Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [universal-hash]

In mathematics and computing, universal hashing (in a randomized algorithm or data structure) refers to selecting a hash function at random from a family of hash functions with a certain mathematical property.

Universal hashing guarantees a low number of collisions in expectation, even if the data is chosen by an adversary. Many universal families are known (for hashing integers, vectors, strings), and their evaluation is often very efficient. Universal hashing has numerous uses in computer science, for example in implementations of hash tables, randomized algorithms, and cryptography.

62 questions
13
votes
1 answer

What is a universal hash function?

Short and to the point. I'm assuming that it is not a kind of hash function that can be used universally. After having read about universal hash functions used with the one-time pad to form an authentication scheme, these things have bugged me out.
Melab
  • 4,178
  • 4
  • 24
  • 49
11
votes
1 answer

Secure content-defined chunking

Intro For deduplication purposes, I need to split a stream of plaintext bytes into variable-sized chunks. The way this is traditionally done is using a rolling hash function defined over some window $w$ (e.g. 48 bytes). This window "slides" along…
Paya
  • 189
  • 10
6
votes
1 answer

How does GHASH used in GCM behave as a universal hashing function?

As per my understanding, a Universal Hash Function isn't a cryptographic hash function & it's output isn't uniformly distributed. However, this is still secure because it's actually a family of functions & one or more of the random inputs to the…
user93353
  • 2,348
  • 3
  • 28
  • 49
6
votes
2 answers

How does this POLYVAL modular reduction algorithm work?

I recently found the GitHub repository used to make the measurements in the AES-GCM-SIV paper where they implement polynomial hashing using POLYVAL. This means in this context to compute the usual $\tau=\sum_{i=0}^nm_iH^{n-i}$ for 16-byte message…
SEJPM
  • 46,697
  • 9
  • 103
  • 214
6
votes
2 answers

Universal hash functions with homomorphic XOR property

Let $H = \{h_r : U \rightarrow [m]\}$. What are the currently known most efficient algorithms such that $H$ is a universal family and fulfils the homomorphic XOR operation property $\forall h \in H \forall x,y \in U: h(x \oplus y) = h(x) \oplus…
Martin Kromm
  • 407
  • 2
  • 8
6
votes
2 answers

Proof that MAC and hash composition is insecure

Let $F$ be a secure PRF and $H$ a universal hash function. How can I exhibit a pair $(F,H)$ whose composition $$S'((k_1, k_2), m) = F(k_2, H(k_1,m))$$ is an insecure MAC (or an insecure PRF, since a MAC can be defined as a PRF) ? I guess that, in…
Daniel
  • 457
  • 4
  • 15
5
votes
1 answer

How does the probabilty for universal hashing work out?

Hey for universal hashing we say the following: Definition: A randomized algorithm $H$ for constructing hash functions $h\colon U \to \{1,\ldots,M\}$ is universal if for all $x \neq y$ in $U$, we have $\Pr_{h\gets H} [h(x) = h(y)] \leq 1/M$ I…
OuttaSpaceTime
  • 195
  • 1
  • 7
5
votes
5 answers

Which hash algorithms support binary input of arbitrary bit length?

Background In theory, hash functions produce a binary number having bounded (often fixed) length from binary data of arbitrary length. In practice, specifications and implementations constrain the input length to be a multiple of 8. This is…
smartcaveman
  • 153
  • 5
5
votes
1 answer

The rigorous proof in the commitment based on CRHF

I'm reading about the lecture of Yevgeniy Dodis. In his lecture 14, section 2.3.2, gives a commitment construction based on CRHF, but the proof of hiding is high-level. I want to know the rigorous proof that why even subject to $u(x)=m$, the still…
constantine
  • 311
  • 2
  • 12
4
votes
1 answer

Why do universal hash functions prevent adversarys, but uniform hash functions don't?

Before I state my actual question, let me first five some terminology so we are all on the same page: Let $U=\{k_1,...,k_u\}$ the universe of possible keys, $|U|=u$. We use a hash table $T$ with $m$ cells, counting from $0$ to $m-1$. We use a family…
Prof.Chaos
  • 143
  • 3
4
votes
2 answers

What are the differences between a UHF (as used in cryptography) and a cryptographic hash function?

After reading about UHFs from different sources (From Algorithm books to Crypto books), I am still thoroughly confused about them. How is a UHF different from other cryptographically secure hashing functions? Is the only difference that it's a keyed…
user93353
  • 2,348
  • 3
  • 28
  • 49
4
votes
1 answer

Why does the hashfamily of all functions with $\{h \in H_0 | h:U \rightarrow V\}$ satisfy universal hashing?

I read in our university lecture on hashing that it would be good (even though it is way to space intensive) if we could take the set of all function from $U \rightarrow V$ to satisfy the following universal hashing condition: for all $\forall…
OuttaSpaceTime
  • 195
  • 1
  • 7
4
votes
1 answer

Difficulty of forging MACs based on linear functions over $GF\left(2^n\right)$

This is a homework question, therefore I'm not expecting full solutions, just general guidance. I want to build a one-time MAC using universal hashing. I defined my hash functions as: $h_{a,b}:\begin{array}{lll} \mathbb{F}_{2^{n}} & \to &…
Idra
  • 191
  • 7
4
votes
2 answers

Can universal hashing functions be (ab)used as stream ciphers?

These days, universal hashing functions like GHASH and Poly1305 are very trendy because of their simplicity and speed. Now during a discussion related to export restrictions, it came up that mainly encryption techniques are regulated and these…
SEJPM
  • 46,697
  • 9
  • 103
  • 214
4
votes
0 answers

Is the NH hash family (from UMAC) AXU?

For any positive integer $k$, let $\boxplus_k$ be addition on $k$-bit unsigned integers and $\boxminus_k$ be subtraction on $k$-bit unsigned integers. Let $\operatorname{NH}_w((X,Y),(a,b)) = (a \boxplus_w X)\cdot(b \boxplus_w Y)$. For any binary…
jbapple
  • 149
  • 4
1
2 3 4 5