1 / 7

Efficient and Provable Collision Resistant Hash Function: VSH by Contini, Lenstra, and Steinfeld

The Very Smooth Hash (VSH) function, developed by Scott Contini, Arjen K. Lenstra, and Ron Steinfeld, presents a revolutionary approach to hash functions, boasting both efficiency and provable collision resistance. It operates faster than previous provable hashes, achieving near-SHA-1 speed with a unique construction method that reduces collisions to hard number-theoretic problems. VSH combines multiple known hash functions to ensure security while maintaining optimal performance, allowing computations around k/3 times faster than traditional methods, even under RSA 1024-bit conditions.

shoshana-benjamin
Télécharger la présentation

Efficient and Provable Collision Resistant Hash Function: VSH by Contini, Lenstra, and Steinfeld

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. VSH, an efficient and provable collision resistant hash function Scott Contini1, Arjen K. Lenstra2, Ron Steinfeld1 1 Macquarie University 2 Lucent Technologies Bell Laboratories, Technical Univ. Eindhoven

  2. As usual in crypto, we cheat • Efficientmeans: much faster than previous provable hashes (preliminary result: 25  slower than SHA-1) • Provable means: finding collisions provably reducible to NMSRVS: ‘non-trivial modular squareroot of very smooth number’ (factoring experience: NMSRVS looks very hard)

  3. Previous factoring based hash • Hard to factor composite n • Bit b: fx(b) = xb (1 if bit is off, x if bit is on) • Bitstring B, bit b: H2(B||b) = (H2(B)2 f2(b) ) mod n  message m: H2(m) = 2m mod n • Slow: a squaring modulo n per message-bit • H2-collision reveals information about (n) • Hx (x > 2) same security as H2 (and marginally slower)

  4. Speeding it up? • Goal: a modular squaring per k message-bits for a blocklength k substantially larger than 1 • Easy to achieve (with p(i) the ith prime): • Use Hp(1) for first bit, (k+1)th bit, (2k+1)th bit, … • Use Hp(2) for second bit, (k+2)nd bit, (2k+2)nd bit, … • … • Use Hp(k) for kth bit, 2kthbit, 3kthbit, … • Multiply results: VSH = H2  H3 …  Hp(k) Very Smooth Hash: product of k known hashes (this is not the way VSH was constructed)

  5. Why Faster? • As in multi-exponentiation: share the squarings • Let b be a k-bit string, b = b(1)||b(2)||…||b(k), then: f(b) = p(1)b(1)  p(2)b(2)  …  p(k)b(k) with k (130) such that 1ikp(i) < n (1024 bit) • Bitstring B of length multiple of k: VSH(B||b) = (VSH(B)2 f(b) ) mod n • Cost per k message-bits: computation of f(b), plus one modular squaring and multiplication  VSH about k/3 times faster than H2

  6. Security? • Need p(k+1) & length before first block • Collision does not reveal(n), but non-trivial modular sqrt of very smooth number (NMSRVS): x2  1ik+1p(i)e(i) mod n (‘relation’ in factoring, with much larger k) • k + t + 1 collisions lead to: t independent 50% chances to factor n • Owner of factorization can create collisions (that reveal the factorization)

  7. Conclusion • VSH: Very Smooth Hash, O(1) modular multiplies per logn message-bits • Easy invertibility for short messages can be fixed • k = O((logn)c), asymptotically: if collisions can be found faster than factoring, then collision finder can be turned into faster factoring algorithm • 1024-bit RSA security: >1MB/sec on 1GHz PIII • Spin-offs: prov sec random trapdoor hash, etc. • See eprint.iacr.org/2005/193

More Related