Abstract
Cayley hash functions are based on a simple idea of using a pair of (semi)group elements, A and B, to hash the 0 and 1 bit, respectively, and then to hash an arbitrary bit string in the natural way, by using multiplication of elements in the (semi)group. In this paper, we focus on hashing with \(2 \times 2\) matrices over \(\mathbb {F}_p\). Since there are many known pairs of \(2 \times 2\) matrices over \(\mathbb {Z}\) that generate a free monoid, this yields numerous pairs of matrices over \(\mathbb {F}_p\), for a sufficiently large prime p, that are candidates for collision-resistant hashing. However, this trick has a flip side, and lifting matrix entries to \(\mathbb {Z}\) may facilitate finding a collision. This “lifting attack” was successfully used by Tillich and Zémor in the special case where two matrices A and B generate (as a monoid) the whole monoid \(SL_2(\mathbb {Z}_+)\). However, in this paper we show that the situation with other, “similar”, pairs of matrices from \(SL_2(\mathbb {Z})\) is different, and the “lifting attack” can (in some cases) produce collisions in the group generated by A and B, but not in the positive monoid. Therefore, we argue that for these pairs of matrices, there are no known attacks at this time that would affect security of the corresponding hash functions. We also give explicit lower bounds on the length of collisions for hash functions corresponding to some particular pairs of matrices from \(SL_2(\mathbb {F}_p)\).
Similar content being viewed by others
References
Bourgain, J., Gamburd, A.: Uniform expansion bounds for Cayley graphs of \(SL_2({\bf F}_p)\). Ann. Math. 167(2), 625–642 (2008)
Contini, S., Lenstra, A.K., Steinfeld, R.: VSH, an efficient and provable collision resistant hash function. In: Eurocrypt 2006. Lecture Notes in Computer Science, vol. 4004, pp. 165–182 (2006)
Epstein, D.B.A., Cannon, J., Holt, D.F., Levy, S.V.F., Paterson, M.S., Thurston, W.P.: Word Processing in Groups. Jones and Bartlett Publishers, Boston (1992)
Grassl, M., Ilić, I., Magliveras, S., Steinwandt, R.: Cryptanalysis of the Tillich–Zémor hash function. J. Cryptol. 24, 148–156 (2011)
Helfgott, H.A.: Growth and generation in \(SL_2(\mathbb{Z}/p\mathbb{Z})\). Ann. Math. 167(2), 601–623 (2008)
Larsen, M.: Navigating the Cayley graph of \(SL_2({\bf F}_p)\). Int. Math. Res. Not. 27, 1465–1471 (2003)
Lubotzky, A.: Discrete Groups, Expanding Graphs and Invariant Measures. Progress in Mathematics, vol. 125. Birkhäuser Verlag, Basel (1994)
Margulis, G.A.: Explicit constructions of concentrators. Probl. Inf. Transm. 9(4), 325–332 (1973)
Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Mullan, C., Tsaban, B.: \(SL_2\) homomorphic hash functions: Worst case to average case reduction and short collision search. Design Code Cryptogr, to appear
Petit, C.: On graph-based cryptographic hash functions. Ph.D. thesis (2009)
Petit, C., Quisquater, J.: Preimages for the Tillich–Zémor hash function. In: SAC 10. Lecture Notes in Computer Science, vol. 6544, pp. 282–301 (2010)
Petit, C., Quisquater, J.-J.: Rubik’s for cryptographers. Not. Am. Math. Soc. 60, 733–739 (2013)
Sanov, I.N.: A property of a representation of a free group (Russian). Doklady Akad. Nauk SSSR (N.S.) 57, 657–659 (1947)
Tillich, J.-P., Zémor, G.: Group-theoretic hash functions. In: Proceedings of the First French-Israeli Workshop on Algebraic Coding. Lecture Notes in Computer Science, vol. 781, pp. 90–110 (1993)
Tillich, J.-P., Zémor, G.: Hashing with \(SL_2\). In: CRYPTO. Lecture Notes in Computer Science, vol. 839, pp. 40–49 (1994)
Acknowledgments
We are grateful to Ilya Kapovich for helpful comments, in particular for pointing out the relevance of some results from [3] to our work. We are also grateful to Harald Helfgott for useful discussion. Research of the second author was partially supported by the NSF Grant CNS-1117675
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Benjamin Steinberg.
Rights and permissions
About this article
Cite this article
Bromberg, L., Shpilrain, V. & Vdovina, A. Navigating in the Cayley graph of \(SL_2(\mathbb {F}_p)\) and applications to hashing. Semigroup Forum 94, 314–324 (2017). https://doi.org/10.1007/s00233-015-9766-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00233-015-9766-5