The circulant hash revisited

Abstract At ProvSec 2013, Minematsu presented the circulant hash, an almost-xor universal hash using only the xor and rotation operations. The circulant hash is a variant of Carter and Wegman’s H3 hash as well as Krawczyk’s Toeplitz hash, both of which are hashes based on matrix-vector multiplication over 𝔽2. In this paper we revisit the circulant hash and reinterpret it as a multiplication in the polynomial ring 𝔽2[x]/(xn + 1). This leads to simpler proofs, faster implementations in modern computer chips, and newer variants with practical implementation advantages.

[1]  Phillip Rogaway,et al.  The Software Performance of Authenticated-Encryption Modes , 2011, FSE.

[2]  Phillip Rogaway,et al.  Fast Universal Hashing with Small Keys and No Preprocessing: The PolyR Construction , 2000, ICISC.

[3]  Richard M. Karp,et al.  Efficient Randomized Pattern-Matching Algorithms , 1987, IBM J. Res. Dev..

[4]  Kazuhiko Minematsu A Short Universal Hash Function from Bit Rotation, and Applications to Blockcipher Modes , 2013, ProvSec.

[5]  Martin Dietzfelbinger,et al.  Universal Hashing and k-Wise Independent Random Variables via Integer Arithmetic without Primes , 1996, STACS.

[6]  F. MacWilliams,et al.  Codes which detect deception , 1974 .

[7]  Toshiya Itoh,et al.  Structure of Parallel Multipliers for a Class of Fields GF(2^m) , 1989, Inf. Comput..

[8]  Thomas Johansson,et al.  On Families of Hash Functions via Geometric Codes and Concatenation , 1993, CRYPTO.

[9]  Joseph H. Silverman,et al.  Fast Multiplication in Finite Fields GF(2N) , 1999, CHES.

[10]  Douglas R. Stinson,et al.  On the Connections Between Universal Hashing, Combinatorial Designs and Error-Correcting Codes , 1995, Electron. Colloquium Comput. Complex..

[11]  Giovanni Manzini,et al.  Inversion of circulant matrices over Zm , 1998, Math. Comput..

[12]  Phillip Rogaway,et al.  Bucket Hashing and Its Application to Fast Message Authentication , 1995, Journal of Cryptology.

[13]  Bert den Boer A Simple and Key-Economical Unconditional Authentication Scheme , 1993, J. Comput. Secur..

[14]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .

[15]  A. Odlyzko,et al.  Algebraic properties of cellular automata , 1984 .

[16]  Albert L. Zobrist,et al.  A New Hashing Method with Application for Game Playing , 1990 .

[17]  Moni Naor,et al.  On the Construction of Pseudorandom Permutations: Luby—Rackoff Revisited , 1996, Journal of Cryptology.

[18]  Giovanni Manzini,et al.  Inversion of circulant matrices over Zm , 2001, Math. Comput..

[19]  Leonid A. Levin,et al.  Pseudo-random Generation from one-way functions (Extended Abstracts) , 1989, STOC 1989.

[20]  Cunsheng Ding,et al.  Binary cyclic codes from explicit polynomials over GF(2m) , 2013, Discret. Math..

[21]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[22]  Ronald L. Rivest,et al.  The invertibility of the XOR of rotations of a binary word , 2010, Int. J. Comput. Math..

[23]  Larry Carter,et al.  New classes and applications of hash functions , 1979, 20th Annual Symposium on Foundations of Computer Science (sfcs 1979).

[24]  Daniel J. Bernstein,et al.  The Poly1305-AES Message-Authentication Code , 2005, FSE.

[25]  Victor Shoup,et al.  On Fast and Provably Secure Message Authentication Based on Universal Hashing , 1996, CRYPTO.

[26]  D. E. Daykin On the Rank of the Matrix f(A) and the Enumeration of Certain Matrices over a Finite Field , 1960 .

[27]  Joan Daemen,et al.  Cipher and hash function design strategies based on linear and differential cryptanalysis , 1995 .

[28]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[29]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[30]  Umesh Vazirani,et al.  Efficiency Considerations in Using Semi-random Sources (Extended Abstract) , 1987, STOC 1987.