Inaccessible Entropy II: IE Functions and Universal One-Way Hashing

TL;DR

This paper presents a new approach using inaccessible entropy to construct universal one-way hash functions from any one-way function, unifying several fundamental cryptographic primitives.

Contribution

It introduces a novel construction and proof for UOWHFs based on inaccessible entropy, providing a unified framework for multiple cryptographic primitives.

Findings

Constructs UOWHFs from any one-way function using inaccessible entropy.

Shows a small tweak of any one-way function yields a weak UOWHF.

Unifies the construction of pseudorandom generators, commitments, and UOWHFs.

Abstract

This paper uses a variant of the notion of \emph{inaccessible entropy} (Haitner, Reingold, Vadhan and Wee, STOC 2009), to give an alternative construction and proof for the fundamental result, first proved by Rompel (STOC 1990), that \emph{Universal One-Way Hash Functions (UOWHFs)} can be based on any one-way functions. We observe that a small tweak of any one-way function $f$ is already a weak form of a UOWHF: consider the function $F(x,i)$ that returns the $i$-bit-long prefix of $f(x)$. If $F$ were a UOWHF then given a random $x$ and $i$ it would be hard to come up with $x'\neq x$ such that $F(x,i)=F(x',i)$. While this may not be the case, we show (rather easily) that it is hard to sample $x'$ with almost full entropy among all the possible such values of $x'$. The rest of our construction simply amplifies and exploits this basic property.Combined with other recent work, the construction of three fundamental cryptographic primitives (Pseudorandom Generators, Statistically Hiding Commitments and UOWHFs) out of one-way functions is now to a large extent unified. In particular, all three constructions rely on and manipulate computational notions of entropy in similar ways. Pseudorandom Generators rely on the well-established notion of pseudoentropy, whereas Statistically Hiding Commitments and UOWHFs rely on the newer notion of inaccessible entropy.