SWIFFT: A Modest Proposal for FFT Hashing

SWIFFT: A Modest Proposal for FFT Hashing

Cached

Download Links

by Vadim Lyubashevsky , Daniele Micciancio , Chris Peikert , Alon Rosen

Citations:

BibTeX

@MISC{Lyubashevsky_swifft:a,
    author = {Vadim Lyubashevsky and Daniele Micciancio and Chris Peikert and Alon Rosen},
    title = {SWIFFT: A Modest Proposal for FFT Hashing },
    year = {}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

We propose SWIFFT, a collection of compression functions that are highly parallelizable and admit very efficient implementations on modern microprocessors. The main technique underlying our functions is a novel use of the Fast Fourier Transform (FFT) to achieve “diffusion, ” together with a linear combination to achieve compression and “confusion. ” We provide a detailed security analysis of concrete instantiations, and give a high-performance software implementation that exploits the inherent parallelism of the FFT algorithm. The throughput of our implementation is competitive with that of SHA-256, with additional parallelism yet to be exploited. Our functions are set apart from prior proposals (having comparable efficiency) by a supporting asymptotic security proof: it can be formally proved that finding a collision in a randomly-chosen function from the family (with noticeable probability) is at least as hard as finding short vectors in cyclic/ideal lattices in the worst case.

Citations

544	How to construct random functions - Goldreich, Goldwasser, et al. - 1986
231	A design principle for hash functions - Damgård - 1989
150	How to break MD5 and other hash functions - Wang, Yu - 2005
124	Generating hard instances of lattice problems - Ajtai - 2004
85	Noise-tolerant learning, the parity problem, and the statistical query model - Blum, Kalai, et al.
79	NTRU: A Ring-Based Public Key Cryptosystem - Hoffstein, Pipher, et al. - 1998
64	A Generalized Birthday Problem - Wagner
51	Worst-Case to Average-Case Reductions Based on Gaussian Measures - Micciancio, Regev - 2007
50	An improved worst-case to average-case connection for lattice problems (extended abstract - Cai, Nerurkar - 1997
49	T.: Cryptographic hash-function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance - Rogaway, Shrimpton
43	Collision-Free Hashing from Lattice Problems - Goldreich, Goldwasser, et al. - 1996
30	Generalized compact knapsacks, cyclic lattices, and efficient one-way functions - Micciancio
27	Almost perfect lattices, the covering radius problem, and applications to Ajtai’s connection factor - Micciancio - 2004
27	Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices - Peikert, Rosen - 2006
25	LLL on the average - Nguyen, Stehlé - 2006
23	Generalized Compact Knapsacks Are Collision Resistant - Lyubashevsky, Micciancio - 2006
17	The knapsack hash function proposed at Crypto 1989 can be broken - Camion, Patarin - 1989
12	The parity problem in the presence of noise, decoding random linear codes, and the subset sum problem - Lyubashevsky - 2005
12	Lattices that admit logarithmic worst-case to average-caseconnection factors - Peikert, Rosen - 2007
12	Collisions of SHA-0 and reduced SHA-1 - Biham, Chen, et al.
9	FFT hashing is not collision-free - Baritaud, Gilbert, et al. - 1992
8	FFT–Hash II, efficient cryptographic hashing - Schnorr - 1992
7	FFT-Hash-II is not yet collision-free - Vaudenay - 1992
7	L.: A practical attack against knapsack based hash functions (extended abstract - Joux, Granboulan - 1994
6	Collisions for Schnorr’s hash function FFT-hash presented at crypto ’91 - Daemen, Bosselaers, et al. - 1991
6	FFT-hash, an efficient cryptographic hash function - Schnorr - 1991
6	Parallel FFT-hashing - Schnorr, Vaudenay - 1993
2	X.: Cryptanalysis for hash functions MD4 - Wang, Lai, et al. - 2005