Problem 53: Homomorphic Hash Functions

From Open Problems in Sublinear Algorithms
Jump to: navigation, search
Suggested by Ely Porat
Source Dortmund 2012
Short link

Question: Construct a hash function $ h:\F_p^n \to \F_p^m $, where $m<n$, satisfying the following properties:

  • h is linear: $h(u+v)=h(u)+h(v)$ for all $u,v\in \F_p^n$;
  • for any $u,v$, we have $\Pr_h[h(u)=h(v)]=\frac{c}{p^m}$ for some constant $c$ independent of $n,m$.

One solution is by considering a random linear function, given by the matrix $M$. Then we have that $\Pr_M[Mu=Mv]=\Pr_M[M(u-v)=0]=1/p^m$. This function would require $O(nm\log p)$ random bits, and computing $h$ takes $O(nm)$ time. We would like more efficient solutions. Ely and coauthors claim a solution with $O((n+m)\log p)$ bits, and $O((n+m)\log (n+m))$ time. If one considers Reed-Salomon codes, it seems that they would give worse bound on second property (probability of collision).