Multi-Collision Resistance: A Paradigm for Keyless Hash Functions

We study the notion ofmulti-collision resistance of hash functions— a natural relaxation of collisionresistance that only guarantees the intractability of finding many (rather than two) inputs that map to the same image. An appealing feature of such hash functions is that unlike their collision-resistant counterparts, they do not necessarily require a key. Specifically, in the keyless setting, we only require that the size of collisions an adversarial algorithm can find is not much larger than its description size, or non-uniform advice. We show how to replace collision resistance with multi-collision resistance in several foundational applications. Relying on such keyless functions, we improve on the best known round complexity for these applications. This includes: • 3-message zero-knowledge arguments for NP. • 3-message succinct arguments of knowledge for NP. • 4-message ε-zero-knowledge proofs for NP. • 5-message public-coin zero-knowledge arguments for NP. These results are obtained in the standard model of non-uniform adversaries of arbitrary polynomial size. Our techniques can also be applied in the keyed setting, at the cost of adding another message. In this case, we relax the known complexity assumptions for the last three applications, while still matching the state of the art in terms of round complexity. The core technical contribution behind our results is a domain extension transformation from multicollision-resistant hash functions for a fixed input length to ones with an arbitrary input length and a local opening property. ∗MIT, email [email protected]. Supported by NSF Grants CNS-1350619 and CNS-1414119, and the Defense Advanced Research Projects Agency (DARPA) and the U.S. Army Research Office under contracts W911NF-15-C-0226 and W911NF-15-C-0236. †Microsoft Research, email [email protected]. ‡MIT, email [email protected] Supported byNSFGrants CNS-1350619 andCNS-1414119, and theDefenseAdvanced Research Projects Agency (DARPA) and the U.S. Army Research Office under contracts W911NF-15-C-0226 and W911NF-15-C-0236. ISSN 1433-8092 Electronic Colloquium on Computational Complexity, Revision 1 of Report No. 99 (2017)