Classifications

• • G—PHYSICS
  • G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
  • G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
  • G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
  • H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
  • G06F16/90—Details of database functions independent of the retrieved data types
  • G06F16/901—Indexing; Data structures therefor; Storage structures
  • G06F16/9014—Indexing; Data structures therefor; Storage structures hash tables
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions

Definitions

• Hash functions constructions are used in many algorithms and cryptographic protocols. They are functions/ U -> S with
• it is typically desired for the problem of engineering collisions to be hard. This means the task of finding distinct elements x and y such that/(3cj f(y) is computationally hard.
• there is interest in the following weaker property: Qiven x finding another y, such that ffx) f(y) is hard.
• an expander graph is walked as input to a hash function.
• the expander graph is walked using respective subsets of an input message.
• the output of the hash function is the label of the last vertex walked.
• FIG. 1 illustrates an exemplary system for hash function constructions from expander graphs, according to one embodiment.
• Fig. 2 shows an exemplary procedure for hash function constructions from expander graphs, according to one embodiment.
• FIG. 3 shows an exemplary procedure for hash function constructions from expander graphs, according to one embodiment.
• FIG. 4 illustrates an example of a suitable computing environment in which hash function constructions from expander graphs may be fully or partially implemented.
• a hash function is constructed by taking walks on specific expander graphs.
• a random walk on an expander graph mixes very fast, so the hash function output is generally uniform when the input message is uniformly random.
• the systems and methods use extractors in conjunction with expander graphs to produce hash functions.
• input messages have a certain lower bound on the min-entropy. For example, cryptographically signing a message (which is done by hashing) is done after adding a "random pad" to the message. (This process injects entropy into the signature). Under the assumption that the input messages have some small amount of entropy, an extractor is utilized to extract this randomness and then execute a walk according to the output of the extractor.
• Program modules generally include routines, programs, objects, components, data structures, etc., that perform particular tasks or implement particular abstract data types. While the systems and methods are described in the foregoing context, acts and operations described hereinafter may also be implemented in hardware.
• FIG. 1 illustrates an exemplary system 100 for hash function constructions from expander graphs, according to one embodiment.
• System 100 includes computing device 102, which includes one or more processing units 104 coupled to a system memory 106.
• Processor 104 fetches and executes computer-program instructions from program modules 108, and fetches and stores data to/from program data 110 portion of system memory 106.
• Program modules 108 include, for example, expander graph hash function construction module ("EGHF construction module”) 112 and other program modules 114.
• Other program modules 114 include, for example, an operating system and one or more applications that utilize expander graph-based hash function constructions 116 generated by module 112.
• hash function constructions 116 There are many applications for which such hash function constructions 116 are useful. For example, such constructions may be utilized in one or more applications implementing cryptography, hash tables, error correction, audio identification, Rabin-Karp string search algorithms, etc.
• EGHF construction module 112 generates hash function constructions 116 from an input message 118 and an expander graph 120 of n vertices.
• Expander graph 118 is a sparse graph with high vertex or edge expansion, or in other words highly connected.
• expander graph 118 is a Ramanujan graph.
• the input message 118 has a degree of randomness (or entropy).
• expander graph 120 is determined as follows. Let p be a prime number and let I ( ⁇ p) be another prime number.
• the graph G(p, V) is known to be a l+l regular Ramanujan graph.
• G(p, I) is the class number of the quaternion algebra B P; ⁇ which is about p/12.
• G(p, I) is the expander graph 120.
• expander graph 120 is a Lubotzky-Phillips-Sarnak expander graph, as described below in the section titled "Alternate Embodiments".
• expander graph hash function construction module 112 identifies a message 118.
• the message has a degree of entropy.
• EG HF construction module 112 assigns respective names, or labels to each vertex of the n vertices that comprise the expander graph 120.
• EG HF construction module 112 extracts (determines) that degree of randomness with an extractor function. Exemplary such extraction functions and technique to extract randomness from such a message is described in greater detail below in the section titled "Extracting Randomness from the Input".
• Construction module 112 identifies k-length bit segments of the input message 118 based either on the extracted degree of entropy (when present) or other objective criteria (described below), in view of a configurable vertex edge convention to identify vertices of the expander graph 120 to randomly walk (visit). Exemplary operations to walk and expander graph 120 are described in greater detail below in the section titled "Exemplary Procedure". A respective name / label associated with a last vertex of the vertices walked represents the output of the hash function construction 114.
• Min-Entropy Let X be a random variable that takes values in ⁇ 0, 1 ⁇ 11 .
• the min- entropy of X is defined to be the quantity
• Extractor A function Ext : ⁇ 0,1 ⁇ " x ⁇ 0,l ⁇ d ⁇ ⁇ 0,1 ⁇ TM is called a (&, ⁇ )-extractor if for any random variable X on ⁇ 0, 1 ⁇ " of min-entropy at least k and Vd the uniform distribution on ⁇ 0,l ⁇ rf the distribution Ext(X,U d ) is ⁇ -close to U m .
• Proposition If Ext : ⁇ 0,1 ⁇ " x ⁇ Q,l ⁇ d ⁇ ⁇ 0,1 ⁇ '" is a (&, ⁇ )-extractor. Then for most choices of the random seed ⁇ e ⁇ 0,1 ⁇ rf the distribution Ext(X, ⁇ ) is ⁇ -close to U m .
• Random variable M (i.e., input message 118), which denotes the inputs to the hash function construction 116, has min-entropy at least log 1+ ⁇ n where n is the number of vertices of G(p, £) and ⁇ > 0.
• ⁇ 0,l ⁇ w be the input space.
• step (d) determine if Q belongs to the group generated by P . If so, step (d) is repeated.
• A is the adjacency matrix of G
• v may be taken as any of the standard unit vectors and ⁇ is the vector (1, 1, ..., 1).
• system 100 implements an almost random walk on the graph 120. This can be thought of as using a matrix B as the transition matrix such that 1
• construction module 112 perturbs the random walk a small amount. The following proposition shows that this new random walk mixes quickly if ⁇ can be taken small enough.
• system 100 utilizes the Lubotzky-Phillips-Sarnak expander graph 120.
• I and p be two distinct primes, with I a small prime and p relatively large.
• p and i are ⁇ 1 mod 4 and the I is a quadratic residue mod p (this is the case if l ⁇ ' ⁇ 2 ⁇ 1 mod p).
• X tjP we denote the LPS graph, with parameters I and p, by X tjP .
• the vertices of X t>p are the matrices in PSL(2,F P ), i.e.
• Fig. 2 shows an exemplary procedure 200 for hash function constructions from expander graphs, according to one embodiment.
• procedure 200 for hash function constructions from expander graphs, according to one embodiment.
• the operations of procedure 200 are described with respect to components of system 100 of Fig. 1.
• the leftmost numeral of a component reference number indicates the particular figure where the component is first described.
• EG HF constructions module 112 (Fig. 1) divides an input message 118 into segments. For example, input message has a length N. Given that there are n vertices in a k-regular the expander graph 120 (each vertex having a name / label), the name of each edge coming out of any one vertex will have log k bits. The input message 118 is broken up into chunks of length log k.
• EG HF constructions module 112 walks the expander graph 120 as input to a hash function.
• the walk is determined as follows: Suppose we are at some vertex v, the next vertex in the walk is determined by reading off the next chunk of log k bits from the input to determine the edge we will traverse out of vertex v, the other end point of this edge will be the next vertex on the walk.
• EG HF constructions module 112 starts the random walk of edges in the expander graph 120 from a first vertex specified by the first k-bits (segment / chunk) of the input message 118.
• the next vertex walked in the expander graph 120 is specified by the next chunk of log k-bits.
• f v Q is the first edge out of v
• f v (2) is the second edge out of v, etc.
• EG HF constructions module 112 determines a label of a last vertex walked.
• EG HF constructions module 112 outputs the label as a result of the hash function.
• Fig. 3 shows an exemplary procedure for hash function constructions from expander graphs, according to one embodiment.
• the operations of procedure 300 are described with respect to components of system 100 of Fig. 1.
• expander graph hash function constructions module (“EGHF constructions module”) 112 (Fig. 1), identifies a message 118 with a degree of entropy.
• EGHF constructions module 112 assigns respective labels to each vertex in an expander graph 120.
• EGHF constructions module 112 uses an extractor function to determine the degree of entropy in the input message 118. This determined degree is shown as the extracted degree of entropy 122.
• EGHF constructions module walks the expander graph 120 based on the extracted degree of entropy 122.
• EGHF constructions module 112 outputs a label associated with a last vertex walked and the expander graph 120 as a result of the hash function construction 116. That is, the operations of blocks 302 through 310 correspond to operations of hash function construction 116.
• Fig. 4 illustrates an example of a suitable computing environment in which hash function constructions from expander graphs may be fully or partially implemented.
• Exemplary computing environment 400 is only one example of a suitable computing environment for the exemplary system of Fig. 1 and exemplary operations of Figs. 2 and 3, and is not intended to suggest any limitation as to the scope of use or functionality of systems and methods the described herein. Neither should computing environment 400 be interpreted as having any dependency or requirement relating to any one or combination of components illustrated in computing environment 400.
• the methods and systems described herein are operational with numerous other general purpose or special purpose computing system, environments or configurations.
• Examples of well-known computing systems, environments, and/or configurations that may be suitable for use include, but are not limited to, personal computers, server computers, multiprocessor systems, microprocessor-based systems, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and so on.
• Compact or subset versions of the framework may also be implemented in clients of limited resources, such as handheld computers, or other computing devices.
• the invention is practiced in a distributed computing environment where tasks are performed by remote processing devices that are linked through a communications network.
• program modules may be located in both local and remote memory storage devices.
• an exemplary system for hash function constructions from expander graphs includes a general purpose computing device in the form of a computer 410 implementing, for example, system 100 of Fig. 1.
• the following described aspects of computer 410 are exemplary implementations of computing devices 102 of Fig. 1.
• Components of computer 410 may include, but are not limited to, processing unit(s) 420, a system memory 430, and a system bus 421 that couples various system components including the system memory to the processing unit 420.
• the system bus 421 may be any of several types of bus Structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures.
• such architectures may include Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus also known as Mezzanine bus.
• ISA Industry Standard Architecture
• MCA Micro Channel Architecture
• EISA Enhanced ISA
• VESA Video Electronics Standards Association
• PCI Peripheral Component Interconnect
• a computer 410 typically includes a variety of computer-readable media.
• Computer-readable media can be any available media that can be accessed by computer 410 and includes both volatile and nonvolatile media, removable and non-removable media.
• Computer-readable media may comprise computer storage media and communication media.
• Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules or other data.
• Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by computer 410.
• Communication media typically embodies computer-readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism, and includes any information delivery media.
• modulated data signal means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal.
• communication media includes wired media such as a wired network or a direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of the any of the above should also be included within the scope of computer-readable media.
• System memory 430 includes computer storage media in the form of volatile and/or nonvolatile memory such as read only memory (ROM) 431 and random access memory (RAM) 432.
• ROM read only memory
• RAM random access memory
• BIOS basic input/output system 433
• RAM 432 typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by processing unit 420.
• Fig. 4 illustrates operating system 434, application programs 433, other program modules 436, and program data 437.
• the computer 410 may also include other removable/non-removable, volatile/nonvolatile computer storage media.
• Figure 4 illustrates a hard disk drive 441 that reads from or writes to non-removable, nonvolatile magnetic media, a magnetic disk drive 431 that reads from or writes to a removable, nonvolatile magnetic disk 432, and an optical disk drive 433 that reads from or writes to a removable, nonvolatile optical disk 436 such as a CD ROM or other optical media.
• removable/non-removable, volatile/nonvolatile computer storage media that can be used in the exemplary operating environment include, but are not limited to, magnetic tape cassettes, flash memory cards, digital versatile disks, digital video tape, solid state RAM, solid state ROM, and the like.
• the hard disk drive 441 is typically connected to the system bus 421 through a non-removable memory interface such as interface 440, and magnetic disk drive 431 and optical disk drive 433 are typically connected to the system bus 421 by a removable memory interface, such as interface 430.
• the drives and their associated computer storage media discussed above and illustrated in Figure 4, provide storage of computer-readable instructions, data structures, program modules and other data for the computer 410.
• hard disk drive 441 is illustrated as storing operating system 444, application programs 443, other program modules 446, and program data 447. Note that these components can either be the same as or different from operating system 434, application programs 433, other program modules 436, and program data 437.
• Application programs 433 includes, for example program modules 108 of computing device 102 of Fig. 1.
• Program data 437 includes, for example, program data 110 of computing device 102 of Fig. 1.
• Operating system 444, application programs 443, other program modules 446, and program data 447 are given different numbers here to illustrate that they are at least different copies.
• a user may enter commands and information into the computer 410 through input devices such as a keyboard 462 and pointing device 461, commonly referred to as a mouse, trackball or touch pad.
• Other input devices may include a microphone, joystick, game pad, satellite dish, scanner, or the like.
• a user input interface 460 that is coupled to the system bus 421, but may be connected by other interface and bus structures, such as a parallel port, game port or a universal serial bus (USB).
• a monitor 491 or other type of display device is also connected to the system bus 421 via an interface, such as a video interface 490.
• computers may also include other peripheral output devices such as printer 496 and audio device(s) 497, which may be connected through an output peripheral interface 493.
• the computer 410 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computer 480.
• remote computer 480 represents computing device 102 or networked computer 104 of Fig. 1.
• the remote computer 480 may be a personal computer, a server, a router, a network PC, a peer device or other common network node, and as a function of its particular implementation, may include many or all of the elements described above relative to the computer 410, although only a memory storage device 481 has been illustrated in Figure 4.
• the logical connections depicted in Figure 4 include a local area network (LAN) 471 and a wide area network (WAN) 473, but may also include other networks.
• LAN local area network
• WAN wide area network
• the computer 410 When used in a LAN networking environment, the computer 410 is connected to the LAN 471 through a network interface or adapter 470. When used in a WAN networking environment, the computer 410 typically includes a modem 472 or other means for establishing communications over the WAN 473, such as the Internet.
• the modem 472 which may be internal or external, may be connected to the system bus 421 via the user input interface 460, or other appropriate mechanism.
• program modules depicted relative to the computer 410, or portions thereof may be stored in the remote memory storage device.
• Figure 4 illustrates remote application programs 483 as residing on memory device 481.
• the network connections shown are exemplary and other means of establishing a communications link between the computers may be used.

Landscapes

• Engineering & Computer Science (AREA)
• Theoretical Computer Science (AREA)
• Databases & Information Systems (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• General Engineering & Computer Science (AREA)
• Software Systems (AREA)
• Data Mining & Analysis (AREA)
• Signal Processing (AREA)
• Computer Networks & Wireless Communication (AREA)
• Computer Security & Cryptography (AREA)
• Power Engineering (AREA)
• Mathematical Physics (AREA)
• Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Priority Applications (4)

Applications Claiming Priority (2)

Publications (1)

Family

ID=37996294

Family Applications (1)

Country Status (6)

Cited By (1)

Families Citing this family (29)

Citations (4)

Family Cites Families (3)

• 2005
  • 2005-11-01 US US11/263,701 patent/US7382876B2/en not_active Expired - Fee Related
• 2006
  • 2006-10-16 CN CN2006800404564A patent/CN101300569B/zh not_active Expired - Fee Related
  • 2006-10-16 JP JP2008538904A patent/JP4455661B2/ja not_active Expired - Fee Related
  • 2006-10-16 EP EP06826109A patent/EP1949255A4/en not_active Withdrawn
  • 2006-10-16 KR KR1020087009948A patent/KR101292927B1/ko not_active Expired - Fee Related
  • 2006-10-16 WO PCT/US2006/040538 patent/WO2007053295A1/en not_active Ceased

Patent Citations (4)

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events