Abstract. Recently, some collisions have been exposed for a variety of cryptographic hash functions [19] including some of the most widely used today. Many other hash functions using similar constrcutions can however still be considered secure. Nevertheless, this has drawn attention on the need for new hash function designs. In this article is presented a familly of secure hash functions, whose security is directly related to the syndrome decoding problem from the theory of error-correcting codes. Taking into account the analysis by Coron and Joux [4] based on Wagner’s generalized birthday algorithm [18] we study the asymptotical security of our functions. We demonstrate that this attack is always exponential in terms of the length of the hash value. We also study the work-factor of this attack, along with other attacks from coding theory, for non asymptotic range, i.e. for practical values. Accordingly, we propose a few sets of parameters giving a good security and either a faster hashing or a shorter desciption for the function. Key Words: cryptographic hash functions, provable security, syndrome decoding, NP-completeness, Wagner’s generalized birthday problem.

Let n be an even positive integer and F be the field GF(2). A word in F n is called balanced if its Hamming weight is n/2. A subset C ⊆ F n is called a balancing set if for every word y ∈ F n there is a word x ∈ C such that y + x is balanced. It is shown that most linear subspaces of F n of dimension slightly larger than 3 2 log 2 n are balancing sets. An application of linear balancing sets is presented for designing efficient error-correcting coding schemes in which the codewords are balanced. 1

Abstract — In this note we reconsider the code-based pseudorandom generator proposed by Fischer and Stern. This generator is proven as secure as the syndrome decoding problem but has two main drawbacks: it is slow (3000 bits/s) and a large size of memory is needed (88 kiloBytes). We propose a variation on the scheme which avoid them: the use of regular words speeds the system up and the use of quasi-cyclic codes allows a decrease of the memory requirements. We eventually obtain a generator as fast as AES in counter mode using only about 8000 bits of memory. We also give a more precise security reduction. I.

In this note we reconsider the code-based pseudorandom generator proposed by Fischer and Stern. This generator is proven as secure as the syndrome decoding problem but has two main drawbacks: it is slow (3000 bits/s) and a large size of memory is needed (88 kiloBytes). We propose a variation on the scheme which avoid them: the use of regular words speeds the system up and the use of quasi-cyclic codes allows a decrease of the memory requirements. We eventually obtain a generator as fast as AES in counter mode using only about 8000 bits of memory. We also give a more precise security reduction.

c t i v it y e p o r t 2007 Table of contents