Problem 53: Homomorphic Hash Functions
Suggested by | Ely Porat |
---|---|
Source | Dortmund 2012 |
Short link | https://sublinear.info/53 |
Question: Construct a hash function $ h:\F_p^n \to \F_p^m $, where $m<n$, satisfying the following properties:
- h is linear: $h(u+v)=h(u)+h(v)$ for all $u,v\in \F_p^n$;
- for any $u,v$, we have $\Pr_h[h(u)=h(v)]=\frac{c}{p^m}$ for some constant $c$ independent of $n,m$.
One solution is by considering a random linear function, given by the matrix $M$. Then we have that $\Pr_M[Mu=Mv]=\Pr_M[M(u-v)=0]=1/p^m$. This function would require $O(nm\log p)$ random bits, and computing $h$ takes $O(nm)$ time. We would like more efficient solutions. Ely and coauthors claim a solution with $O((n+m)\log p)$ bits, and $O((n+m)\log (n+m))$ time. If one considers Reed-Salomon codes, it seems that they would give worse bound on second property (probability of collision).