Can I create a secure hash function $h: E(\mathbb{F}_p) \rightarrow \mathbb{Z}_q$ (for some $q$) where $E(\mathbb{F}_p)$ is an elliptic curve on the finite field of $p$ elements? By secure hash function I mean: one way, strongly collision free.
Asked
Active
Viewed 670 times
1 Answers
1
With the current requirements, it seems like any member of $H(C(P)) \bmod q$ should work.
Where:
- $H$ is the set of secure hash functions, e.g. SHA-512;
- $C$ is the set of canonical encoding schemes of the points, e.g. a compressed point representation (02+X or 03+X depending if Y is odd or not);
- $P$ a the set of possible points on the curve;
- $q$ is the order of the curve (already specified).
This is certainly one way and collision free, as long as the used curve and hash function outputs are large enough. But note that it is not well distributed over $\mathbb{Z}_q$ (especially if the hash is shorter than $q$ of course, when viewed as an unsigned number).
Maarten Bodewes
- 96,351
- 14
- 169
- 323