research-article

Multi-collision resistance: a paradigm for keyless hash functions

Authors:
Nir Bitansky

Tel Aviv University, Israel

Tel Aviv University, Israel
View Profile

,
Yael Tauman Kalai

Microsoft, USA

Microsoft, USA
View Profile

,
Omer Paneth

Massachusetts Institute of Technology, USA

Massachusetts Institute of Technology, USA
View Profile

STOC 2018: Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of ComputingJune 2018Pages 671–684https://doi.org/10.1145/3188745.3188870

Published:20 June 2018Publication History

STOC 2018: Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing

Pages 671–684

ABSTRACT

We introduce a new notion of multi-collision resistance for keyless hash functions. This is a natural relaxation of collision resistance where it is hard to find multiple inputs with the same hash in the following sense. The number of colliding inputs that a polynomial-time non-uniform adversary can find is not much larger than its advice. We discuss potential candidates for this notion and study its applications.

Assuming the existence of such hash functions, we resolve the long-standing question of the round complexity of zero knowledge protocols --- we construct a 3-message zero knowledge argument against arbitrary polynomial-size non-uniform adversaries. We also improve the round complexity in several other central applications, including a 3-message succinct argument of knowledge for NP, a 4-message zero-knowledge proof, and a 5-message public-coin zero-knowledge argument. Our techniques can also be applied in the keyed setting, where we match the round complexity of known protocols while relaxing the underlying assumption from collision-resistance to keyed multi-collision resistance.

The core technical contribution behind our results is a domain extension transformation from multi-collision-resistant hash functions for a fixed input length to ones with an arbitrary input length and a local opening property. The transformation is based on a combination of classical domain extension techniques, together with new information-theoretic tools. In particular, we define and construct a new variant of list-recoverable codes, which may be of independent interest.

Supplemental Material

5b-2.mp4

mp4

28.6 MB

Download

References

Benny Applebaum. 2016. Cryptographic Hardness of Random Local Functions - Survey. Computational Complexity 25, 3 (2016), 667–722. s00037- 015- 0121- 8 Google ScholarDigital Library
Benny Applebaum and Yoni Moses. 2013.Google Scholar
Locally Computable UOWHF with Linear Shrinkage. In Advances in Cryptology - EUROCRYPT 2013, 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, May 26-30, 2013. Proceedings. 486–502. 3- 642- 38348- 9_29Google Scholar
Boaz Barak. 2001. How to Go Beyond the Black-Box Simulation Barrier. In 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, 14-17 October 2001, Las Vegas, Nevada, USA. 106–115. Google ScholarDigital Library
Boaz Barak and Oded Goldreich. 2008. Universal Arguments and their Applications. SIAM J. Comput. 38, 5 (2008), 1661–1694. Google ScholarDigital Library
Boaz Barak, Yehuda Lindell, and Salil P. Vadhan. 2003. Lower Bounds for Non-Black-Box Zero Knowledge. In 44th Symposium on Foundations of Computer Science (FOCS 2003), 11-14 October 2003, Cambridge, MA, USA, Proceedings. 384– 393. Google ScholarDigital Library
Mihir Bellare, Markus Jakobsson, and Moti Yung. 1997. Round-Optimal Zero-Knowledge Arguments Based on any One-Way Function. In Advances in Cryptology - EUROCRYPT ’97, International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany, May 11-15, 1997, Proceeding. 280–305. Google ScholarDigital Library
Mihir Bellare and Adriana Palacio. 2004. The Knowledge-of-Exponent Assumptions and 3-Round Zero-Knowledge Protocols. In Proceedings of the 24th Annual International Cryptology Conference. 273–289.Google ScholarCross Ref
Mihir Bellare and Phillip Rogaway. 1993. Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In CCS ’93, Proceedings of the 1st ACM Conference on Computer and Communications Security, Fairfax, Virginia, USA, November 3-5, 1993. 62–73. Google ScholarDigital Library
Itay Berman, Akshay Degwekar, Ron D. Rothblum, and Prashant Nalini Vasudevan. 2017. Multi Collision Resistant Hash Functions and their Applications. Cryptology ePrint Archive, Report 2017/489. (2017). http://eprint.iacr.org/2017/489.Google Scholar
Nir Bitansky, Zvika Brakerski, Yael Tauman Kalai, Omer Paneth, and Vinod Vaikuntanathan. 2016. 3-Message Zero Knowledge Against Human Ignorance. In Theory of Cryptography - 14th International Conference, TCC 2016-B, Beijing, China, October 31 - November 3, 2016, Proceedings, Part I. 57–83. Google ScholarDigital Library
Nir Bitansky, Ran Canetti, Alessandro Chiesa, Shafi Goldwasser, Huijia Lin, Aviad Rubinstein, and Eran Tromer. 2014. The Hunting of the SNARK. IACR Cryptology ePrint Archive 2014 (2014), 580. http://eprint.iacr.org/2014/580Google Scholar
Nir Bitansky, Ran Canetti, Alessandro Chiesa, and Eran Tromer. 2013. Recursive composition and bootstrapping for SNARKS and proof-carrying data. In STOC. 111–120. Google ScholarDigital Library
Nir Bitansky, Ran Canetti, Omer Paneth, and Alon Rosen. 2014. On the existence of extractable one-way functions. In Symposium on Theory of Computing, STOC 2014, New York, NY, USA, May 31 - June 03, 2014. 505–514. Google ScholarDigital Library
John Black, Phillip Rogaway, and Thomas Shrimpton. 2002. Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV. In Advances STOC’18, June 25–29, 2018, Los Angeles, CA, USA Nir Bitansky, Yael Tauman Kalai, and Omer Paneth in Cryptology - CRYPTO 2002, 22nd Annual International Cryptology Conference, Santa Barbara, California, USA, August 18-22, 2002, Proceedings. 320–335. 540- 45708- 9_21 Google ScholarDigital Library
Manuel Blum, William S. Evans, Peter Gemmell, Sampath Kannan, and Moni Naor. 1994. Checking the Correctness of Memories. Algorithmica 12, 2/3 (1994), 225–244. Google ScholarDigital Library
Ran Canetti and Ronny Ramzi Dakdouk. 2009. Towards a Theory of Extractable Functions. In TCC. 595–613. Google ScholarDigital Library
Ran Canetti, Oded Goldreich, and Shai Halevi. 2004. The random oracle methodology, revisited. J. ACM 51, 4 (2004), 557–594. Google ScholarDigital Library
1008734Google Scholar
Kai-Min Chung, Yael Tauman Kalai, Feng-Hao Liu, and Ran Raz. 2011. Memory Delegation. In Advances in Cryptology - CRYPTO 2011 - 31st Annual Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2011. Proceedings. 151–168. 3- 642- 22792- 9_9 Google ScholarDigital Library
Joan Daemen and Vincent Rijmen. 2002.Google Scholar
The Design of Rijndael: AES - The Advanced Encryption Standard. Springer. Google ScholarDigital Library
3- 662- 04722- 4Google Scholar
Ivan Damgård. 1989.Google Scholar
A Design Principle for Hash Functions. In Advances in Cryptology - CRYPTO ’89, 9th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20-24, 1989, Proceedings. 416–427. org/10.1007/0- 387- 34805- 0_39 Google ScholarDigital Library
Ivan Damgård, Torben P. Pedersen, and Birgit Pfitzmann. 1993. On the Existence of Statistically Hiding Bit Commitment Schemes and Fail-Stop Signatures. In Advances in Cryptology - CRYPTO ’93, 13th Annual International Cryptology Conference, Santa Barbara, California, USA, August 22-26, 1993, Proceedings. 250– 265. 540- 48329- 2_22 Google ScholarDigital Library
Giovanni Di Crescenzo and Helger Lipmaa. 2008. Succinct NP Proofs from an Extractability Assumption. In Proceedings of the 4th Conference on Computability in Europe. 175–185. Google ScholarDigital Library
Yevgeniy Dodis and John P. Steinberger. 2011.Google Scholar
Domain Extension for MACs Beyond the Birthday Barrier. In Advances in Cryptology - EUROCRYPT 2011 - 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, May 15-19, 2011. Proceedings. 323–342. org/10.1007/978- 3- 642- 20465- 4_19Google Scholar
Cynthia Dwork and Moni Naor. 2007.Google Scholar
Zaps and Their Applications. SIAM J. Comput. 36, 6 (2007), 1513–1543. Google ScholarDigital Library
Cynthia Dwork, Moni Naor, Omer Reingold, and Larry J. Stockmeyer. 2003. Magic Functions. J. ACM 50, 6 (2003), 852–921. Google ScholarDigital Library
Uriel Feige and Adi Shamir. 1989. Zero Knowledge Proofs of Knowledge in Two Rounds. In CRYPTO. 526–544. Google ScholarDigital Library
Nils Fleischhacker, Vipul Goyal, and Abhishek Jain. 2018. On the Existence of Three Round Zero-Knowledge Proofs. IACR Cryptology ePrint Archive 2018 (2018), 167. http://eprint.iacr.org/2018/167Google Scholar
Oded Goldreich and Ariel Kahan. 1996.Google Scholar
How to Construct Constant-Round Zero-Knowledge Proof Systems for NP. J. Cryptology 9, 3 (1996), 167–190. Google ScholarDigital Library
Oded Goldreich and Hugo Krawczyk. 1996.Google Scholar
On the Composition of Zero-Knowledge Proof Systems. SIAM J. Comput. 25, 1 (1996), 169–192. Google ScholarDigital Library
Oded Goldreich, Silvio Micali, and Avi Wigderson. 1991. Proofs that Yield Nothing But Their Validity for All Languages in NP Have Zero-Knowledge Proof Systems. J. ACM 38, 3 (1991), 691–729. Google ScholarDigital Library
Oded Goldreich and Yair Oren. 1994.Google Scholar
Definitions and properties of zeroknowledge proof systems. Journal of Cryptology 7, 1 (December 1994), 1–32. Google ScholarDigital Library
Venkatesan Guruswami and Piotr Indyk. 2001. Expander-Based Constructions of Efficiently Decodable Codes. In 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, 14-17 October 2001, Las Vegas, Nevada, USA. 658–667. Google ScholarDigital Library
Venkatesan Guruswami, Christopher Umans, and Salil P. Vadhan. 2009. Unbalanced expanders and randomness extractors from Parvaresh-Vardy codes. J. ACM 56, 4 (2009), 20:1–20:34. Google ScholarDigital Library
Satoshi Hada and Toshiaki Tanaka. 1998.Google Scholar
On the Existence of 3-Round Zero-Knowledge Protocols. In Proceedings of the 18th Annual International Cryptology Conference. 408–423. Google ScholarDigital Library
Iftach Haitner, Yuval Ishai, Eran Omri, and Ronen Shaltiel. 2015. Parallel Hashing via List Recoverability. In Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2015, Proceedings, Part II. 173–190. 3- 662- 48000- 7_9Google Scholar
Iftach Haitner, Omer Reingold, Salil P. Vadhan, and Hoeteck Wee. 2009. Inaccessible entropy. In Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, Bethesda, MD, USA, May 31 - June 2, 2009. 611–620. Google ScholarDigital Library
Shai Halevi and Silvio Micali. 1996. Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing. In Advances in Cryptology - CRYPTO ’96, 16th Annual International Cryptology Conference, Santa Barbara, California, USA, August 18-22, 1996, Proceedings. 201–215. 540- 68697- 5_ 16 Google ScholarDigital Library
Russell Impagliazzo and Michael Luby. 1989. One-way Functions are Essential for Complexity Based Cryptography (Extended Abstract). In 30th Annual Symposium on Foundations of Computer Science, Research Triangle Park, North Carolina, USA, 30 October - 1 November 1989. 230–235. Google ScholarDigital Library
Antoine Joux. 2004. Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions. In Advances in Cryptology - CRYPTO 2004, 24th Annual International CryptologyConference, Santa Barbara, California, USA, August 15-19, 2004, Proceedings. 306–316. 3- 540- 28628- 8_19Google Scholar
Yael Tauman Kalai, Ran Raz, and Ron D. Rothblum. 2014.Google Scholar
How to delegate computations: the power of no-signaling proofs. In Symposium on Theory of Computing, STOC 2014, New York, NY, USA, May 31 - June 03, 2014. 485–494. Google ScholarDigital Library
Yael Tauman Kalai, Guy N. Rothblum, and Ron D. Rothblum. 2017.Google Scholar
From Obfuscation to the Security of Fiat-Shamir for Proofs. In Advances in Cryptology - CRYPTO 2017 - 37th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 20-24, 2017, Proceedings, Part II. 224–251. 3- 319- 63715- 0_8Google Scholar
Jonathan Katz. 2012. Which Languages Have 4-Round Zero-Knowledge Proofs? J. Cryptology 25, 1 (2012), 41–56. 010- 9081y Google ScholarDigital Library
Joe Kilian. 1992.Google Scholar
A Note on Efficient Zero-Knowledge Proofs and Arguments (Extended Abstract). In Proceedings of the 24th Annual ACM Symposium on Theory of Computing, May 4-6, 1992, Victoria, British Columbia, Canada. 723–732. Google ScholarDigital Library
Joe Kilian. 1994. On the complexity of Bounded-Interaction and Noninteractive Zero-Knowledge Proofs. In 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20-22 November 1994. 466–477. org/10.1109/SFCS.1994.365744 Google ScholarDigital Library
Ilan Komargodski, Moni Naor, and Eylon Yogev. 2017. Collision Resistant Hashing for Paranoids: Dealing with Multiple Collisions. Cryptology ePrint Archive, Report 2017/486. (2017). http://eprint.iacr.org/2017/486.Google Scholar
Ilan Komargodski, Moni Naor, and Eylon Yogev. 2017. White-Box vs. Black-Box Complexity of Search Problems: Ramsey and Graph Property Testing. Electronic Colloquium on Computational Complexity (ECCC) 24 (2017), 15. https://eccc. weizmann.ac.il/report/2017/015Google Scholar
Leonid A. Levin. 1987. One-way functions and pseudorandom generators. Combinatorica 7, 4 (1987), 357–363. Google ScholarDigital Library
Ueli M. Maurer and Stefano Tessaro. 2007. Domain Extension of Public Random Functions: Beyond the Birthday Barrier. In Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings. 187–204. 3- 540- 74143- 5_11 Google ScholarDigital Library
Nimrod Megiddo and Christos H. Papadimitriou. 1991.Google Scholar
On Total Functions, Existence Theorems and Computational Complexity. Theor. Comput. Sci. 81, 2 (1991), 317–324. 3975(91)90200-L Google ScholarDigital Library
Ralph C. Merkle. 1989. A Certified Digital Signature. In Advances in Cryptology - CRYPTO ’89, 9th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20-24, 1989, Proceedings. 218–238. 1007/0- 387- 34805- 0_21 Google Scholar
Silvio Micali. 2000. Computationally Sound Proofs. SIAM J. Comput. 30, 4 (2000), 1253–1298. Google ScholarDigital Library
Moni Naor. 2003. On Cryptographic Assumptions and Challenges. In Advances in Cryptology - CRYPTO 2003, 23rd Annual International Cryptology Conference, Santa Barbara, California, USA, August 17-21, 2003, Proceedings. 96–109. 3- 540- 45146- 4_6Google Scholar
Rafail Ostrovsky and Ivan Visconti. 2012. Simultaneous Resettability from Collision Resistance. Electronic Colloquium on Computational Complexity (ECCC) 19 (2012), 164. http://eccc.hpiweb.de/report/2012/164Google Scholar
Rafael Pass. 2003. Simulation in Quasi-Polynomial Time, and Its Application to Protocol Composition. In EUROCRYPT. 160–176. Google ScholarDigital Library
Phillip Rogaway. 2006. Formalizing Human Ignorance. In Progressin Cryptology - VIETCRYPT 2006, First International Conferenceon Cryptology in Vietnam, Hanoi, Vietnam, September 25-28, 2006, Revised Selected Papers. 211–228. Google ScholarDigital Library
Dominique Unruh. 2007.Google Scholar

Index Terms

Multi-collision resistance: a paradigm for keyless hash functions
1. Security and privacy
  1. Cryptography
    1. Mathematical foundations of cryptography
2. Theory of computation
  1. Computational complexity and cryptography
    1. Cryptographic primitives
    2. Cryptographic protocols

Recommendations

Hash combiners for second pre-image resistance, target collision resistance and pre-image resistance have long output
SCN'12: Proceedings of the 8th international conference on Security and Cryptography for Networks

A (k,l) hash-function combiner for property P is a construction that, given access to l hash functions, yields a single cryptographic hash function which has property P as long as at least k out of the l hash functions have that property. Hash function ...
Read More
Amplifying collision resistance: a complexity-theoretic treatment
CRYPTO'07: Proceedings of the 27th annual international cryptology conference on Advances in cryptology

We initiate a complexity-theoretic treatment of hardness amplification for collision-resistant hash functions, namely the transformation of weakly collision-resistant hash functions into strongly collision-resistant ones in the standard model of ...
Read More
Cryptanalysis of Hash Functions with Structures
Selected Areas in Cryptography

Hash function cryptanalysis has acquired many methods, tools and tricks from other areas, mostly block ciphers. In this paper another trick from block cipher cryptanalysis, the structures, is used for speeding up the collision search. We investigate the ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
STOC 2018: Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing
June 2018
1332 pages
ISBN:9781450355599
DOI:10.1145/3188745
General Chairs:
Ilias Diakonikolas
University of Southern California, USA
,
David Kempe
University of Southern California, USA
,
Program Chair:
Monika Henzinger
University of Vienna, Austria
Copyright © 2018 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 20 June 2018
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
hash functions
succinct arguments
zero knowledge
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate1,469of4,586submissions,32%
Upcoming Conference
STOC '24

Sponsor:

sigact

56th Annual ACM Symposium on Theory of Computing (STOC 2024)

June 24 - 28, 2024

Vancouver , BC , Canada
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 46
  Total Citations
  View Citations
- 280
  Total Downloads
- Downloads (Last 12 months)31
- Downloads (Last 6 weeks)3
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Multi-collision resistance: a paradigm for keyless hash functions

STOC 2018: Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing

ABSTRACT

Supplemental Material

References

Cited By

Index Terms

Recommendations

Hash combiners for second pre-image resistance, target collision resistance and pre-image resistance have long output

Amplifying collision resistance: a complexity-theoretic treatment

Cryptanalysis of Hash Functions with Structures

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Multi-collision resistance: a paradigm for keyless hash functions

STOC 2018: Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing

ABSTRACT

Supplemental Material

References

Cited By

Index Terms

Recommendations

Hash combiners for second pre-image resistance, target collision resistance and pre-image resistance have long output

Amplifying collision resistance: a complexity-theoretic treatment

Cryptanalysis of Hash Functions with Structures

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media