ABSTRACT
We introduce a new notion of multi-collision resistance for keyless hash functions. This is a natural relaxation of collision resistance where it is hard to find multiple inputs with the same hash in the following sense. The number of colliding inputs that a polynomial-time non-uniform adversary can find is not much larger than its advice. We discuss potential candidates for this notion and study its applications.
Assuming the existence of such hash functions, we resolve the long-standing question of the round complexity of zero knowledge protocols --- we construct a 3-message zero knowledge argument against arbitrary polynomial-size non-uniform adversaries. We also improve the round complexity in several other central applications, including a 3-message succinct argument of knowledge for NP, a 4-message zero-knowledge proof, and a 5-message public-coin zero-knowledge argument. Our techniques can also be applied in the keyed setting, where we match the round complexity of known protocols while relaxing the underlying assumption from collision-resistance to keyed multi-collision resistance.
The core technical contribution behind our results is a domain extension transformation from multi-collision-resistant hash functions for a fixed input length to ones with an arbitrary input length and a local opening property. The transformation is based on a combination of classical domain extension techniques, together with new information-theoretic tools. In particular, we define and construct a new variant of list-recoverable codes, which may be of independent interest.
Supplemental Material
- Benny Applebaum. 2016. Cryptographic Hardness of Random Local Functions - Survey. Computational Complexity 25, 3 (2016), 667–722. s00037- 015- 0121- 8 Google ScholarDigital Library
- Benny Applebaum and Yoni Moses. 2013.Google Scholar
- Locally Computable UOWHF with Linear Shrinkage. In Advances in Cryptology - EUROCRYPT 2013, 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, May 26-30, 2013. Proceedings. 486–502. 3- 642- 38348- 9_29Google Scholar
- Boaz Barak. 2001. How to Go Beyond the Black-Box Simulation Barrier. In 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, 14-17 October 2001, Las Vegas, Nevada, USA. 106–115. Google ScholarDigital Library
- Boaz Barak and Oded Goldreich. 2008. Universal Arguments and their Applications. SIAM J. Comput. 38, 5 (2008), 1661–1694. Google ScholarDigital Library
- Boaz Barak, Yehuda Lindell, and Salil P. Vadhan. 2003. Lower Bounds for Non-Black-Box Zero Knowledge. In 44th Symposium on Foundations of Computer Science (FOCS 2003), 11-14 October 2003, Cambridge, MA, USA, Proceedings. 384– 393. Google ScholarDigital Library
- Mihir Bellare, Markus Jakobsson, and Moti Yung. 1997. Round-Optimal Zero-Knowledge Arguments Based on any One-Way Function. In Advances in Cryptology - EUROCRYPT ’97, International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany, May 11-15, 1997, Proceeding. 280–305. Google ScholarDigital Library
- Mihir Bellare and Adriana Palacio. 2004. The Knowledge-of-Exponent Assumptions and 3-Round Zero-Knowledge Protocols. In Proceedings of the 24th Annual International Cryptology Conference. 273–289.Google ScholarCross Ref
- Mihir Bellare and Phillip Rogaway. 1993. Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In CCS ’93, Proceedings of the 1st ACM Conference on Computer and Communications Security, Fairfax, Virginia, USA, November 3-5, 1993. 62–73. Google ScholarDigital Library
- Itay Berman, Akshay Degwekar, Ron D. Rothblum, and Prashant Nalini Vasudevan. 2017. Multi Collision Resistant Hash Functions and their Applications. Cryptology ePrint Archive, Report 2017/489. (2017). http://eprint.iacr.org/2017/489.Google Scholar
- Nir Bitansky, Zvika Brakerski, Yael Tauman Kalai, Omer Paneth, and Vinod Vaikuntanathan. 2016. 3-Message Zero Knowledge Against Human Ignorance. In Theory of Cryptography - 14th International Conference, TCC 2016-B, Beijing, China, October 31 - November 3, 2016, Proceedings, Part I. 57–83. Google ScholarDigital Library
- Nir Bitansky, Ran Canetti, Alessandro Chiesa, Shafi Goldwasser, Huijia Lin, Aviad Rubinstein, and Eran Tromer. 2014. The Hunting of the SNARK. IACR Cryptology ePrint Archive 2014 (2014), 580. http://eprint.iacr.org/2014/580Google Scholar
- Nir Bitansky, Ran Canetti, Alessandro Chiesa, and Eran Tromer. 2013. Recursive composition and bootstrapping for SNARKS and proof-carrying data. In STOC. 111–120. Google ScholarDigital Library
- Nir Bitansky, Ran Canetti, Omer Paneth, and Alon Rosen. 2014. On the existence of extractable one-way functions. In Symposium on Theory of Computing, STOC 2014, New York, NY, USA, May 31 - June 03, 2014. 505–514. Google ScholarDigital Library
- John Black, Phillip Rogaway, and Thomas Shrimpton. 2002. Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV. In Advances STOC’18, June 25–29, 2018, Los Angeles, CA, USA Nir Bitansky, Yael Tauman Kalai, and Omer Paneth in Cryptology - CRYPTO 2002, 22nd Annual International Cryptology Conference, Santa Barbara, California, USA, August 18-22, 2002, Proceedings. 320–335. 540- 45708- 9_21 Google ScholarDigital Library
- Manuel Blum, William S. Evans, Peter Gemmell, Sampath Kannan, and Moni Naor. 1994. Checking the Correctness of Memories. Algorithmica 12, 2/3 (1994), 225–244. Google ScholarDigital Library
- Ran Canetti and Ronny Ramzi Dakdouk. 2009. Towards a Theory of Extractable Functions. In TCC. 595–613. Google ScholarDigital Library
- Ran Canetti, Oded Goldreich, and Shai Halevi. 2004. The random oracle methodology, revisited. J. ACM 51, 4 (2004), 557–594. Google ScholarDigital Library
- 1008734Google Scholar
- Kai-Min Chung, Yael Tauman Kalai, Feng-Hao Liu, and Ran Raz. 2011. Memory Delegation. In Advances in Cryptology - CRYPTO 2011 - 31st Annual Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2011. Proceedings. 151–168. 3- 642- 22792- 9_9 Google ScholarDigital Library
- Joan Daemen and Vincent Rijmen. 2002.Google Scholar
- The Design of Rijndael: AES - The Advanced Encryption Standard. Springer. Google ScholarDigital Library
- 3- 662- 04722- 4Google Scholar
- Ivan Damgård. 1989.Google Scholar
- A Design Principle for Hash Functions. In Advances in Cryptology - CRYPTO ’89, 9th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20-24, 1989, Proceedings. 416–427. org/10.1007/0- 387- 34805- 0_39 Google ScholarDigital Library
- Ivan Damgård, Torben P. Pedersen, and Birgit Pfitzmann. 1993. On the Existence of Statistically Hiding Bit Commitment Schemes and Fail-Stop Signatures. In Advances in Cryptology - CRYPTO ’93, 13th Annual International Cryptology Conference, Santa Barbara, California, USA, August 22-26, 1993, Proceedings. 250– 265. 540- 48329- 2_22 Google ScholarDigital Library
- Giovanni Di Crescenzo and Helger Lipmaa. 2008. Succinct NP Proofs from an Extractability Assumption. In Proceedings of the 4th Conference on Computability in Europe. 175–185. Google ScholarDigital Library
- Yevgeniy Dodis and John P. Steinberger. 2011.Google Scholar
- Domain Extension for MACs Beyond the Birthday Barrier. In Advances in Cryptology - EUROCRYPT 2011 - 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, May 15-19, 2011. Proceedings. 323–342. org/10.1007/978- 3- 642- 20465- 4_19Google Scholar
- Cynthia Dwork and Moni Naor. 2007.Google Scholar
- Zaps and Their Applications. SIAM J. Comput. 36, 6 (2007), 1513–1543. Google ScholarDigital Library
- Cynthia Dwork, Moni Naor, Omer Reingold, and Larry J. Stockmeyer. 2003. Magic Functions. J. ACM 50, 6 (2003), 852–921. Google ScholarDigital Library
- Uriel Feige and Adi Shamir. 1989. Zero Knowledge Proofs of Knowledge in Two Rounds. In CRYPTO. 526–544. Google ScholarDigital Library
- Nils Fleischhacker, Vipul Goyal, and Abhishek Jain. 2018. On the Existence of Three Round Zero-Knowledge Proofs. IACR Cryptology ePrint Archive 2018 (2018), 167. http://eprint.iacr.org/2018/167Google Scholar
- Oded Goldreich and Ariel Kahan. 1996.Google Scholar
- How to Construct Constant-Round Zero-Knowledge Proof Systems for NP. J. Cryptology 9, 3 (1996), 167–190. Google ScholarDigital Library
- Oded Goldreich and Hugo Krawczyk. 1996.Google Scholar
- On the Composition of Zero-Knowledge Proof Systems. SIAM J. Comput. 25, 1 (1996), 169–192. Google ScholarDigital Library
- Oded Goldreich, Silvio Micali, and Avi Wigderson. 1991. Proofs that Yield Nothing But Their Validity for All Languages in NP Have Zero-Knowledge Proof Systems. J. ACM 38, 3 (1991), 691–729. Google ScholarDigital Library
- Oded Goldreich and Yair Oren. 1994.Google Scholar
- Definitions and properties of zeroknowledge proof systems. Journal of Cryptology 7, 1 (December 1994), 1–32. Google ScholarDigital Library
- Venkatesan Guruswami and Piotr Indyk. 2001. Expander-Based Constructions of Efficiently Decodable Codes. In 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, 14-17 October 2001, Las Vegas, Nevada, USA. 658–667. Google ScholarDigital Library
- Venkatesan Guruswami, Christopher Umans, and Salil P. Vadhan. 2009. Unbalanced expanders and randomness extractors from Parvaresh-Vardy codes. J. ACM 56, 4 (2009), 20:1–20:34. Google ScholarDigital Library
- Satoshi Hada and Toshiaki Tanaka. 1998.Google Scholar
- On the Existence of 3-Round Zero-Knowledge Protocols. In Proceedings of the 18th Annual International Cryptology Conference. 408–423. Google ScholarDigital Library
- Iftach Haitner, Yuval Ishai, Eran Omri, and Ronen Shaltiel. 2015. Parallel Hashing via List Recoverability. In Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2015, Proceedings, Part II. 173–190. 3- 662- 48000- 7_9Google Scholar
- Iftach Haitner, Omer Reingold, Salil P. Vadhan, and Hoeteck Wee. 2009. Inaccessible entropy. In Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, Bethesda, MD, USA, May 31 - June 2, 2009. 611–620. Google ScholarDigital Library
- Shai Halevi and Silvio Micali. 1996. Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing. In Advances in Cryptology - CRYPTO ’96, 16th Annual International Cryptology Conference, Santa Barbara, California, USA, August 18-22, 1996, Proceedings. 201–215. 540- 68697- 5_ 16 Google ScholarDigital Library
- Russell Impagliazzo and Michael Luby. 1989. One-way Functions are Essential for Complexity Based Cryptography (Extended Abstract). In 30th Annual Symposium on Foundations of Computer Science, Research Triangle Park, North Carolina, USA, 30 October - 1 November 1989. 230–235. Google ScholarDigital Library
- Antoine Joux. 2004. Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions. In Advances in Cryptology - CRYPTO 2004, 24th Annual International CryptologyConference, Santa Barbara, California, USA, August 15-19, 2004, Proceedings. 306–316. 3- 540- 28628- 8_19Google Scholar
- Yael Tauman Kalai, Ran Raz, and Ron D. Rothblum. 2014.Google Scholar
- How to delegate computations: the power of no-signaling proofs. In Symposium on Theory of Computing, STOC 2014, New York, NY, USA, May 31 - June 03, 2014. 485–494. Google ScholarDigital Library
- Yael Tauman Kalai, Guy N. Rothblum, and Ron D. Rothblum. 2017.Google Scholar
- From Obfuscation to the Security of Fiat-Shamir for Proofs. In Advances in Cryptology - CRYPTO 2017 - 37th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 20-24, 2017, Proceedings, Part II. 224–251. 3- 319- 63715- 0_8Google Scholar
- Jonathan Katz. 2012. Which Languages Have 4-Round Zero-Knowledge Proofs? J. Cryptology 25, 1 (2012), 41–56. 010- 9081y Google ScholarDigital Library
- Joe Kilian. 1992.Google Scholar
- A Note on Efficient Zero-Knowledge Proofs and Arguments (Extended Abstract). In Proceedings of the 24th Annual ACM Symposium on Theory of Computing, May 4-6, 1992, Victoria, British Columbia, Canada. 723–732. Google ScholarDigital Library
- Joe Kilian. 1994. On the complexity of Bounded-Interaction and Noninteractive Zero-Knowledge Proofs. In 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20-22 November 1994. 466–477. org/10.1109/SFCS.1994.365744 Google ScholarDigital Library
- Ilan Komargodski, Moni Naor, and Eylon Yogev. 2017. Collision Resistant Hashing for Paranoids: Dealing with Multiple Collisions. Cryptology ePrint Archive, Report 2017/486. (2017). http://eprint.iacr.org/2017/486.Google Scholar
- Ilan Komargodski, Moni Naor, and Eylon Yogev. 2017. White-Box vs. Black-Box Complexity of Search Problems: Ramsey and Graph Property Testing. Electronic Colloquium on Computational Complexity (ECCC) 24 (2017), 15. https://eccc. weizmann.ac.il/report/2017/015Google Scholar
- Leonid A. Levin. 1987. One-way functions and pseudorandom generators. Combinatorica 7, 4 (1987), 357–363. Google ScholarDigital Library
- Ueli M. Maurer and Stefano Tessaro. 2007. Domain Extension of Public Random Functions: Beyond the Birthday Barrier. In Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings. 187–204. 3- 540- 74143- 5_11 Google ScholarDigital Library
- Nimrod Megiddo and Christos H. Papadimitriou. 1991.Google Scholar
- On Total Functions, Existence Theorems and Computational Complexity. Theor. Comput. Sci. 81, 2 (1991), 317–324. 3975(91)90200-L Google ScholarDigital Library
- Ralph C. Merkle. 1989. A Certified Digital Signature. In Advances in Cryptology - CRYPTO ’89, 9th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20-24, 1989, Proceedings. 218–238. 1007/0- 387- 34805- 0_21 Google Scholar
- Silvio Micali. 2000. Computationally Sound Proofs. SIAM J. Comput. 30, 4 (2000), 1253–1298. Google ScholarDigital Library
- Moni Naor. 2003. On Cryptographic Assumptions and Challenges. In Advances in Cryptology - CRYPTO 2003, 23rd Annual International Cryptology Conference, Santa Barbara, California, USA, August 17-21, 2003, Proceedings. 96–109. 3- 540- 45146- 4_6Google Scholar
- Rafail Ostrovsky and Ivan Visconti. 2012. Simultaneous Resettability from Collision Resistance. Electronic Colloquium on Computational Complexity (ECCC) 19 (2012), 164. http://eccc.hpiweb.de/report/2012/164Google Scholar
- Rafael Pass. 2003. Simulation in Quasi-Polynomial Time, and Its Application to Protocol Composition. In EUROCRYPT. 160–176. Google ScholarDigital Library
- Phillip Rogaway. 2006. Formalizing Human Ignorance. In Progressin Cryptology - VIETCRYPT 2006, First International Conferenceon Cryptology in Vietnam, Hanoi, Vietnam, September 25-28, 2006, Revised Selected Papers. 211–228. Google ScholarDigital Library
- Dominique Unruh. 2007.Google Scholar
Index Terms
- Multi-collision resistance: a paradigm for keyless hash functions
Recommendations
Hash combiners for second pre-image resistance, target collision resistance and pre-image resistance have long output
SCN'12: Proceedings of the 8th international conference on Security and Cryptography for NetworksA (k,l) hash-function combiner for property P is a construction that, given access to l hash functions, yields a single cryptographic hash function which has property P as long as at least k out of the l hash functions have that property. Hash function ...
Amplifying collision resistance: a complexity-theoretic treatment
CRYPTO'07: Proceedings of the 27th annual international cryptology conference on Advances in cryptologyWe initiate a complexity-theoretic treatment of hardness amplification for collision-resistant hash functions, namely the transformation of weakly collision-resistant hash functions into strongly collision-resistant ones in the standard model of ...
Cryptanalysis of Hash Functions with Structures
Selected Areas in CryptographyHash function cryptanalysis has acquired many methods, tools and tricks from other areas, mostly block ciphers. In this paper another trick from block cipher cryptanalysis, the structures, is used for speeding up the collision search. We investigate the ...
Comments