanding Adaptivity: Random Systems Revisited. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 313–330. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. 18.
    Knudsen, L.R. (ed.): EUROCRYPT 2002. LNCS, vol. 2332. Springer, Heidelberg (2002)MATHGoogle Scholar
  19. 19.
    Krawczyk, H.: LFSR-based Hashing and Authentication. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 129–139. Springer, Heidelberg (1994)Google Scholar
  20. 20.
    Krovetz, T., Rogaway, P.: The Software Performance of Authenticated-Encryption Modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306–327. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  21. 21.
    Liskov, M., Rivest, R.L., Wagner, D.: Tweakable Block Ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  22. 22.
    Ma, X., Xu, F., Xu, H., Tan, X., Qi, B., Lo, H.K.: Postprocessing for quantum random number generators: entropy evaluation and randomness extraction (2012), http://arxiv.org/abs/1207.1473
  23. 23.
    Maes, R., Tuyls, P., Verbauwhede, I.: Low-Overhead Implementation of a Soft Decision Helper Data Algorithm for SRAM PUFs. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 332–347. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Maurer, U.M.: Indistinguishability of Random Systems. In: Knudsen (ed.) [18], pp. 110–132Google Scholar
  25. 25.
    Minematsu, K.: Improved Security Analysis of XEX and LRW Modes. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 96–113. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  26. 26.
    Nguyen, L.H., Roscoe, A.W.: Simple construction of epsilon-biased distribution. Cryptology ePrint Archive, Report 2012/429 (2012), http://eprint.iacr.org/
  27. 27.
    Rogaway, P., Zhang, H.: Online Ciphers from Tweakable Blockciphers. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 237–249. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  28. 28.
    Ristenpart, T., Rogaway, P.: How to Enrich the Message Space of a Cipher. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 101–118. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  29. 29.
    Rivest, R.L.: The RC5 Encryption Algorithm. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 86–96. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  30. 30.
    Rivest, R.L.: The invertibility of the xor of rotations of a binary word. Int. J. Comput. Math. 88(2), 281–284 (2011)MathSciNetMATHGoogle Scholar
  31. 31.
    Rivest, R.L., Robshaw, M.J.B., Yin, Y.L.: Rc6 as the aes. In: AES Candidate Conference, pp. 337–342 (2000)Google Scholar
  32. 32.
    Robshaw, M., Billet, O. (eds.): New Stream Cipher Designs. LNCS, vol. 4986. Springer, Heidelberg (2008)MATHGoogle Scholar
  33. 33.
    Rogaway, P.: Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16–31. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  34. 34.
    Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: Reiter, M.K., Samarati, P. (eds.) ACM Conference on Computer and Communications Security, pp. 196–205. ACM (2001)Google Scholar
  35. 35.
    Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373–390. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  36. 36.
    Sarkar, P.: A new multi-linear universal hash family. Designs, Codes and Cryptography pp. 1–17, http://dx.doi.org/10.1007/s10623-012-9672-8, 10.1007/s10623-012-9672-8
  37. 37.
    Stankovski, P., Hell, M., Johansson, T.: Analysis of Xorrotation with Application to an HC-128 Variant. In: Susilo, W., Mu, Y., Seberry, J. (eds.) ACISP 2012. LNCS, vol. 7372, pp. 419–425. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  38. 38.
    Thomsen, S.S.: Cryptographic hash functions. PhD thesis, Technical University of Denmark (2008)Google Scholar
  39. 39.
    Wah, P., Wang, M.Z.: Realization and application of the Massey-Omura lock. Digital Commnucation, International Zurich Seminar, 175–182 (1984)Google Scholar
  40. 40.
    Wu, H.: The Stream Cipher HC-128. In: Robshaw, Billet (eds.) [32], pp. 39–47Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Kazuhiko Minematsu
    • 1
  1. 1.NEC CorporationNakahara-KuJapan

Personalised recommendations