Difference between revisions of "VSH"

From The ECRYPT Hash Function Website
(Specification)
 
Line 9: Line 9:
  
 
<bibtex>
 
<bibtex>
@MISC{nistContiniLS05,
+
@inproceedings{eurocryptContiniLS06,
   author = {Scott Contini and Arjen Lenstra and Ron Steinfeld},
+
   author = {Scott Contini and Arjen K. Lenstra and Ron Steinfeld},
   title = {VSH, an Efficient and Provable Collision Resistant Hash Function},
+
   title = {VSH, an Efficient and Provable Collision-Resistant Hash Function},
   howpublished = {NIST - First Cryptographic Hash Workshop, October 31-November 1},
+
   booktitle = {EUROCRYPT},
   year = {2005},
+
  year = {2006},
   abstract = {We introduce VSH, very smooth hash, a new $S$-bit hash function that is provably collision-resistant assuming the hardness of finding nontrivial modular square roots of very smooth numbers modulo an $S$-bit composite integer $n$. By very smooth, we mean that the smoothness bound is some fixed polynomial function of $S$. We argue that finding collisions for VSH has the same asymptotic complexity as factoring using the Number Field Sieve factoring algorithm, i.e., subexponential in $S$. VSH is theoretically pleasing because it requires only $O(\frac{1}{S})$ multiplications modulo the $S$-bit composite $n$ per message-bit (as opposed to $\Omega(\frac{1}{\mbox{log}S})$ multiplications for previous provably secure hashes). It is also practical. A preliminary implementation on a 1GHz Pentium III processor that achieves collision resistance at least equivalent to the diffculty of factoring a 1024-bit RSA modulus, runs at 1.1 MegaByte per second, with a moderate slowdown to 0.7MB/s for 2048-bit RSA security. VSH can be used to build a fast, provably secure randomised trapdoor hash function, which can be applied to speed up provably secure signature schemes (such as Cramer-Shoup) and designated-verifier signatures.},
+
   pages = {165-182},
   url = {http://csrc.nist.gov/groups/ST/hash/documents/LENSTRA_vsh.pdf},
+
   abstract = {We introduce VSH, very smooth hash, a new S-bit hash function that is provably collision-resistant assuming the hardness of finding nontrivial modular square roots of very smooth numbers modulo an S-bit composite. By very smooth, we mean that the smoothness bound is some fixed polynomial function of S. We argue that finding collisions for VSH has the same asymptotic complexity as factoring using the Number Field Sieve factoring algorithm, i.e., subexponential in S. VSH is theoretically pleasing because it requires just a single multiplication modulo the S-bit composite per Ω(S) message-bits (as opposed to O(logS) message-bits for previous provably secure hashes). It is relatively practical. A preliminary implementation on a 1GHz Pentium III processor that achieves collision resistance at least equivalent to the difficulty of factoring a 1024-bit RSA modulus, runs at 1.1 MegaByte per second, with a moderate slowdown to 0.7MB/s for 2048-bit RSA security. VSH can be used to build a fast, provably secure randomised trapdoor hash function, which can be applied to speed up provably secure signature schemes (such as Cramer-Shoup) and designated-verifier signatures.},
 +
  editor = {Serge Vaudenay},
 +
  volume = {4004},
 +
  series = {LNCS},
 +
  publisher = {Springer},
 +
  isbn = {3-540-34546-9},
 +
   url = {http://dx.doi.org/10.1007/11761679_11},
 
}
 
}
 
</bibtex>
 
</bibtex>

Latest revision as of 12:16, 11 March 2008