Difference between revisions of "VSH"

From The ECRYPT Hash Function Website
(Spezification)
(Specification)
 
(One intermediate revision by one other user not shown)
Line 9: Line 9:
  
 
<bibtex>
 
<bibtex>
@MISC{nistContiniLS05,
+
@inproceedings{eurocryptContiniLS06,
   author = {Scott Contini and Arjen Lenstra and Ron Steinfeld},
+
   author = {Scott Contini and Arjen K. Lenstra and Ron Steinfeld},
   title = {VSH, an Efficient and Provable Collision Resistant Hash Function},
+
   title = {VSH, an Efficient and Provable Collision-Resistant Hash Function},
   howpublished = {NIST - First Cryptographic Hash Workshop, October 31-November 1},
+
   booktitle = {EUROCRYPT},
   year = {2005},
+
  year = {2006},
   abstract = {We introduce VSH, very smooth hash, a new $S$-bit hash function that is provably collision-resistant assuming the hardness of finding nontrivial modular square roots of very smooth numbers modulo an $S$-bit composite integer $n$. By very smooth, we mean that the smoothness bound is some fixed polynomial function of $S$. We argue that finding collisions for VSH has the same asymptotic complexity as factoring using the Number Field Sieve factoring algorithm, i.e., subexponential in $S$. VSH is theoretically pleasing because it requires only $O(\frac{1}{S})$ multiplications modulo the $S$-bit composite $n$ per message-bit (as opposed to $\Omega(\frac{1}{\mbox{log}S})$ multiplications for previous provably secure hashes). It is also practical. A preliminary implementation on a 1GHz Pentium III processor that achieves collision resistance at least equivalent to the diffculty of factoring a 1024-bit RSA modulus, runs at 1.1 MegaByte per second, with a moderate slowdown to 0.7MB/s for 2048-bit RSA security. VSH can be used to build a fast, provably secure randomised trapdoor hash function, which can be applied to speed up provably secure signature schemes (such as Cramer-Shoup) and designated-verifier signatures.},
+
   pages = {165-182},
   url = {http://csrc.nist.gov/groups/ST/hash/documents/LENSTRA_vsh.pdf},
+
   abstract = {We introduce VSH, very smooth hash, a new S-bit hash function that is provably collision-resistant assuming the hardness of finding nontrivial modular square roots of very smooth numbers modulo an S-bit composite. By very smooth, we mean that the smoothness bound is some fixed polynomial function of S. We argue that finding collisions for VSH has the same asymptotic complexity as factoring using the Number Field Sieve factoring algorithm, i.e., subexponential in S. VSH is theoretically pleasing because it requires just a single multiplication modulo the S-bit composite per Ω(S) message-bits (as opposed to O(logS) message-bits for previous provably secure hashes). It is relatively practical. A preliminary implementation on a 1GHz Pentium III processor that achieves collision resistance at least equivalent to the difficulty of factoring a 1024-bit RSA modulus, runs at 1.1 MegaByte per second, with a moderate slowdown to 0.7MB/s for 2048-bit RSA security. VSH can be used to build a fast, provably secure randomised trapdoor hash function, which can be applied to speed up provably secure signature schemes (such as Cramer-Shoup) and designated-verifier signatures.},
 +
  editor = {Serge Vaudenay},
 +
  volume = {4004},
 +
  series = {LNCS},
 +
  publisher = {Springer},
 +
  isbn = {3-540-34546-9},
 +
   url = {http://dx.doi.org/10.1007/11761679_11},
 
}
 
}
 
</bibtex>
 
</bibtex>
Line 45: Line 51:
  
 
=== Others ===
 
=== Others ===
 +
 +
<bibtex>
 +
@inproceedings{indocryptSaarinen06,
 +
  author    = {Markku-Juhani Olavi Saarinen},
 +
  title    = {Security of VSH in the Real World},
 +
  booktitle = {INDOCRYPT},
 +
  year      = {2006},
 +
  pages    = {95-103},
 +
  url        = {http://dx.doi.org/10.1007/11941378_8},
 +
  editor    = {Rana Barua and Tanja Lange},
 +
  publisher = {Springer},
 +
  series    = {LNCS},
 +
  volume    = {4329},
 +
  isbn      = {3-540-49767-6},
 +
  abstract  = {In Eurocrypt 2006, Contini, Lenstra, and Steinfeld proposed a new hash function primitive, VSH, very smooth hash. In this brief paper we offer commentary on the resistance of VSH against some standard cryptanalytic attacks, including preimage attacks and collision search for a truncated VSH. Although the authors of VSH claim only collision resistance, we show why one must be very careful when using VSH in cryptographic engineering, where additional security properties are often required.},
 +
}
 +
</bibtex>

Latest revision as of 11:16, 11 March 2008