Cayley Hashes: A Class of Ecient Graph-based Hash Functions

Hash functions are widely used in cryptography. Recent break- throughs against the standard SHA-1 prompted NIST to launch a compe- tition for a new secure hash algorithm, SHA-3 (1). Provably secure hash functions, that is functions whose security reduces to a simply-stated, sup- posedly hard mathematical problem, are widely believed to be much too slow for the NIST competition. In this paper, we discuss Cayley hashes, a class of ecient and provably secure hash functions constructed from the Cayley graphs of (projective) linear groups. We review two existing constructions, the ZT and LPS hash functions, and put a new one forward, the Morgenstern hash function. We show that Cayley hashes are "provable" and ecient: on one hand, their security reduces to a representation problem in (projective) linear groups; on the other hand, they are only 5 times slower than SHA-2 in FPGA hardware, and about 400 times slower in software (in our future implementations, many optimizations currently under investigation are expected to decrease these gaps even more). Last but not least, Cayley hash computation can be easily parallelized. We believe their nice properties as well as their elegant design make Cayley hashes very interesting hash functions.