From High Girth Graphs to Hard Instances
CP '08 Proceedings of the 14th international conference on Principles and Practice of Constraint Programming
Full Cryptanalysis of LPS and Morgenstern Hash Functions
SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
Simple Algorithms for Computing a Sequence of 2-Isogenies
Information Security and Cryptology --- ICISC 2008
Collisions for the LPS expander graph hash function
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Interpreting hash function security proofs
ProvSec'10 Proceedings of the 4th international conference on Provable security
Preimages for the Tillich-Zémor hash function
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Pseudorandomness and Dynamics of Fermat Quotients
SIAM Journal on Discrete Mathematics
Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies
PQCrypto'11 Proceedings of the 4th international conference on Post-Quantum Cryptography
Hi-index | 0.02 |
We propose constructing provable collision resistant hash functions from expander graphs in which finding cycles is hard. As examples, we investigate two specific families of optimal expander graphs for provable collision resistant hash function constructions: the families of Ramanujan graphs constructed by Lubotzky-Phillips-Sarnak and Pizer respectively. When the hash function is constructed from one of Pizers Ramanujan graphs, (the set of supersingular elliptic curves over with ℓ-isogenies, ℓ a prime different from p), then collision resistance follows from hardness of computing isogenies between supersingular elliptic curves. For the LPS graphs, the underlying hard problem is a representation problem in group theory. Constructing our hash functions from optimal expander graphs implies that the outputs closely approximate the uniform distribution. This property is useful for arguing that the output is indistinguishable from random sequences of bits. We estimate the cost per bit to compute these hash functions, and we implement our hash function for several members of the Pizer and LPS graph families and give actual timings.