Abstract:Collision-resistant hash functions ( ) are a fundamental and ubiquitous cryptographic primitive. Several recent works have studied a relaxation of called t -way multi-collision-resistant hash functions ( ). These are families of functions for which it is computationally hard to find a t -way collision, even though such collisions are abundant (and even -way collisions may be easy to find). The case of corresponds to standard , but it is natural to study t - for larger values of t . Multi-collision resistance seems to be a qualitatively weaker property than standard collision resistance. Nevertheless, in this work we show a non-blackbox transformation of any moderately shrinking t - , for , into an (infinitely often secure) . This transformation is non-constructive—we can prove the existence of a but cannot explicitly point out a construction. Our result partially extends to larger values of t . In particular, we show that for suitable values of , we can transform a t - into a - , at the cost of reducing the shrinkage of the resulting hash function family and settling for infinitely often security. This result utilizes the list-decodability properties of Reed–Solomon codes.

What problem does this paper attempt to address?

The core problem that this paper attempts to solve is: **Can a standard collision - resistant hash function (CRH) be constructed from a t - multi - collision - resistant hash function (t - MCRH)?** Specifically, the author studies whether the existence of a standard collision - resistant hash function can be deduced when there are sufficiently contracting 3 - or 4 - multi - collision - resistant hash functions. ### Main problems and background of the paper 1. **Collision - resistant hash function (CRH)**: This is a basic and widely - used primitive in cryptography. It is a function that compresses the input, but it is computationally infeasible to find two different inputs that produce the same output (i.e., a collision). 2. **Multi - collision - resistant hash function (t - MCRH)**: This is a relaxed version of CRH. For a given integer \(t\), t - MCRH means that it is computationally difficult to find \(t\) different inputs mapped to the same output, even if such collisions exist in large numbers, and it may even be easy to find \((t - 1)\)-way collisions. 3. **Research motivation**: Although CRH is a stronger property, in some applications, MCRH is already powerful enough. Therefore, studying the possibility of constructing CRH from MCRH has important theoretical significance. ### Main contributions of the paper 1. **Non - black - box transformation**: The author shows how to transform 3 - or 4 - multi - collision - resistant hash functions (3 - or 4 - MCRH) into standard collision - resistant hash functions (CRH) through non - black - box techniques. This transformation is non - constructive, that is, we can only prove the existence of CRH, but cannot clearly point out the specific construction method. 2. **Contraction requirements**: - For 3 - MCRH, assuming its contraction parameter is \(\ell=n / 2+\omega(\log n)\), a non - uniform and infinitely - often - secure CRH can be constructed. - For 4 - MCRH, assuming its contraction parameter is \(\ell = 5n/6+\omega(\log n)\), a non - uniform and infinitely - often - secure CRH can also be constructed. 3. **Further generalization**: The author also shows how to construct a smaller \(t'\)-MCRH from a larger \(t\)-MCRH and discusses the impact of these transformations on contraction. ### Technical details - **Construction idea**: By introducing an additional non - cryptographic function family \(G\), the author constructs two new hash function families \(F\) and \(FA\). If neither of these two function families is a CRH, then a 3 - way collision in the original hash function family can be found through them, thus leading to a contradiction. - **Dealing with imperfect adversaries**: In the actual construction, the situation where the adversary may not always be able to find collisions is considered, and this problem is solved through the derandomization technique. ### Open problems 1. **Explicit construction**: Can a CRH be explicitly constructed from 3 - MCRH? 2. **Standard security**: Can a standard - secure CRH be constructed from 3 - MCRH, rather than being limited to an infinitely - often - secure CRH? 3. **Larger \(t\) cases**: Can a CRH be constructed from a \(t\)-MCRH for any constant \(t\)? These problems provide directions for further research, and also indicate the limitations of existing technologies and possible future breakthrough points.

Collision Resistance from Multi-collision Resistance

Distributional Collision Resistance Beyond One-Way Functions

Finding Collisions in a Quantum World: Quantum Black-Box Separation of Collision-Resistance and One-Wayness

Methods for Collisions in Some Algebraic Hash Functions

CoTree: A Side-Channel Collision Tool to Push the Limits of Conquerable Space

Quantum Collision Resistance of Double-Block-Length Hashing

A Formula That Generates Hash Collisions

On the Concept of Cryptographic Quantum Hashing

Time-Space Lower Bounds for Finding Collisions in Merkle–Damgård Hash Functions

The NISQ Complexity of Collision Finding

A Lightweight Detection Algorithm for Collision-Optimized Divide-and-Conquer Attacks

One-Way Hash Function Construction Based on Tangent-Delay Ellipse Reflecting Cavity-Map System

Post-quantum hash functions using

An efficient multi-use multi-secret sharing scheme based on hash function

Multi-Collision Attack On The Compression Functions Of Md4 And 3-Pass Haval

MultiCollision Attack on the Compression Functions of MD4 and 3-Pass HAVAL.

Bidirectional Collision Detection and Faster Deterministic Isomorphism Testing

Fully Quantum Hash Function

SHA-256 Collision Attack with Programmatic SAT

Unclonable Cryptography with Unbounded Collusions

Can There Be a Two Way Hash Function?