TY - GEN

T1 - Parallel hashing via list recoverability

AU - Haitner, Iftach

AU - Ishai, Yuval

AU - Omri, Eran

AU - Shaltiel, Ronen

N1 - Publisher Copyright:
© International Association for Cryptologic Research 2015.

PY - 2015

Y1 - 2015

N2 - Motivated by the goal of constructing efficient hash functions, we investigate the possibility of hashing a long message by only making parallel, non-adaptive calls to a hash function on short messages. Our main result is a simple construction of a collision-resistant hash function h: {0, 1}n → {0, 1}k that makes a polynomial number of parallel calls to a random function f: {0, 1}k → {0, 1}k, for any polynomial n = n(k). This should be compared with the traditional use of a Merkle hash tree, that requires at least log(n/k) rounds of calls to f, and with a more complex construction of Maurer and Tessaro [26] (Crypto 2007) that requires two rounds of calls to f. We also show that our hash function h satisfies a relaxed form of the notion of indifferentiability of Maurer et al. [27] (TCC 2004) that suffices for implementing the Fiat-Shamir paradigm. As a corollary, we get sublinear-communication non-interactive arguments for NP that only make two rounds of calls to a small random oracle. An attractive feature of our construction is that h can be implemented by Boolean circuits that only contain parity gates in addition to the parallel calls to f. Thus, we get the first domain-extension scheme which is degree-preserving in the sense that the algebraic degree of h over the binary field is equal to that of f. Our construction makes use of list-recoverable codes, a generalization of list-decodable codes that is closely related to the notion of randomness condensers. We show that list-recoverable codes are necessary for any construction of this type.

AB - Motivated by the goal of constructing efficient hash functions, we investigate the possibility of hashing a long message by only making parallel, non-adaptive calls to a hash function on short messages. Our main result is a simple construction of a collision-resistant hash function h: {0, 1}n → {0, 1}k that makes a polynomial number of parallel calls to a random function f: {0, 1}k → {0, 1}k, for any polynomial n = n(k). This should be compared with the traditional use of a Merkle hash tree, that requires at least log(n/k) rounds of calls to f, and with a more complex construction of Maurer and Tessaro [26] (Crypto 2007) that requires two rounds of calls to f. We also show that our hash function h satisfies a relaxed form of the notion of indifferentiability of Maurer et al. [27] (TCC 2004) that suffices for implementing the Fiat-Shamir paradigm. As a corollary, we get sublinear-communication non-interactive arguments for NP that only make two rounds of calls to a small random oracle. An attractive feature of our construction is that h can be implemented by Boolean circuits that only contain parity gates in addition to the parallel calls to f. Thus, we get the first domain-extension scheme which is degree-preserving in the sense that the algebraic degree of h over the binary field is equal to that of f. Our construction makes use of list-recoverable codes, a generalization of list-decodable codes that is closely related to the notion of randomness condensers. We show that list-recoverable codes are necessary for any construction of this type.

UR - http://www.scopus.com/inward/record.url?scp=84943405583&partnerID=8YFLogxK

U2 - 10.1007/978-3-662-48000-7_9

DO - 10.1007/978-3-662-48000-7_9

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:84943405583

SN - 9783662479995

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 173

EP - 190

BT - Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Proceedings

A2 - Robshaw, Matthew

A2 - Gennaro, Rosario

PB - Springer Verlag

T2 - 35th Annual Cryptology Conference, CRYPTO 2015

Y2 - 16 August 2015 through 20 August 2015

ER -