|
In cryptography, Very Smooth Hash (VSH) is a secure cryptographic hash function invented in 2005 by Scott Contini, Arjen Lenstra and Ron Steinfeld. 〔 〕 Provably secure means that finding collisions is as difficult as some known hard mathematical problem. Unlike other secure collision-resistant hashes, VSH is efficient and usable in practice. Asymptotically, it only requires a single multiplication per log(''n'') message-bits and uses RSA-type arithmetic. Therefore, VSH can be useful in embedded environments where code space is limited. Two major variants of VSH were proposed. For one finding a collision is as difficult as finding a nontrivial modular square root of a very smooth number modulo ''n''. The other one uses a prime modulus ''p'' (with no trapdoor), and its security proof relies on the hardness of finding discrete logarithms of very smooth numbers modulo ''p''. Both versions have similar efficiency. VSH is not suitable as a substitute for a random oracle, but can be used to build a secure randomized trapdoor hash function. This function can replace the trapdoor function used in the Cramer-Shoup signature scheme, maintaining its provable security while speeding up verification time by about 50%. == VSN and VSSR == All cryptographic hash functions that are now widely used are not based on hard mathematical problems. Those few functions that are constructed on hard mathematical problems are called provably secure. Finding collisions is then known to be as hard as solving the hard mathematical problem. For the basic version of Very Smooth Hash function, this hard problem is to find modular square roots (VSSR) of certain special numbers (VSN).〔 This is assumed to be as hard as factoring integers. For a fixed constant ''c'' and ''n'' an integer ''m'' is a Very Smooth Number (VSN) if the largest prime factor of ''m'' is at most (log ''n'')''c''. An integer ''b'' is a Very Smooth Quadratic Residue modulo ''n'' if the largest prime in ''b''’s factorization is at most (log ''n'')''c'' and there exists an integer ''x'' such that . The integer ''x'' is said to be a Modular Square Root of ''b''. We are interested only in non-trivial square roots, those where ''x''2 ≥ ''n''. If ''x''2 < ''n'', the root can be easily computed using algorithms from fields of characteristics 0, such as real field. Therefore they are not suitable in cryptographic primitives. Very Smooth Number Nontrivial Modular Square Root (VSSR) is the following problem: Let ''n'' be the product of two unknown primes of approximately the same size and let . Let be the sequence of primes. VSSR is the following problem: Given ''n'', find such that and at least one of ''e''0,...,''e''''k'' is odd. The VSSR assumption is that there is no probabilistic polynomial (in ) time algorithm which solves VSSR with non-negligible probability. This is considered a useless assumption for practice because it does not tell for what size of moduli VSSR is computationally hard. Instead The computational VSSR assumption is used. It says that solving VSSR is assumed to be as hard as factoring a hard-to-factor bit modulus, where is somewhat smaller than the size of . 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Very smooth hash」の詳細全文を読む スポンサード リンク
|