Multi-collision resistance: A paradigm for keyless hash functions

Nir Bitansky; Yael Tauman Kalai; Omer Paneth

doi:10.1145/3188745.3188870

Multi-collision resistance: A paradigm for keyless hash functions

Nir Bitansky^*, Yael Tauman Kalai, Omer Paneth

^*Corresponding author for this work

School of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

43 Scopus citations

Abstract

We introduce a new notion of multi-collision resistance for keyless hash functions. This is a natural relaxation of collision resistance where it is hard to find multiple inputs with the same hash in the following sense. The number of colliding inputs that a polynomial-time non-uniform adversary can find is not much larger than its advice. We discuss potential candidates for this notion and study its applications. Assuming the existence of such hash functions, we resolve the long-standing question of the round complexity of zero knowledge protocols — we construct a 3-message zero knowledge argument against arbitrary polynomial-size non-uniform adversaries. We also improve the round complexity in several other central applications, including a 3-message succinct argument of knowledge for NP, a 4-message zero-knowledge proof, and a 5-message public-coin zero-knowledge argument. Our techniques can also be applied in the keyed setting, where we match the round complexity of known protocols while relaxing the underlying assumption from collision-resistance to keyed multi-collision resistance. The core technical contribution behind our results is a domain extension transformation from multi-collision-resistant hash functions for a fixed input length to ones with an arbitrary input length and a local opening property. The transformation is based on a combination of classical domain extension techniques, together with new information-theoretic tools. In particular, we define and construct a new variant of list-recoverable codes, which May be of independent interest.

Original language	English
Title of host publication	STOC 2018 - Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing
Editors	Monika Henzinger, David Kempe, Ilias Diakonikolas
Publisher	Association for Computing Machinery
Pages	1283-1296
Number of pages	14
ISBN (Electronic)	9781450355599
DOIs	https://doi.org/10.1145/3188745.3188870
State	Published - 20 Jun 2018
Event	50th Annual ACM Symposium on Theory of Computing, STOC 2018 - Los Angeles, United States Duration: 25 Jun 2018 → 29 Jun 2018

Publication series

Name	Proceedings of the Annual ACM Symposium on Theory of Computing
ISSN (Print)	0737-8017

Conference

Conference	50th Annual ACM Symposium on Theory of Computing, STOC 2018
Country/Territory	United States
City	Los Angeles
Period	25/06/18 → 29/06/18

Funding

Funders	Funder number
U.S. Army	W911NF-15-C-0236, W911NF-15-C-0226
Norsk Sykepleierforbund	CNS-1350619, CNS-1414119

Keywords

Hash functions
Succinct arguments
Zero knowledge

Access to Document

10.1145/3188745.3188870

Cite this

Bitansky, N., Kalai, Y. T., & Paneth, O. (2018). Multi-collision resistance: A paradigm for keyless hash functions. In M. Henzinger, D. Kempe, & I. Diakonikolas (Eds.), STOC 2018 - Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing (pp. 1283-1296). (Proceedings of the Annual ACM Symposium on Theory of Computing). Association for Computing Machinery. https://doi.org/10.1145/3188745.3188870

Bitansky, Nir ; Kalai, Yael Tauman ; Paneth, Omer. / Multi-collision resistance : A paradigm for keyless hash functions. STOC 2018 - Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing. editor / Monika Henzinger ; David Kempe ; Ilias Diakonikolas. Association for Computing Machinery, 2018. pp. 1283-1296 (Proceedings of the Annual ACM Symposium on Theory of Computing).

@inproceedings{52e0853eeafc416db3d52767eaa65543,

title = "Multi-collision resistance: A paradigm for keyless hash functions",

abstract = "We introduce a new notion of multi-collision resistance for keyless hash functions. This is a natural relaxation of collision resistance where it is hard to find multiple inputs with the same hash in the following sense. The number of colliding inputs that a polynomial-time non-uniform adversary can find is not much larger than its advice. We discuss potential candidates for this notion and study its applications. Assuming the existence of such hash functions, we resolve the long-standing question of the round complexity of zero knowledge protocols — we construct a 3-message zero knowledge argument against arbitrary polynomial-size non-uniform adversaries. We also improve the round complexity in several other central applications, including a 3-message succinct argument of knowledge for NP, a 4-message zero-knowledge proof, and a 5-message public-coin zero-knowledge argument. Our techniques can also be applied in the keyed setting, where we match the round complexity of known protocols while relaxing the underlying assumption from collision-resistance to keyed multi-collision resistance. The core technical contribution behind our results is a domain extension transformation from multi-collision-resistant hash functions for a fixed input length to ones with an arbitrary input length and a local opening property. The transformation is based on a combination of classical domain extension techniques, together with new information-theoretic tools. In particular, we define and construct a new variant of list-recoverable codes, which May be of independent interest.",

keywords = "Hash functions, Succinct arguments, Zero knowledge",

author = "Nir Bitansky and Kalai, {Yael Tauman} and Omer Paneth",

note = "Publisher Copyright: {\textcopyright} 2018 Association for Computing Machinery.; 50th Annual ACM Symposium on Theory of Computing, STOC 2018 ; Conference date: 25-06-2018 Through 29-06-2018",

year = "2018",

month = jun,

day = "20",

doi = "10.1145/3188745.3188870",

language = "אנגלית",

series = "Proceedings of the Annual ACM Symposium on Theory of Computing",

publisher = "Association for Computing Machinery",

pages = "1283--1296",

editor = "Monika Henzinger and David Kempe and Ilias Diakonikolas",

booktitle = "STOC 2018 - Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing",

address = "ארצות הברית",

}

Bitansky, N, Kalai, YT & Paneth, O 2018, Multi-collision resistance: A paradigm for keyless hash functions. in M Henzinger, D Kempe & I Diakonikolas (eds), STOC 2018 - Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing. Proceedings of the Annual ACM Symposium on Theory of Computing, Association for Computing Machinery, pp. 1283-1296, 50th Annual ACM Symposium on Theory of Computing, STOC 2018, Los Angeles, United States, 25/06/18. https://doi.org/10.1145/3188745.3188870

Multi-collision resistance: A paradigm for keyless hash functions. / Bitansky, Nir; Kalai, Yael Tauman; Paneth, Omer.
STOC 2018 - Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing. ed. / Monika Henzinger; David Kempe; Ilias Diakonikolas. Association for Computing Machinery, 2018. p. 1283-1296 (Proceedings of the Annual ACM Symposium on Theory of Computing).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Multi-collision resistance

T2 - 50th Annual ACM Symposium on Theory of Computing, STOC 2018

AU - Bitansky, Nir

AU - Kalai, Yael Tauman

AU - Paneth, Omer

PY - 2018/6/20

Y1 - 2018/6/20

N2 - We introduce a new notion of multi-collision resistance for keyless hash functions. This is a natural relaxation of collision resistance where it is hard to find multiple inputs with the same hash in the following sense. The number of colliding inputs that a polynomial-time non-uniform adversary can find is not much larger than its advice. We discuss potential candidates for this notion and study its applications. Assuming the existence of such hash functions, we resolve the long-standing question of the round complexity of zero knowledge protocols — we construct a 3-message zero knowledge argument against arbitrary polynomial-size non-uniform adversaries. We also improve the round complexity in several other central applications, including a 3-message succinct argument of knowledge for NP, a 4-message zero-knowledge proof, and a 5-message public-coin zero-knowledge argument. Our techniques can also be applied in the keyed setting, where we match the round complexity of known protocols while relaxing the underlying assumption from collision-resistance to keyed multi-collision resistance. The core technical contribution behind our results is a domain extension transformation from multi-collision-resistant hash functions for a fixed input length to ones with an arbitrary input length and a local opening property. The transformation is based on a combination of classical domain extension techniques, together with new information-theoretic tools. In particular, we define and construct a new variant of list-recoverable codes, which May be of independent interest.

AB - We introduce a new notion of multi-collision resistance for keyless hash functions. This is a natural relaxation of collision resistance where it is hard to find multiple inputs with the same hash in the following sense. The number of colliding inputs that a polynomial-time non-uniform adversary can find is not much larger than its advice. We discuss potential candidates for this notion and study its applications. Assuming the existence of such hash functions, we resolve the long-standing question of the round complexity of zero knowledge protocols — we construct a 3-message zero knowledge argument against arbitrary polynomial-size non-uniform adversaries. We also improve the round complexity in several other central applications, including a 3-message succinct argument of knowledge for NP, a 4-message zero-knowledge proof, and a 5-message public-coin zero-knowledge argument. Our techniques can also be applied in the keyed setting, where we match the round complexity of known protocols while relaxing the underlying assumption from collision-resistance to keyed multi-collision resistance. The core technical contribution behind our results is a domain extension transformation from multi-collision-resistant hash functions for a fixed input length to ones with an arbitrary input length and a local opening property. The transformation is based on a combination of classical domain extension techniques, together with new information-theoretic tools. In particular, we define and construct a new variant of list-recoverable codes, which May be of independent interest.

KW - Hash functions

KW - Succinct arguments

KW - Zero knowledge

UR - http://www.scopus.com/inward/record.url?scp=85049919043&partnerID=8YFLogxK

U2 - 10.1145/3188745.3188870

DO - 10.1145/3188745.3188870

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85049919043

T3 - Proceedings of the Annual ACM Symposium on Theory of Computing

SP - 1283

EP - 1296

BT - STOC 2018 - Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing

A2 - Henzinger, Monika

A2 - Kempe, David

A2 - Diakonikolas, Ilias

PB - Association for Computing Machinery

Y2 - 25 June 2018 through 29 June 2018

ER -

Bitansky N, Kalai YT, Paneth O. Multi-collision resistance: A paradigm for keyless hash functions. In Henzinger M, Kempe D, Diakonikolas I, editors, STOC 2018 - Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing. Association for Computing Machinery. 2018. p. 1283-1296. (Proceedings of the Annual ACM Symposium on Theory of Computing). doi: 10.1145/3188745.3188870

Multi-collision resistance: A paradigm for keyless hash functions

Abstract

Publication series

Conference

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this