Does a linear cryptographic hash function exist?
By linear I mean a function 'f' such that:
where + is mod n for some large constant n
Asked
Active
Viewed 297 times
0
Maarten Bodewes
- 90,524
- 13
- 150
- 263
Binary
- 147
- 2
- 14
-
1This question appears to be off-topic because it is about crypto without involving programming. – Maarten Bodewes Jan 13 '15 at 02:32
-
@MaartenBodewes That is not true, a function can be cryptographically strong as well as linear. One was even a condender for the SHA3 standard. See my answer. – John Meacham Jan 31 '15 at 01:58
-
@JohnMeacham You are probably right, this is just a question of me overlooking the `mod n` after quickly deciding it was off topic here. I'll delete my comment as it has too many upvotes. – Maarten Bodewes Jan 31 '15 at 13:50
1 Answers
1
Yes,the cryptographically strong SWIFFT algorithm (a variant was a condender for the SHA3 standard) is linear such that h(a + b) = h(a) + h(b)
It is an interesting example of a hash that is both cryptographically strong and not psuedorandom. It is also another unexpected use of the much lauded FFT algorithm.
John Meacham
- 785
- 7
- 9