Misplaced Pages

Universal one-way hash function

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Universal one-way hash function" – news · newspapers · books · scholar · JSTOR (November 2018) (Learn how and when to remove this message)

In cryptography a universal one-way hash function (UOWHF, often pronounced "woof") is a type of universal hash function of particular importance to cryptography. UOWHFs are proposed as an alternative to collision-resistant hash functions (CRHFs). CRHFs have a strong collision-resistance property: that it is hard, given randomly chosen hash function parameters, to find any collision of the hash function. In contrast, UOWHFs require that it be hard to find a collision where one preimage is chosen independently of the hash function parameters. The primitive was suggested by Moni Naor and Moti Yung and is also known as "target collision resistant" hash functions; it was employed to construct general digital signature schemes without trapdoor functions, and also within chosen-ciphertext secure public key encryption schemes.

The UOWHF family contains a finite number of hash functions with each having the same probability of being used.

Definition

The security property of a UOWHF is as follows. Let A {\displaystyle A} be an algorithm that operates in two phases:

  • Initially, A {\displaystyle A} receives no input (or just a security parameter) and chooses a value x {\displaystyle x} .
  • A hash function H {\displaystyle H} is chosen randomly from the family. A {\displaystyle A} then receives H {\displaystyle H} and must output y x {\displaystyle y\neq x} such that H ( x ) = H ( y ) {\displaystyle H(x)=H(y)} .

Then for all polynomial-time A {\displaystyle A} the probability that A {\displaystyle A} succeeds is negligible.

Applications

UOWHFs are thought to be less computationally expensive than CRHFs, and are most often used for efficiency purposes in schemes where the choice of the hash function happens at some stage of execution, rather than beforehand. For instance, the Cramer–Shoup cryptosystem uses a UOWHF as part of the validity check in its ciphertexts.

See also

Further reading

External links

Category: