|
In cryptography, SWIFFT is a collection of provably secure hash functions. It is based on the concept of the Fast Fourier Transform (FFT). SWIFFT is not the first hash function based on FFT, but it sets itself apart by providing a mathematical proof of its security. It also uses the LLL basis reduction algorithm. It can be shown that finding collisions in SWIFFT is as least as difficult as finding short vectors in cyclic/ideal lattices in the ''worst case''. By giving a security reduction to the worst-case scenario of a difficult mathematical problem, SWIFFT gives a much stronger security guarantee than most other cryptographic hash functions. Unlike many other provably secure hash functions, the algorithm is quite fast, yielding a throughput of 40MB/s on a 3.2 GHz Intel Pentium 4. Although SWIFFT satisfies many desirable cryptographic and statistical properties, it was not designed to be an "all-purpose" cryptographic hash function. For example, it is not a pseudorandom function, and would not be a suitable instantiation of a random oracle. The algorithm is less efficient than most traditional hash functions that do not give a proof of their collision-resistance. Therefore, its practical use would lie mostly in applications where the proof of collision-resistance is particularly valuable, such as digital signatures that must remain trustworthy for a long time. A modification of SWIFFT called SWIFFTX was proposed as a candidate for SHA-3 function to the NIST hash function competition and was rejected in the first round. ==The Algorithm== The algorithm is as follows:〔("SWIFFT: A Modest Proposal for FFT Hashing" )〕 #Let the polynomial variable be called #Input: message of length #Convert to a collection of polynomials in a certain polynomial ring with binary coefficients. #Compute the Fourier coefficients of each using SWIFFT. #Define the Fourier coefficients of , so that they are fixed and depend on a family of SWIFFT. #Point-wise multiply the Fourier coefficients with the Fourier coefficients of for each . #Use inverse FFT to obtain polynomials of degree . #Compute modulo and . #Convert to bits and output it. * The FFT operation in step 4 is easy to invert, and is performed to achieve diffusion, that is, to mix the input bits. * The linear combination in step 6 achieves confusion, since it compresses the input. * This is just a high level description of what the algorithm does, some more advanced optimizations are used to finally yield a high performing algorithm. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「SWIFFT」の詳細全文を読む スポンサード リンク
|