# Difference between revisions of "VSH"

From The ECRYPT Hash Function Website

Mschlaeffer (talk | contribs) |
Mschlaeffer (talk | contribs) |
||

Line 5: | Line 5: | ||

* max. message length: < 2<sup>64</sup> bits | * max. message length: < 2<sup>64</sup> bits | ||

* compression function: 512-bit message block, 160-bit chaining variable | * compression function: 512-bit message block, 160-bit chaining variable | ||

− | |||

--> | --> | ||

+ | * Specification: http://csrc.nist.gov/groups/ST/hash/documents/LENSTRA_vsh.pdf | ||

+ | |||

+ | <bibtex> | ||

+ | @MISC{nistContiniLS05, | ||

+ | author = {Scott Contini and Arjen Lenstra and Ron Steinfeld}, | ||

+ | title = {VSH, an Efficient and Provable Collision Resistant Hash Function}, | ||

+ | howpublished = {NIST - First Cryptographic Hash Workshop, October 31-November 1}, | ||

+ | year = {2005}, | ||

+ | abstract = {We introduce VSH, very smooth hash, a new $S$-bit hash function that is provably collision-resistant assuming the hardness of finding nontrivial modular square roots of very smooth numbers modulo an $S$-bit composite integer $n$. By very smooth, we mean that the smoothness bound is some fixed polynomial function of $S$. We argue that finding collisions for VSH has the same asymptotic complexity as factoring using the Number Field Sieve factoring algorithm, i.e., subexponential in $S$. VSH is theoretically pleasing because it requires only $O(\frac{1}{S})$ multiplications modulo the $S$-bit composite $n$ per message-bit (as opposed to $\Omega(\frac{1}{\mbox{log}S})$ multiplications for previous provably secure hashes). It is also practical. A preliminary implementation on a 1GHz Pentium III processor that achieves collision resistance at least equivalent to the diffculty of factoring a 1024-bit RSA modulus, runs at 1.1 MegaByte per second, with a moderate slowdown to 0.7MB/s for 2048-bit RSA security. VSH can be used to build a fast, provably secure randomised trapdoor hash function, which can be applied to speed up provably secure signature schemes (such as Cramer-Shoup) and designated-verifier signatures.}, | ||

+ | url = {http://csrc.nist.gov/groups/ST/hash/documents/LENSTRA_vsh.pdf}, | ||

+ | } | ||

+ | </bibtex> | ||

== Cryptanalysis == | == Cryptanalysis == |

## Revision as of 15:43, 10 March 2008

## Contents

## 1 Spezification

*Scott Contini, Arjen Lenstra, Ron Steinfeld* - **VSH, an Efficient and Provable Collision Resistant Hash Function**

- ,2005
- http://csrc.nist.gov/groups/ST/hash/documents/LENSTRA_vsh.pdf

Bibtex**Author :**Scott Contini, Arjen Lenstra, Ron Steinfeld**Title :**VSH, an Efficient and Provable Collision Resistant Hash Function**In :**-**Address :****Date :**2005