Cryptology ePrint Archive: Report 2017/488

Multi-Collision Resistance: A Paradigm for Keyless Hash Functions

Nir Bitansky and Yael Tauman Kalai and Omer Paneth

Abstract: We introduce a new notion of multi-collision resistance for keyless hash functions. This is a natural relaxation of collision resistance where it is hard to find multiple inputs with the same hash in the following sense. The number of colliding inputs that a polynomial-time non-uniform adversary can find is not much larger than its advice. We discuss potential candidates for this notion and study its applications.

Assuming the existence of such hash functions, we resolve the long-standing question of the round complexity of zero knowledge protocols --- we construct a 3-message zero knowledge argument against arbitrary polynomial-size non-uniform adversaries. We also improve the round complexity in several other central applications, including a 3-message succinct argument of knowledge for NP, a 4-message zero-knowledge proof, and a 5-message public-coin zero-knowledge argument. Our techniques can also be applied in the keyed setting, where we match the round complexity of known protocols while relaxing the underlying assumption from collision-resistance to keyed multi-collision resistance.

The core technical contribution behind our results is a domain extension transformation from multi-collision-resistant hash functions for a fixed input length to ones with an arbitrary input length and a local opening property. The transformation is based on a combination of classical domain extension techniques, together with new information-theoretic tools. In particular, we define and construct a new variant of list-recoverable codes, which may be of independent interest.

Category / Keywords: foundations / hash functions, zero knowledge, succinct arguments

Date: received 29 May 2017, last revised 6 Aug 2018

Contact author: nbitansky at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20180806:154548 (All versions of this report)

Short URL: ia.cr/2017/488


[ Cryptology ePrint archive ]