Limits on the efficiency of one-way permutation-based hash functions

Limits on the efficiency of one-way permutation-based hash functions

Naor and Yung (1989) show that a one-bit-compressing universal one-way hash function (UOWHF) can be constructed based on a one-way permutation. This construction can be iterated to build a UOWHF which compresses by /spl epsiv/n bits, at the cost of /spl epsiv/n invocations of the one-way permutation...

Full description

Saved in:
Bibliographic Details
Published in:40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039) pp. 535 - 542
Main Authors: Jeong Han Kim, Simon, D.R., Tetali, P.
Format: Conference Proceeding
Language:English
Published: IEEE 1999
Subjects:
Buildings
Circuits
Complexity theory
Cryptography
Digital signatures
Polynomials
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Naor and Yung (1989) show that a one-bit-compressing universal one-way hash function (UOWHF) can be constructed based on a one-way permutation. This construction can be iterated to build a UOWHF which compresses by /spl epsiv/n bits, at the cost of /spl epsiv/n invocations of the one-way permutation. The show that this construction is not far from optimal, in the following sense, there exists an oracle relative to which there exists a one-way permutation with inversion probability 2/sup -p(n)/ (for any p(n)/spl isin//spl omega/(log n)), but any construction of an /spl epsiv/n-bit-compressing UOWHF. Requires /spl Omega/(/spl radic/n/p(n)) invocations of the one-way permutation, on average. (For example, there exists in this relativized world a one-way permutation with inversion probability n/sup -/spl omega/(1)/, but no UOWHF that involves it fewer than /spl Omega/(/spl radic/n/log n) times.) Thus any proof that a more efficient UOWHF can be derived from a one-way permutation is necessarily non-relativizing; in particular, no provable construction of a more efficient UOWHF can exist based solely on a "black box" one-way permutation. This result can be viewed as a partial justification for the practice of building efficient UOWHFs from stronger primitives (such as collision intractable hash functions), rather than from weaker primitives such as one-way permutations.
ISBN:9780769504094
0769504094
ISSN:0272-5428
DOI:10.1109/SFFCS.1999.814627