# Problem 53: Homomorphic Hash Functions

Suggested by | Ely Porat |
---|---|

Source | Dortmund 2012 |

Short link | https://sublinear.info/53 |

**Question:** Construct a hash function
$
h:\F_p^n \to \F_p^m
$, where $m<n$, satisfying the following properties:

- h is linear: $h(u+v)=h(u)+h(v)$ for all $u,v\in \F_p^n$;
- for any $u,v$, we have $\Pr_h[h(u)=h(v)]=\frac{c}{p^m}$ for some constant $c$ independent of $n,m$.

One solution is by considering a random linear function, given by the matrix $M$. Then we have that $\Pr_M[Mu=Mv]=\Pr_M[M(u-v)=0]=1/p^m$. This function would require $O(nm\log p)$ random bits, and computing $h$ takes $O(nm)$ time. We would like more efficient solutions. Ely and coauthors claim a solution with $O((n+m)\log p)$ bits, and $O((n+m)\log (n+m))$ time. If one considers Reed-Salomon codes, it seems that they would give worse bound on second property (probability of collision).