## Abstract

Motivated by the goal of constructing efficient hash functions, we investigate the possibility of hashing a long message by only making parallel, non-adaptive calls to a hash function on short messages. Our main result is a simple construction of a collision-resistant hash function h: {0, 1}^{n} → {0, 1}^{k} that makes a polynomial number of parallel calls to a random function f: {0, 1}^{k} → {0, 1}^{k}, for any polynomial n = n(k). This should be compared with the traditional use of a Merkle hash tree, that requires at least log(n/k) rounds of calls to f, and with a more complex construction of Maurer and Tessaro [26] (Crypto 2007) that requires two rounds of calls to f. We also show that our hash function h satisfies a relaxed form of the notion of indifferentiability of Maurer et al. [27] (TCC 2004) that suffices for implementing the Fiat-Shamir paradigm. As a corollary, we get sublinear-communication non-interactive arguments for NP that only make two rounds of calls to a small random oracle. An attractive feature of our construction is that h can be implemented by Boolean circuits that only contain parity gates in addition to the parallel calls to f. Thus, we get the first domain-extension scheme which is degree-preserving in the sense that the algebraic degree of h over the binary field is equal to that of f. Our construction makes use of list-recoverable codes, a generalization of list-decodable codes that is closely related to the notion of randomness condensers. We show that list-recoverable codes are necessary for any construction of this type.

Original language | English |
---|---|

Title of host publication | Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Proceedings |

Editors | Matthew Robshaw, Rosario Gennaro |

Publisher | Springer Verlag |

Pages | 173-190 |

Number of pages | 18 |

ISBN (Print) | 9783662479995 |

DOIs | |

State | Published - 2015 |

Event | 35th Annual Cryptology Conference, CRYPTO 2015 - Santa Barbara, United States Duration: 16 Aug 2015 → 20 Aug 2015 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 9216 |

ISSN (Print) | 0302-9743 |

ISSN (Electronic) | 1611-3349 |

### Conference

Conference | 35th Annual Cryptology Conference, CRYPTO 2015 |
---|---|

Country/Territory | United States |

City | Santa Barbara |

Period | 16/08/15 → 20/08/15 |

### Bibliographical note

Funding Information:The first author was supported by ISF grant 1076/11, I-CORE grant 4/11, BSF grant 2010196, and Check Point Institute for Information Security. The second author was supported by ERC starting grant 259426, ISF grant 1709/14, and BSF grant 2012378. The third author was supported by ERC starting grants 259426 and 279559, and by ISF grant 544/13. The fourth author was supported by ERC starting grant 279559, BSF grant 2010120, and ISF grant 864/11.

Publisher Copyright:

© International Association for Cryptologic Research 2015.

## ASJC Scopus subject areas

- Theoretical Computer Science
- Computer Science (all)