Algebraic Coding 1993: Algebraic Coding pp 90-110 | Cite as

Group-theoretic hash functions

  • Jean-Pierre Tillich
  • Gilles Zémor
Part of the Lecture Notes in Computer Science book series (LNCS, volume 781)


We discuss the security of group-theoretic hash functions for cryptographic purposes. Those functions display several attractive features: they can be computed quickly, and it can be shown that local modifications of the plaintext necessarily change the hashed values. We show why the first such proposal given in [Zém91] is not secure, by giving a probabilistic algorithm for finding collisions. However, our attack is based on the special form of the matrices which were originally chosen. We propose alternative schemes which seem to be immune to such attacks.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AM85]
    N. Alon and V. D. Milman. λ1, isoperimetric inequalities for graphs, and superconcentrators. Journal of Comb. Theory Ser. B, 38:73–88, 1985.Google Scholar
  2. [Bil65]
    P. Billingsley. Ergodic theory and information. J. Wiley and son, New York, London, Sydney, 1965.Google Scholar
  3. [BKL89]
    L. Babai, W. M. Kantor, and A. Lubotsky. Small-diameter cayley graphs for finite simple groups. Europ. J. of Combinatorics, 10:507–522, 1989.Google Scholar
  4. [Cam87]
    P. Camion. Can a fast signature scheme without secret key be secure? In proc. AAECC, pages 187–196. Springer-Verlag Lec. N. Comp. Sci. 228, 1987.Google Scholar
  5. [Chu89]
    F. R. K. Chung. Diameters and eigenvalues. J. Am Math. Soc, 2:187–196, 1989.Google Scholar
  6. [Dam89]
    I. B. Damgárd. Design principles for hash functions. In Crypto, 1989.Google Scholar
  7. [Dau93]
    H. Daudé. Des fractions continues, la réduction des réseaux: analyse en moyenne. PhD thesis, Université de Caen, France, 1993.Google Scholar
  8. [Dix70]
    J. D. Dixon. The number of steps in the euclidean algorithm. Journal of Number Theory, pages 414–422, 1970.Google Scholar
  9. [DV86]
    H. Diamond and J. Vaaler. Estimates for partial sums of continued fraction partial quotients. Pacific Journal of mathematics, 122(1):73–82, 1986.Google Scholar
  10. [GC88]
    P. Godlewski and P. Camion. Manipulations and errors, detection and localization. In Advances in Cryptology, EUROCRYPT-88, pages 96–106. LNCS 330 Springer-Verlag, 1988.Google Scholar
  11. [GTV88]
    M. Girault, P. Toffin, and B. Vallée. How to guess t-th roots modulo n by reducing lattice points. In First international joint conference of ISSAC-88 and AAECC-6, July 1988.Google Scholar
  12. [HW79]
    G. H. Hardy and E. M. Wright. An introduction to the theory of numbers. Oxford University Press, 1979.Google Scholar
  13. [Khi64]
    A. Ya. Khinchin. Continued fractions (english translation). The University of Chicago Press, 1964.Google Scholar
  14. [Kob84]
    N. Koblitz. Introduction to Elliptic Curves and Modular Forms. Springer-Verlag, 1984.Google Scholar
  15. [Kur60]
    A. G. Kurosh. The theory of groups. NED, 1960.Google Scholar
  16. [Mar82]
    G. A. Margulis. Explicit constructions of graphs without short cycles and low density codes. COMBINATORICA, 2(1):71–78, 1982.Google Scholar
  17. [Sel65]
    A. Selberg. On the estimation of fourier coefficients of modular forms. AMS Proc. Symp. Pure Math., 8:1–15, 1965.Google Scholar
  18. [Ser73]
    J-P. Serre. A course in arithmetic. Springer-Verlag, 1973.Google Scholar
  19. [Zém91]
    G. Zémor. Hash functions and graphs with large girths. In EUROCRYPT 91. LNCS 547 Springer-Verlag, 1991.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Jean-Pierre Tillich
    • 1
  • Gilles Zémor
    • 1
  1. 1.ENSTUSA

Personalised recommendations