Abstract. Recently, some collisions have been exposed for a variety of cryptographic hash functions [19] including some of the most widely used today. Many other hash functions using similar constrcutions can however still be considered secure. Nevertheless, this has drawn attention on the need for new hash function designs. In this article is presented a familly of secure hash functions, whose security is directly related to the syndrome decoding problem from the theory of error-correcting codes. Taking into account the analysis by Coron and Joux [4] based on Wagner’s generalized birthday algorithm [18] we study the asymptotical security of our functions. We demonstrate that this attack is always exponential in terms of the length of the hash value. We also study the work-factor of this attack, along with other attacks from coding theory, for non asymptotic range, i.e. for practical values. Accordingly, we propose a few sets of parameters giving a good security and either a faster hashing or a shorter desciption for the function. Key Words: cryptographic hash functions, provable security, syndrome decoding, NP-completeness, Wagner’s generalized birthday problem.

We revisit the code-based identification protocol proposed by Stern at Crypto’93, and give evidence that the size of public keys can be dramatically reduced while preserving a high and well-understood level of security. More precisely, the public keys can be made even shorter than RSA ones (typically 347 bits), while their size is around 150 Kbits in the original scheme. This is achieved by using matrices which are double circulant, rather than purely random. On the whole, this provides a very practical identification (and possibly signature) scheme which is mostly attractive for light-weight cryptography.