Talk:Universal one-way hash function

This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Cryptography: Computer science Low‑importance This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles Low This article has been rated as Low-importance on the importance scale. This article is supported by WikiProject Computer science (assessed as Low-importance).

This article may be too technical for most readers to understand. Please help improve it to make it understandable to non-experts, without removing the technical details. (September 2010) (Learn how and when to remove this message)

This article needs to be improved. Here are just a few places where the current article is confusing and contradicting:

• In cryptography a Universal One Way Hash Function (UOWHF), ..., is a cryptographic hash function.

That's already wrong. One of the advantages of UOWHF is that they have weaker assumptions than cryptographic hash functions, hence UOWHF need not necessarily be cryptographic hash functions.

• Collision Resistant Hash Functions (CRHF) are based on the stronger assumption that finding a collision in hash function is impossible.

Again, wrong. If the hash function is secure then it is only infeasible to find collisions not impossible.

• Any cryptographic system based on CRHF is considered to be less secure.

Less secure than what?

• UOWHFs are based on weaker assumption that finding a collision in ${\displaystyle t}$ time units with probability ${\displaystyle \epsilon }$ is impossible, known as ${\displaystyle (t,\epsilon )}$-UOWHF's.

This seems to describe a cryptographic hash function. If I understand it correctly, then UOWHFs require some form of 2nd preimage resistance and not collision resistance.

• And collision resistance is achieved by applying hash functions several time from this family.

I can't find such a theorem in the papers given as reference.

• These functions need keys to operate on them.

Again, I can't find any reference for using keys in the definition given by Naor and Yung.

• In CRHF the adversary wins the game once he finds a collision pair.

Taken out of context.

• Assuming CRHF and designing hash functions based on that would be a costly mistake.

Confusing. Why would it be a mistake to design a collision resistant CRHF?

• The security bound is ${\displaystyle 2^{n}}$ when the output length is n.

This is unclear, because it is taken out of context.

• In UOWHF the adversary does not win for any collision. He has to specify a state, say S, and then he gets the key K. He now has to find a collision for the specified S and ${\displaystyle h_{K}}$.

Again, unclear because the role of the keys has not been specified.

• To achieve higher order UOWHF at the same time.

Undefined. What are higher order UOWHFs?

• UOWHF is used for achieving secure signatures.

Unclear. Does that mean if UOWHFs exist then a secure signature scheme exists or does it mean that some signature schemes in use today are based on UOWHFs?

85.2.41.214 13:06, 9 July 2007 (UTC)[reply]

• The UOWHF family contains a finite number of hash functions with each having the same probability of being used.

Used for what?

84.226.6.172 (talk) 17:08, 8 September 2013 (UTC)[reply]