Abstract
Collision-resistant hash functions (\(\textsf{CRH}\)) are a fundamental and ubiquitous cryptographic primitive. Several recent works have studied a relaxation of \(\textsf{CRH}\) called t-way multi-collision-resistant hash functions (\(t\text {-}\textsf{MCRH}\)). These are families of functions for which it is computationally hard to find a t-way collision, even though such collisions are abundant (and even \((t-1)\)-way collisions may be easy to find). The case of \(t=2\) corresponds to standard \(\textsf{CRH}\), but it is natural to study t-\(\textsf{MCRH}\) for larger values of t.
Multi-collision-resistance seems to be a qualitatively weaker property than standard collision-resistance. Nevertheless, in this work we show a non-blackbox transformation of any moderately shrinking t-\(\textsf{MCRH}\), for \(t \in \{3,4\}\), into an (infinitely often secure) \(\textsf{CRH}\). This transformation is non-constructive – we can prove the existence of a \(\textsf{CRH}\) but cannot explicitly point out a construction.
Our result partially extends to larger values of t. In particular, we show that for suitable values of \(t>t'\), we can transform a t-\(\textsf{MCRH}\) into a \(t'\)-\(\textsf{MCRH}\), at the cost of reducing the shrinkage of the resulting hash function family and settling for infinitely often security. This result utilizes the list-decodability properties of Reed-Solomon codes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Their paper states this theorem for (t, n/2)-\(\textsf{MCRH}\), but their proof immediately extends to any \((t,\varOmega (n))\)-\(\textsf{MCRH}\). They define \(\textsf{MCRH}\) security as holding only against uniform adversaries and thus obtain a uniform i.o. \(\textsf{DCRH}\) secure against uniform adversaries. Under our definition of \(\textsf{MCRH}\) with security against non-uniform adversaries, their approach would also result in a non-uniform construction secure against non-uniform adversaries. They also construct \(\textsf{DCRH}\) from the average-case hardness of problems in \(\textsf{SZK}\), but this result is not relevant here.
- 2.
Thanks to Iftach Haitner for pointing this out to us.
- 3.
Actually, it may be the case that the shrinkage of the hash function we construct is larger than this \(\ell _f\). In such a case, we can simply pad the output of the hash function with 0’s to ensure that the shrinkage is exactly \(\ell '\) (without any effect on its collision-resistance properties).
- 4.
We assume the field elements can be represented using \(\log _2(|\mathbb {F}|)\) bits (in the natural way) and that field operations (i.e., arithmetic operations as well as sampling of random field elements) can be performed in \(\textsf{polylog}(|\mathbb {F}|)\) time. See, e.g., [Sho88] for details.
- 5.
Note that for \(\textsf{Gen}'\) to be non-trivial we must have \(\ell (n) > n/k\).
- 6.
For sake of consistency we define the hash function w.r.t. “security parameter” n/k, since its domain is \(\{0,1\}^{n/k}\).
- 7.
As in Footnote 5, this is only interesting if \(\ell (n) > (n-n/k)\).
- 8.
This is the point where we use the adversary in a non-blackbox manner. Since the adversary is non-uniform, this also makes the construction non-uniform.
- 9.
Sudan additionally established bounds on the algorithmic list-decoding properties of Reed-Solomon codes, whereas for our purposes a combinatorial bound (such as that established in [GRS00]) suffices.
References
Bitansky, N., Degwekar, A.: On the complexity of collision resistant hash functions: new and old black-box separations. In: Hofheinz, D., Rosen, A. (eds.) TCC 2019, Part I. LNCS, vol. 11891, pp. 422–450. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-36030-6_17
Berman, I., Degwekar, A., Rothblum, R.D., Vasudevan, P.N.: Multi-collision resistant hash functions and their applications. In: Nielsen and Rijmen [NR18], pp. 133–161
Bitansky, N., Haitner, I., Komargodski, I., Yogev, E.: Distributional collision resistance beyond one-way functions. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part III. LNCS, vol. 11478, pp. 667–695. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_23
Bitansky, N., Kalai, Y.T., Paneth, O.: Multi-collision resistance: a paradigm for keyless hash functions. In: Diakonikolas, I., Kempe, D., Henzinger, M. (eds.) Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2018, Los Angeles, CA, USA, 25–29 June 2018, pp. 671–684. ACM (2018)
Bitansky, N., Vaikuntanathan, V.: A note on perfect correctness by derandomization. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part II. LNCS, vol. 10211, pp. 592–606. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_20
Dvir, Z., Gutfreund, D., Rothblum, G.N., Vadhan, S.P.: On approximating the entropy of polynomial mappings. In: Chazelle, B. (ed.) Innovations in Computer Science - ICS 2011, Tsinghua University, Beijing, China, 7–9 January 2011, Proceedings, pp. 460–475. Tsinghua University Press (2011)
Dubrov, B., Ishai, Y.: On the randomness complexity of efficient sampling. In: Kleinberg, J.M. (ed.) Proceedings of the 38th Annual ACM Symposium on Theory of Computing, Seattle, WA, USA, 21–23 May 2006, pp. 711–720. ACM (2006)
Dwork, C., Naor, M.: Zaps and their applications. SIAM J. Comput. 36(6), 1513–1543 (2007)
Dwork, C., Naor, M., Reingold, O.: Immunizing encryption schemes from decryption errors. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 342–360. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_21
Goldreich, O.: The Foundations of Cryptography - Volume 2: Basic Applications. Cambridge University Press, Cambridge (2004)
Goldreich, O., Rubinfeld, R., Sudan, M.: Learning polynomials with queries: the highly noisy case. SIAM J. Discret. Math. 13(4), 535–570 (2000)
Haitner, I., Hoch, J.J., Reingold, O., Segev, G.: Finding collisions in interactive protocols - tight lower bounds on the round and communication complexities of statistically hiding commitments. SIAM J. Comput. 44(1), 193–242 (2015)
Holmgren, J., Lombardi, A.: Cryptographic hashing from strong one-way functions (or: one-way product functions and their applications). In: Thorup, M. (ed.) 59th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2018, Paris, France, 7–9 October 2018, pp. 850–858. IEEE Computer Society (2018)
Hsiao, C.-Y., Reyzin, L.: Finding collisions on a public road, or do secure hash functions need secret coins? In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 92–105. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_6
Impagliazzo, R., Luby, M.: One-way functions are essential for complexity based cryptography (extended abstract). In: 30th Annual Symposium on Foundations of Computer Science, Research Triangle Park, North Carolina, USA, 30 October–1 November 1989, pp. 230–235. IEEE Computer Society (1989)
Joux, A.: Multicollisions in iterated hash functions. Application to cascaded constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_19
Komargodski, I., Naor, M., Yogev, E.: White-box vs. black-box complexity of search problems: ramsey and graph property testing. In: Umans, C. (ed.) 58th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2017, Berkeley, CA, USA, 15–17 October 2017, pp. 622–632. IEEE Computer Society (2017)
Komargodski, I., Naor, M., Yogev, E.: Collision resistant hashing for paranoids: dealing with multiple collisions. In: Nielsen and Rijmen [NR18], pp. 162–194
Komargodski, I., Yogev, E.: On distributional collision resistant hashing. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part II. LNCS, vol. 10992, pp. 303–327. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_11
Lautemann, C.: BPP and the polynomial hierarchy. Inf. Process. Lett. 17(4), 215–217 (1983)
Naor, M.: Bit commitment using pseudo-randomness. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 128–136. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_13
Nielsen, J.B., Rijmen, V. (eds.): Advances in Cryptology - EUROCRYPT 2018, Part II. LNCS, vol. 10821. Springer, Cham (2018)
Nandi, M., Stinson, D.R.: Multicollision attacks on some generalized sequential hash functions. IEEE Trans. Inf. Theory 53(2), 759–767 (2007)
Personal communication with the authors of [KNY18]
Shoup, V.: New algorithms for finding irreducible polynomials over finite fields. In: 29th Annual Symposium on Foundations of Computer Science, White Plains, New York, USA, 24–26 October 1988, pp. 283–290 (1988)
Simon, D.R.: Finding collisions on a one-way street: can secure hash functions be based on general assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 334–345. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054137
Sudan, M.: Decoding of Reed Solomon codes beyond the error-correction bound. J. Complex. 13(1), 180–193 (1997)
Yu, H., Wang, X.: Multi-collision attack on the compression functions of MD4 and 3-Pass HAVAL. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 206–226. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76788-6_17
Acknowledgments
We thank Itay Berman and Akshay Degwekar for being part of much of our exploration of multicollision resistance, for helpful discussions, and for their collaboration in general. We also thank Iftach Haitner for helpful discussions.
Rothblum was supported in part by the Israeli Science Foundation (Grants No. 1262/18 and 2137/19), by grants from the Technion Hiroshi Fujiwara cyber security research center and Israel cyber directorate, and by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Research Council. Neither the European Union nor the granting authority can be held responsible for them.
Vasudevan was supported by funds from an NUS Presidential Young Professorship.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 International Association for Cryptologic Research
About this paper
Cite this paper
Rothblum, R.D., Vasudevan, P.N. (2022). Collision-Resistance from Multi-Collision-Resistance. In: Dodis, Y., Shrimpton, T. (eds) Advances in Cryptology – CRYPTO 2022. CRYPTO 2022. Lecture Notes in Computer Science, vol 13509. Springer, Cham. https://doi.org/10.1007/978-3-031-15982-4_17
Download citation
DOI: https://doi.org/10.1007/978-3-031-15982-4_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-15981-7
Online ISBN: 978-3-031-15982-4
eBook Packages: Computer ScienceComputer Science (R0)
