Regular and almost universal hashing: an efficient implementation
Sergey Ignatchenko2016, Software: Practice and Experience
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Random hashing can provide guarantees regarding the performance of data structures such as hash tableseven in an adversarial setting. Many existing families of hash functions are universal: given two data objects, the probability that they have the same hash value is low given that we pick hash functions at random. However, universality fails to ensure that all hash functions are well behaved. We might further require regularity: when picking data objects at random they should have a low probability of having the same hash value, for any fixed hash function. We present the efficient implementation of a family of non-cryptographic hash functions (PM+) offering good running times, good memory usage as well as distinguishing theoretical guarantees: almost universality and component-wise regularity. On a variety of platforms, our implementations are comparable to the state of the art in performance. On recent Intel processors, PM+ achieves a speed of 4.7 bytes per cycle for 32-bit outputs and 3.3 bytes per cycle for 64-bit outputs. We review vectorization through SIMD instructions (e.g., AVX2) and optimizations for superscalar execution.
Related papers
SPONGENT: A Lightweight Hash Function
This paper proposes spongent -a family of lightweight hash functions with hash sizes of 88 (for preimage resistance only), 128, 160, 224, and 256 bits based on a sponge construction instantiated with a present-type permutation, following the hermetic sponge strategy. Its smallest implementations in ASIC require 738, 1060, 1329, 1728, and 1950 GE, respectively. To our best knowledge, at all security levels attained, it is the hash function with the smallest footprint in hardware published so far, the parameter being highly technology dependent. spongent offers a lot of flexibility in terms of serialization degree and speed. We explore some of its numerous implementation trade-offs. We furthermore present a security analysis of spongent. Basing the design on a present-type primitive provides confidence in its security with respect to the most important attacks. Several dedicated attack approaches are also investigated.
LHash: A Lightweight Hash Function
Lecture Notes in Computer Science, 2014
In this paper, we propose a new lightweight hash function supporting three different digest sizes: 80, 96 and 128 bits, providing preimage security from 64 to 120 bits, second preimage and collision security from 40 to 60 bits. LHash requires about 817 GE and 1028 GE with a serialized implementation. In faster implementations based on function T , LHash requires 989 GE and 1200 GE with 54 and 72 cycles per block, respectively. Furthermore, its energy consumption evaluated by energy per bit is also remarkable. LHash allows to make trade-offs among security, speed, energy consumption and implementation costs by adjusting parameters. The design of LHash employs a kind of Feistel-PG structure in the internal permutation, and this structure can utilize permutation layers on nibbles to improve the diffusion speed. The adaptability of LHash in different environments is good, since different versions of LHash share the same basic computing module. The low-area implementation comes from the hardware-friendly Sbox and linear diffusion layer. We evaluate the resistance of LHash against known attacks and confirm that LHash provides a good security margin.
TWISTERπ - a framework for secure and fast hash functions
International Journal of Applied Cryptography, 2010
In this paper we present TWISTER π , a framework for hash functions. It is an improved version of TWISTER, a candidate of the NIST SHA-3 hash function competition. TWISTER π is built upon the ideas of wide pipe and sponge functions. The core of this framework is a-very easy to analyse-Twister-Round providing both extremely fast diffusion as well as collision-freeness for one internal Twister-Round. The total security level is claimed to be not below /2 2 n for collision attacks and 2 n for (2nd) pre-image attacks. TWISTER π instantiations are secure against all known generic attacks. We also propose two instances TWISTER π-n for hash output sizes n = 256 and n = 512. These instantiations are highly optimised for 64-bit architectures and run very fast in hardware and software, e.g TWISTER π-256 is faster than SHA2-256 on 64-bit platforms and TWISTER π-512 is faster than SHA2-512 on 32-bit platforms. Furthermore, TWISTER π scales very well on low-end platforms.
An Enhanced Non-Cryptographic Hash Function
International Journal of Computer Applications, 2020
How to store information for it to be searched and retrieved efficiently is one of the fundamental problems in computer science. There exists sequential search that support operation such as INSERT, DELETE and RETRIVAL in O (n log (n)) expected time in operations. Therefore in many applications where these operations are needed, hashing provides a way to reduce expected time to O (1).There are many different types of hashing algorithms or functions such as cryptographic hash functions, non-cryptographic hash function, checksums and cyclic redundancy checks. Non-cryptographic hash functions (NCHFs) take a string as input and compute an integer output (hash index) representing the position in memory the string is to be stored. The desirable property of a hash function is that the outputs are evenly distributed across the domain of possible outputs, especially for inputs that are similar. Noncryptographic hash functions have an immense number of applications, ranging from compilers and databases to videogames, computer networks, etc. A suitable hash function and strategy must be used for specific applications. This will help efficient use of memory space and access time. The most essential features of non-cryptographic hash functions is its % distribution, number of collisions, performance, % avalanche and quality which are the properties of the hash function. Basing on the properties assessed using a test suite; the results clearly demonstrated that: the proposed hash function that was developed had better properties as compared to other hash functions.
AVON: A fast Hash function for Intel SIMD architectures
2013 International Conference on Security and Cryptography (SECRYPT), 2013
In this paper, we propose a hash function that takes advantage of the AES-NI and other Single-Instruction Multiple-Data operations on Intel x64 platforms to generate digests very efficiently. It is suitable for applications in which a server needs to securely hash electronic documents at a rate of several cycles/byte. This makes it much more efficient for certain applications than SHA-2, SHA-3 or any of the SHA-3 finalists. On the common Sandy Bridge micro-architecture, our hash function, AVON, has a throughput of 2.65 cycles per byte while retaining a high degree of security.
Whirlwind: a new cryptographic hash function
Designs, Codes and Cryptography, 2010
A new cryptographic hash function Whirlwind is presented. We give the full specification and explain the design rationale. We show how the hash function can be implemented efficiently in software and give first performance numbers. A detailed analysis of the security against state-of-the-art cryptanalysis methods is also provided. In comparison to the algorithms submitted to the SHA-3 competition, Whirlwind takes recent developments in cryptanalysis into account by design. Even though software performance is not outstanding, it compares favourably with the 512-bit versions of SHA-3 candidates such as LANE or the original CubeHash proposal and is about on par with ECHO and MD6.
Twister – A Framework for Secure and Fast Hash Functions
Lecture Notes in Computer Science, 2009
We present Twister3, a microwire twisting machine. This device greatly increases the speed and repeatability of constructing twisted microwire neural probes (e.g. stereotrodes and tetrodes) compared to existing options. It is cheap, well documented, and all associated designs and source code are open-source. Twister3 is of interest to any lab performing twisted microwire neural recordings, for example, using tetrode drives.
The Grindahl Hash Functions
Lecture Notes in Computer Science, 2007
In this paper we propose the Grindahl hash functions, which are based on components of the Rijndael algorithm. To make collision search sufficiently difficult, this design has the important feature that no low-weight characteristics form collisions, and at the same time it limits access to the state. We propose two concrete hash functions, Grindahl-256 and Grindahl-512 with claimed security levels with respect to collision, preimage and second preimage attacks of 2 128 and 2 256 , respectively. Both proposals have lower memory requirements than other hash functions at comparable speeds and security levels.
Design and analysis of hash functions
2007
A function that compresses an arbitrarily large message into a fixed small size ‘message digest’ is known as a hash function. For the last two decades, many types of hash functions have been defined but, the most widely used in many of the cryptographic applications currently are hash functions based on block ciphers and the dedicated hash functions. Almost all the dedicated hash functions are generated using the Merkle-Damgard construction which is developed independently by Merkle and Damgard in 1989 [6, 7]. A hash function is said to be broken if an attacker is able to show that the design of the hash function violates at least one of its claimed security property. There are various types of attacking strategies found on hash functions, such as attacks based on the block ciphers, attacks depending on the algorithm, attacks independent of the algorithm, attacks based on signature schemes, and high level attacks. Besides this, in recent years, many structural weaknesses have been f...
HaF - A New Family of Hash Functions
Proceedings of the 2nd International Conference on Pervasive Embedded Computing and Communication Systems, 2012
Paper presents a family of parameterized hash functions allowing for flexibility between security and performance. The family consists of three basic hash functions: HaF-256, HaF-512 and HaF-1024 with message digests equal to 256, 512 and 1024 bits, respectively. Details of functions' structure are presented. Method for obtaining function's S-box is described along with the rationale behind it. Security considerations are discussed.
Related topics
Related papers
Efficient Hashing Using the AES Instruction Set
Lecture Notes in Computer Science, 2011
In this work, we provide a software benchmark for a large range of 256-bit blockcipher-based hash functions. We instantiate the underlying blockcipher with AES, which allows us to exploit the recent AES instruction set (AES-NI). Since AES itself only outputs 128 bits, we consider double-block-length constructions, as well as (single-block-length) constructions based on RIJNDAEL-256. Although we primarily target architectures supporting AES-NI, our framework has much broader applications by estimating the performance of these hash functions on any (micro-)architecture given AES-benchmark results. As far as we are aware, this is the first comprehensive performance comparison of multiblock-length hash functions in software.
VSH, an Efficient and Provable Collision-Resistant Hash Function
2006
We introduce VSH, very smooth hash, a new S-bit hash function that is provably collision-resistant assuming the hardness of finding nontrivial modular square roots of very smooth numbers modulo an S-bit composite. By very smooth, we mean that the smoothness bound is some fixed polynomial function of S. We argue that finding collisions for VSH has the same asymptotic complexity as factoring using the Number Field Sieve factoring algorithm, i.e., subexponential in S. VSH is theoretically pleasing because it requires just a single multiplication modulo the S-bit composite per Ω(S) message-bits (as opposed to O(logS) message-bits for previous provably secure hashes). It is relatively practical. A preliminary implementation on a 1GHz Pentium III processor that achieves collision resistance at least equivalent to the difficulty of factoring a 1024-bit RSA modulus, runs at 1.1 MegaByte per second, with a moderate slowdown to 0.7MB/s for 2048-bit RSA security. VSH can be used to build a fast, provably secure randomised trapdoor hash function, which can be applied to speed up provably secure signature schemes (such as Cramer-Shoup) and designated-verifier signatures.
Engineering Aspects of Hash Functions
cerc.wvu.edu
Hash functions have numerous applications in cryptography, from public key to cryptographic protocols and cryptosystems. Evidently, substantial effort was invested on designing "secure" hash functions, unintentionally overlooking other engineering aspects that may affect their use in practice. However, we argue that in some applications, the efficiency of hash functions is as important as their security. Unlike most of the existing related works in the literature (which merely report on efficiency figures of some popular hash functions without discussing how and why these results were obtained), we not only discuss how to carry out efficiency evaluations, we also provide a set of optimization guidelines to assist implementers in optimizing their implementations. We demonstrate this by adopting an existing SHA-1/SHA-2 implementation and show how minor optimization can lead to significant efficiency improvements.
The Hash Function "Fugue
IACR Cryptology ePrint Archive, 2014
We describe Fugue, a hash function supporting inputs of length upto 2 64 -1 bits and hash outputs of length upto 512 bits. Notably, Fugue is not based on a compression function. Rather, it is directly a hash function that support variable-length input. The starting point for Fugue is the hash function Grindahl, but it extends that design to protect against the kinds of attacks that were developed for Grindahl, as well as earlier hash functions like SHA-1. A key enhancement is the design of a much stronger round function which replaces the AES round function of Grindahl, using better codes (over longer words) than the AES 4 × 4 MDS matrix. Also, Fugue makes judicious use of this new round function on a much larger internal state. The design of Fugue is proof-oriented: the various components are designed in such a way as to allow proofs of security. As a result, we can prove that current attack methods cannot find collisions in Fugue any faster than the trivial birthday attack. Although the proof is computer assisted, the assistance is limited to computing ranks of various matrices.
Software Performance of Universal Hash Functions
Lecture Notes in Computer Science, 1999
This paper compares the parameters sizes and software performance of several recent constructions for universal hash functions: bucket hashing, polynomial hashing, Toeplitz hashing, division hashing, evaluation hashing, and MMH hashing. An objective comparison between these widely varying approaches is achieved by defining constructions that offer a comparable security level. It is also demonstrated how the security of these constructions compares favorably to existing MAC algorithms, the security of which is less understood. F.W.O. postdoctoral researcher, sponsored by the Fund for Scientific Research-Flanders (Belgium). 1 Throughout this paper performance numbers will be given for a 200 MHz Pentium.
Experimental Evaluation of Hash Function Performance on Embedded Devices
2018 IEEE Canadian Conference on Electrical & Computer Engineering (CCECE), 2018
With embedded devices collecting, manipulating, and transmitting growing amounts of data in various Internet of Things applications, it is increasingly important to process data on device for performance and energy efficiency. A common data processing function is computing hash functions for use in hashbased data structures and algorithms. The limited computation and memory resources of embedded devices results in different performance characteristics compared to general purpose computers. This research implements and experimentally evaluates the performance of non-cryptographic hash functions. Seven hash function algorithms were chosen on the basis of implementation complexity, popularity, and compatibility with microcontroller architecture. These functions were implemented in C/C++ for the ATmega328P 8-bit microcontroller used in the Arduino Uno, and on the Microchip PIC24 16-bit microcontroller. Some optimizations were implemented to reduce memory usage. Experimental results demonstrate that there are platform specific performance differences.
Why Simple Hash Functions Work: Exploiting the Entropy in a Data Stream
Hashing is fundamental to many algorithms and data structures widely used in practice. For theoretical analysis of hashing, there have been two main approaches. First, one can assume that the hash function is truly random, mapping each data item independently and uniformly to the range. This idealized model is unrealistic because a truly random hash function requires an exponential number of bits to describe. Alternatively, one can provide rigorous bounds on performance when explicit families of hash functions are used, such as 2-universal or O(1)-wise independent families. For such families, performance guarantees are often noticeably weaker than for ideal hashing.
Synthetic and real data sets for benchmarking non-cryptographic hash functions
Data in Brief, 2019
The overall assessment of non-cryptographic functions is very complex and there is not a widely used benchmark. These data have been collected and created as a benchmark for testing noncryptographic hash functions. It is made up of eight dataset which comes from two different groups, real and synthetic data sources. The objective when selecting and generating the data has been redundancy and structures present in real-world scenarios. These data have been used for benchmarking non-cryptographic hash functions in [1] and [2].
An Efficient Cryptographic Hash Algorithm (BSA)
2010
Recent cryptanalytic attacks have exposed the vulnerabilities of some widely used cryptographic hash functions like MD5 and SHA-1. Attacks in the line of differential attacks have been used to expose the weaknesses of several other hash functions like RIPEMD, HAVAL. In this paper we propose a new efficient hash algorithm that provides a near random hash output and overcomes some of the earlier weaknesses. Extensive simulations and comparisons with some existing hash functions have been done to prove the effectiveness of the BSA, which is an acronym for the name of the 3 authors.
The hash function family LAKE
2008
This paper advocates a new hash function family based on the HAIFA framework, inheriting built-in randomized hashing and higher security guarantees than the Merkle-Damgård construction against generic attacks. The family has as its special design features: a nested feedforward mechanism and an internal wide-pipe construction within the compression function. As examples, we give two proposed instances that compute 256-and 512-bit digests, with a 8-and 10-round compression function respectively.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.