Collisions for the LPS Expander Graph Hash Function.

We analyse the hash function family based on walks in LPS Ramanujan graphs recently introduced by Charles et al. ... We present an algorithm for finding collisions that runs in quasi-linear time in the length of the hashed value. A concrete instance of the hash function is considered, based on a 100-digit prime. ... It has two properties relevant to hashing. First, the graph is a good expander (see [3] , [13] for details and [9] for a modern survey on expander graphs). ...

doi:10.1007/978-3-540-78967-3_15 dblp:conf/eurocrypt/TillichZ08 fatcat:lsphyrcvjna47hyqbg4pw5wsre

We estimate the cost per bit to compute these hash functions, and we implement our hash function for several members of the Pizer and LPS graph families and give actual timings. ... As examples, we investigate two specific families of optimal expander graphs for provable collision resistant hash function constructions: the families of Ramanujan graphs constructed by Lubotzky-Phillips-Sarnak ... Acknowledgements The authors thank the anonymous referees for many helpful suggestions to improve the paper. ...

doi:10.1007/s00145-007-9002-x fatcat:aeu37cl6fvhmpdlrc5pu22wp7e

Collisions in the LPS cryptographic hash function of Charles, Goren and Lauter have been found by Zémor and Tillich [16], but it was not clear whether computing preimages was also easy for this hash function ... Subsequently, we study the Morgenstern hash, an interesting variant of LPS hash, and break this function as well. ... Discussion and Further Work In this paper, we presented efficient algorithms finding preimages for the LPS hash function and collisions for the Morgenstern hash function with q = 2. ...

doi:10.1007/978-3-540-85855-3_18 fatcat:qn527l467bhppdjad2usaz3qvi

Hash functions from Cayley graphs A few proposals Zémor [Z91] p prime G = SL(2, F p ) S = {( 1 1 0 1 ) , ( 1 0 1 1 )} Ch. ... but additional heuristics may help Issue : find good groups G and generator sets S Many angles of attacks as in Morgenstern's Ramanujan graphs Introduction Cayley hash functions Security : ...

doi:10.1007/978-3-662-49301-4_19 fatcat:xupxke37nbgjjldjkssvu5umui

We also describe the relationship between the security of Cayley hash functions and word problems for group theory. ... We introduce a cryptographic hash function based on expander graphs, suggested by Charles et al. '09, as one prominent candidate in post-quantum cryptography. ... The authors would like to thank Meghan Delaney for pointing out grammatical errors. ...

doi:10.1007/978-981-15-5191-8_17 fatcat:bnonrygdnvaynmkgsbrvkhxmka

Open Access

A constructive proof of Babai's conjecture would make all Cayley hash functions insecure, but on the other hand it would have many positive applications in graph theory and computer science. ... These problems arise naturally when describing the security of Cayley hash functions, a class of cryptographic hash functions with very interesting properties. ... for giving him the opportunity to present his work. ...

doi:10.1090/noti1001 fatcat:6n353wxmo5hhvjsab3di2quz6q

Szczepanski

In this paper we present an algorithm to compute keyed hash function (message authentication code MAC). ... Expander graphs are known to have excellent expansion properties and thus they also have very good mixing properties. ... Acknowledgement The authors would like to express their gratitude to Vasyl Ustimenko for sharing his knowledge about graphs D(n, q), which made this research possible. ...

arXiv:1903.06267v1 fatcat:pzi4flnqirfj3g76s3a3zbmuti

More concretely, the probabilistic relaxation of the recovery guarantee allows the use of a cryptographically secure hash function, such as the conjectured collision-resistant hash function , in order ... The scheme we previously suggested in [1] 1 requires fingerprinting information of size O(n log n) bits. Our scheme employs expander graphs for redundant cross-checking of fingerprint values. ... More concretely, the probabilistic relaxation of the recovery guarantee allows the use of a cryptographically secure hash function, such as the conjectured collision-resistant hash function SHA-1 [7] ...

doi:10.1016/j.ic.2006.02.007 fatcat:zlhe255anndkzn5hn2ejr572le

Szczepanski

We provide a model for computation of I/O complexity on the model of Aggarwal and Vitter modified for flash memories. ... So far, external memory model checking algorithms have been optimized for mechanical hard disks corresponding to the model of Aggarwal and Vitter [1]. ... Collisions especially on the background hash table can yield additional burden. ...

doi:10.1007/978-3-642-03240-0_14 fatcat:jatfcu7l4zha3eupeb6pqgzbdq

perfect hash function from RAM to flash memory. ... For flash memory efficient on-the-fly LTL model checking, which aims at finding any counter-example to the specified LTL property, we study hash functions adapted to the two-level hierarchy of RAM and ... Acknowledgements We would like to thank Martin Dietzfelbinger for his help to derive the lower bound on perfect hashing, Peter Kissmann for his rigorous proof reading, and the anonymous reviewers for the ...

doi:10.1016/j.scico.2010.03.005 fatcat:5kkssybrs5dibhqgwyhvsv3xfi

Szczepanski

Charles et al. proposed hash functions based on the difficulty of computing isogenies between supersingular elliptic curves. ... Moreover, we implement the 2and 3-isogeny hash functions using Magma and show our 3-isogeny proposal has a comparable efficiency with the 2-isogeny one. ... The Zémor hash function and the LPS hash function are Cayley graph hash functions. The polynomial-time attacks on these Cayley graph hash functions have already known [7, 8] . ...

doi:10.14495/jsiaml.9.29 fatcat:ygtkwofggrf7bobsapm3x6cdu4

Szczepanski

In this paper we examine the issues involved in adding concurrency to the Robin Hood hash table algorithm. ... locality, all of which are essential for high performance on modern computer architectures. ... Ideally, the hash function generates a unique index for each key. In reality, however, the keys often have the same hash, creating what is known as a collision. ...

doi:10.4230/lipics.opodis.2018.10 dblp:conf/opodis/KellyPM18 fatcat:5vxt7s2wbrckrix77rfm5wakou

In particular, this means that our distinguisher has a minimal impact on the security of the hash function, and we still have a security proof for the SIMD hash function. ... Our bound is in the order of 2 −n/2 using very weak assumptions. Resistance to related key attacks is often overlooked, but it is very important for hash function designs. The Message Expansion. ... Acknowledgments We would like to thank Praveen Gauravaram from Technical University of Denmark, Copenhagen for discussions on the proof of indifferentiability. ...

doi:10.1007/978-3-642-19574-7_24 fatcat:xkn4kasirrbkbpk3fzqccxzxfe

One is based on Lubotzky-Phillips-Sarnak (LPS) graphs and the other one is based on Supersingular Isogeny Graphs. A 2008 paper by Petit-Lauter-Quisquater breaks the hash function based on LPS graphs. ... Charles-Goren-Lauter in 2006 [CGL06] proposed two hash functions based on the hardness of finding paths in Ramanujan graphs. ... Both graphs were proposed and presented at the 2005 and 2006 NIST Hash Function workshops, but the LPS hash function was quickly attacked and broken in two papers in 2008, a collision attack [TZ08] and ...

arXiv:1806.05709v2 fatcat:rt6uqp5ap5dk3c6wutbi2sjhqu

Multiple Versions

Cryptographic hash functions from expander graphs were proposed by Charles, Goren, and Lauter in [CGL] based on the hardness of finding paths in the graph. ... In this paper, we propose a new candidate for a hash function based on the hardness of finding paths in the graph of Markoff triples modulo p. ... The LPS-based hash function was attacked in two subsequent papers, which presented efficient algorithms to find collisions [TZ] , and preimages [PLQ] . ...

arXiv:2107.10906v2 fatcat:wv7h4fcxxrbizj62uid2vgatcm

Open Access Multiple Versions

Collisions for the LPS Expander Graph Hash Function [chapter]

Preserved Fulltext

Cryptographic Hash Functions from Expander Graphs

Preserved Fulltext

Full Cryptanalysis of LPS and Morgenstern Hash Functions [chapter]

Preserved Fulltext

Cryptographic Hash Functions and Expander Graphs: The End of the Story? [chapter]

Preserved Fulltext

Ramanujan Graphs for Post-Quantum Cryptography [chapter]

Preserved Fulltext

Rubik's for Cryptographers

Preserved Fulltext

Keyed hash function from large girth expander graphs [article]

Preserved Fulltext

Addendum to "Scalable secure storage when half the system is faulty" [Inform. Comput. 174 (2)(2002) 203–213]

Preserved Fulltext

Can Flash Memory Help in Model Checking? [chapter]

Preserved Fulltext

Flash memory efficient LTL model checking

Preserved Fulltext

Constructing an efficient hash function from $3$-isogenies

Preserved Fulltext

Concurrent Robin Hood Hashing

Preserved Fulltext

Security Analysis of SIMD [chapter]

Preserved Fulltext

Ramanujan graphs in cryptography [article]

Preserved Fulltext

Other Versions

A Cryptographic Hash Function from Markoff Triples [article]

Preserved Fulltext

Other Versions