The Improvement of the Bound on Hash Family

The Impro v emen t of the Bound on Hash F amily Xianmin F eng, Jiansheng Y ang ∗ Sc ho ol of Science, Shanghai Univ ersit y Shanghai 20044 4, China Abstract In this pap er, w e study the bo und on three kinds of hash fa mily using the Singleton b ound. T o ε − U ( N ; n, m ) hash family , in t he ca es of n > m 2 > 1 and 1 ≥ ε ≥ ε 1 ( n, m ), we get tha t the new b ound is better . T o ε − △ U ( N ; n, m ) hash family , in the case of n > m > 1 and 1 ≥ ε ≥ ε 3 ( n, m ), the new b ound is b etter. T o ε − S U ( N ; n, m ) hash family , in the case of n > 2 m > 2 and 1 ≥ ε ≥ ε 4 ( n, m ), w e get that the new b ound is b etter. Keywor ds: has h fa mily ; the Singleton b ound; the P lotkin bo und; MDS co de 1 In tro duction The concept kno wn as “univ ersal hashing” wa s inv en ted b y carter and w egman [1] in 1979. In [2, p. 18], Avi Wigderson charact erizes univ ersal hashing as b eing a to ol whic h ”should b elong to th e fundamen tal b ag of tric ks ev ery computer scien tist”. The h ash fun ction has o wned broad us e in information authen tication field suc h as digital signature, and has had close relation to authentic ation co des [10]. In 1980, D. V. Sarwate [5] introd uced the Plotkin b oun d to an ε − U ( N ; n, m ) hash family , and got ε ≥ n − m m ( n − 1) . In 1994, D. R. S tinson [3] go t N ≥ n ( m − 1) n ( εm − 1)+ m 2 (1 − ε ) when he stud ied the ε − U ( N ; n, m ) hash family . In 19 95, h e [8] got N ≥ n ( m − 1) m − n + mε ( n − 1) when studied the ε − △ U ( N ; n, m ) h ash family , and got N ≥ 1 + n ( m − 1) 2 mε ( n − 1)+ m − n when studied the ε − S U ( N ; n, m ) h ash family . ∗ Corresponding author: Jiansheng Y ang (1963 - ), Man, Asso ciate Professor, Doctor, Ma jor in Graph Theory , Co ding Theory . E-mail: y jsyjs@staff.s hu.edu.cn 1 In the follo wing, W e denote ( n − m 2 )(log m n − 1)) ( mn − m 2 ) log m n + m 2 + n − 2 mn , n − m m ( n − 1) , n ( m − 1)( m − 2) +(log 2 n + m − 1)( n − m ) m ( n − 1)(log 2 n + m − 1) − 2 n ( m − 1) , resp ectiv ely , by ε 1 ( n, m ), ε 2 ( n, m ), ε 3 ( n, m ) and denote the smaller solution of the equation: 2( n − 1) x 2 − [ m ( n − 1)(log 2 n − 3) + 6 n − 2 m − 4] x + ( m − 2)( nm − 2 n + 1) + ( n − m ) log 2 n = 0 b y ε 4 ( n, m ). In this pap er, we in tro duce the Singleton b ound to ε − U ( N ; n, m ) hash family , and get N ≥ log m n − 1 ε . Through comparing the t w o b ounds, w e get that the n ew b oun d is b ette r wh en 1 ≥ ε ≥ ε 1 ( n, m ), and the old b ound is b etter when ε 1 ( n, m ) > ε ≥ ε 2 ( n, m ). Mean while, w e introd uce the Singleton b ound to ε − △ U ( N ; n, m ) h ash family , and get N ≥ log 2 n + m − 1 m − 2+2 ε . Through co mparing, we get that the new b oun d is b etter when 1 ≥ ε ≥ ε 3 ( n, m ), and the old b ound is b etter wh en ε 3 ( n, m ) > ε ≥ 1 m . W e also in tro duce the S ingleton b ound to ε − S U ( N ; n, m ) hash family , and get N ≥ m log 2 n m − 2(1 − ε ) . Through comparing, we get that the new b ound is b etter when 1 ≥ ε ≥ ε 4 ( n, m ), an d th e old b ound is b etter when ε 4 ( n, m ) > ε ≥ 1 m . 2 Hash F amily and Co des Definition 2.1[7] Let A, B are fin it sets, supp ose | A | ≥ | B | , the fu nction h : A → B is called hash f unction. Definition 2.2[3] Let ~ is the set of hash f unction h : A → B , if | A | = n , | B | = m , | ~ | = N , then it is called ( N ; n, m ) hash f amily . Definition 2.3[8] An ( N ; n, m ) hash family is ε − univ er sal p ro vided that for an y t w o distinct elemen ts a 1 , a 2 ∈ A , there exist at most εN fun c- tions h ∈ ζ such that h ( a 1 ) = h ( a 2 ). w e w ill use the notation ε − U as an abbreviation for ε − univ er sal . If the ε of an ε − U ( N ; n, m ) hash family is 1 m , it is kn o wn as univ er sal hashing[1]. Generally , to an ε − U ( N ; n, m ) hash family , εN is the s maller the b etter. Definition 2.4[8] Supp ose that functions in an ( N ; n, m ) h ash f amily , ~ , hav e range B = G , where G is an additiv e ab elian group (of order m ). ~ is called ε − △ univ er s al provided th at for an y t w o distinct elemen ts a 1 , a 2 ∈ A and for any elemen t b ∈ G , there exist at most εN functions h ∈ ~ such that h ( a 1 ) − h ( a 2 ) = b . W e will use the notation ε − △ U as an abbr eviati on for ε − △ univ er s al . Definition 2.5[8] An ( N ; n, m ) hash f amily is ε − str ong l y univ er sal pro vided that the f ollo w ing t wo conditions are satisfied: 2 1. for an y elemen t a ∈ A and amy elemen t b ∈ B , there exist exactly N/m functions h ∈ ~ s uc h th at h ( a ) = b. 2. for an y t wo distinct elemen ts a 1 , a 2 ∈ A and for any t w o (not nec- essa yily distin ct) elemen ts b 1 , b 2 ∈ B , there exist at most εN /m functions h ∈ ~ su c h that h ( a i ) = b i , i = 1 , 2 . W e will use the notation ε − S U as an abbreviation for ε − str on gl y univ er sal . Theorem 2.6[6] If there exists an ( N , K, D , q ) co de, then ther e exists a (1 − D N ) − U ( N ; K, q ) hash family . Conv ersely , if there exists an ε − U ( N ; n, m ) hash family , then th ere exists an ( N , n, (1 − ε ) N , m ) co de. Theorem 2.7[8] If there exists an [ N , k, D , q ] co de C with th e prop ert y that e = (1 , · · · , 1) ∈ C , then there exists a (1 − D N ) − △ U ( N ; q k − 1 , q ) hash family defined o v er F q . Theorem 2.8[5] If there exists an ε − U ( N ; n, m ) h ash family , then ε ≥ n − m m ( n − 1) . Theorem 2.9[8] If there exists an ε − △ U ( N ; n, m ) hash family , th en ε ≥ 1 m . Theorem 2.10[8] If there exists an ε − S U ( N ; n, m ) hash family , then ε ≥ 1 m . Theorem 2.11[3] If there exists an ε − U ( N ; n, m ) hash f amily , th en N ≥ n ( m − 1) n ( εm − 1) + m 2 (1 − ε ) . (1) Theorem 2.12[8] If th er e exists an ε − △ U ( N ; n, m ) hash family , then N ≥ n ( m − 1) m − n + mε ( n − 1) . (2) Theorem 2.13[8] If there exists an ε − S U ( N ; n, m ) hash family , then N ≥ 1 + n ( m − 1) 2 mε ( n − 1) + m − n . (3) The follo wing discu ssion demand s m > 1. 3 3 An New Bound for ε − U Hash F a mily Theorem 3.1[4] F or q , n, d ∈ N , q ≥ 2, we h av e A ( n, d ) ≤ q n − d +1 . So, we can get K ≤ q N − D +1 in an ( N , K, D , q ) ( q ≥ 2) co de. This is called the Singleton b ound . Theorem 3.2 If th ere exists an ε − U ( N ; n, m ) hash family , then N ≥ log m n − 1 ε . (4) Pro of: F rom Theorem 2.6, since th ere exists an ε − U ( N ; n, m ) hash family , then there exists an ( N , n, (1 − ε ) N , m ) co de. Using the Singleton b ound, w e get n ≤ m N − (1 − ε ) N +1 . So, log m n ≤ εN + 1 . Th us, N ≥ log m n − 1 ε .  Lemma 3.3 If n > m 2 , then 1 > ( n − m 2 )(log m n − 1)) ( mn − m 2 ) log m n + m 2 + n − 2 mn > n − m m ( n − 1) . Pro of: Let log m n = 1 + α , since n > m 2 > 1, th en α > 1. Thus ( n − m 2 )(log m n − 1)) ( mn − m 2 ) log m n + m 2 + n − 2 mn = ( n − m 2 ) α m (1+ α )( n − m )+ m 2 + n − 2 mn = ( n − m 2 ) α ( α − 1) mn + n − m 2 α = ( n − m 2 ) α ( α − 1)( m − 1) n +( n − m 2 ) α < 1 . Conside function: f ( x ) = m x − mx ( m > 1), f ′ ( x ) = m x ln m − m . Since m > 1, then f ′ ( x ) > 0 when x > 1, this means f ( x ) is a strictly monoton y increasing fu nction. Mo v eo v er, f ( x ) = 0 when x = 1. That is to sa y , m α > mα wh en n > m 2 > 1. So, n ( m − 1) m ( − mα + α + m α − 1) > 0 is true. 4 Since log m n = α + 1 ( α > 1), then n = m α +1 , subs titute it to the ab o v e inequalit y , we get n ( m − 1)( − m 2 α + mα + n − m ) > 0 . No w, by this, we ha ve ( nα − m 2 α )( mn − m ) > ( mnα − m 2 α − mn + n )( n − m ) . Since mn ( α − 1) − m 2 α + n = mn ( α − 1) − m 2 ( α − 1) + n − m 2 = m ( α − 1)( n − m ) + n − m 2 > 0 , so, ( n − m 2 ) α mn ( α − 1) − m 2 α + n > n − m m ( n − 1) . Th us, ( n − m 2 )(log m n − 1)) ( mn − m 2 ) log m n + m 2 + n − 2 mn > n − m m ( n − 1) .  Theorem 3.4 If there exists an ε − U ( N ; n, m ) h ash family , and n > m 2 , then the b oun d (4) is b etter than (1) when 1 ≥ ε ≥ ε 1 ( n, m ); the b oun d (1) is b etter than (4) when ε 1 ( n, m ) > ε ≥ ε 2 ( n, m ) . Pro of: The b ound (4) b etter than (1) means log m n − 1 ε ≥ n ( m − 1) n ( εm − 1) + m 2 (1 − ε ) . F rom th e ab ov e inequalit y , w e hav e ε ≥ ( n − m 2 )(log m n − 1)) ( mn − m 2 ) log m n + m 2 + n − 2 mn = ε 1 ( n, m ) . Using the same w a y , we can get: the b oun d (1) is b etter when ε 1 ( n, m ) > ε ≥ ε 2 ( n, m ).  Note: In b oth b ounds, εN must b e an in teger. Theorem 3.5 There exists an ε − U ( N ; n, m ) hash family and N = log m n − 1 ε if and only if there exists an MDS co de ( N , n, (1 − ε ) N , m ). It is clear. No w, we ha ve : 5 Theorem 3.6 Su pp ose q is a p ow er of p rime w ith (1 < k < n ≤ q + 1). Then there is a k − 1 n − U ( n ; q k , q ) hash family . Another n ice application also uses MDS co de. F rom [4], we kno w there exists an [ n, n − 1 , 2 , q ] ( q ≥ 2) MDS co de. Let n = q i +1 , there exists its sub co de ( q i +1 , (2 q − 1) × q q i +1 − 3 , 2 , q ). Applying Th eorem 2.6, the follo wing is obtained. Theorem 3.7 T here exists a (1 − 2 q i +1 ) − U ( q i +1 ; (2 q − 1) × q q i +1 − 3 , q ) ( q ≥ 2 , i ≥ 1) hash family . F rom this theorem, m = q , n = (2 q − 1) × q q i +1 − 3 , ε = 1 − 2 q i +1 , w e h av e ε > ε 1 ( n, m ), then the b ound (4) is b etter. So, N ≥ ⌈ log m n − 1 ε ⌉ = ⌈ [ q i +1 − 3 − 1 + log q (2 q − 1)] × q i +1 q i +1 − 2 ) ⌉ = q i +1 . Thus, (1 − 2 q i +1 ) − U ( q i +1 ; (2 q − 1) × q q i +1 − 3 , q ) hash family has the smallest N . 4 An New Bound for ε − △ U Hash F ami ly Lemma 4.1 If n > m , then 1 > n ( m − 1)( m − 2) + (log 2 n + m − 1)( n − m ) m ( n − 1)(log 2 n + m − 1) − 2 n ( m − 1) > 1 m . Pro of: Since n > m > 1, then ( m − 1) n (1 − log 2 n ) < 0. W e ha ve n ( m − 1)( m − 2)+ (log 2 n + m − 1)( n − m ) < m ( n − 1)(log 2 n + m − 1) − 2 n ( m − 1) . Since m ( n − 1)(log 2 n + m − 1) − 2 n ( m − 1) = m ( n − 1)(log 2 n + m − 3) + 2 n − 2 m > 0 , th us, 1 > n ( m − 1)( m − 2) + (log 2 n + m − 1)( n − m ) m ( n − 1)(log 2 n + m − 1) − 2 n ( m − 1) . Since m ( m − 1)( n − log 2 n ) + ( m − 1) 2 ( mn − m − 2 n ) > 0 , then mn ( m − 1)( m − 2) + m (log 2 n + m − 1)( n − m ) − [ m ( n − 1)(log 2 n + m − 1) − 2 n ( m − 1)] > 0 . 6 Th us, n ( m − 1)( m − 2) + (log 2 n + m − 1)( n − m ) m ( n − 1)(log 2 n + m − 1) − 2 n ( m − 1) > 1 m .  F rom the pro of of Th eorem 2.12 in [8], w e hav e that if there exists an ε − △ U ( N ; n, m ) hash family , then there exists a constan t-w eigh t (( N − 1) m, n, 2 N (1 − ε ) , 2) co de. Using the S ingleton b oun d, we h a v e n ≤ 2 ( N − 1) m − 2(1 − ε ) N +1 . So, the b ound (4) is c hanged to N ≥ log 2 n + m − 1 m − 2 + 2 ε . (5) Theorem 4.2 If there exists an ε − △ U ( N ; n, m ) hash family and n > m , then the b oun d (5) is b etter than (2) when 1 ≥ ε ≥ ε 3 ( n, m ); the b oun d (2) is b etter than (5) when ε 3 ( n, m ) > ε ≥ 1 m . Pro of: The b ound (5) b etter than (2) means log 2 n + m − 1 m − 2 + 2 ε ≥ n ( m − 1) m − n + mε ( n − 1) . F rom th e ab ov e inequalit y , w e hav e ε ≥ n ( m − 1)( m − 2) − (log 2 n + m − 1)( m − n ) m ( n − 1)(log 2 n + m − 1) − 2 n ( m − 1) = ε 3 ( n, m ) . Using the same w a y , we can get: the b oun d (2) is b etter when ε 3 ( n, m ) > ε ≥ 1 m .  Note: In b oth b ounds, εN must b e an in teger. Example: Let ε = 1 − 2 ( q − 1) i +1 ( q > 2 , i > 1) , n = q ( q − 1) i +1 − 1 , m = q , then th rough computin g, we hav e 1 > ε > ε 3 ( n, m ), so the b ound (5) is b etter. Then N ≥ log 2 n + m − 1 m − 2 + 2 ε = ( q − 1) i +1 log 2 q + q − log 2 q − 1 q + 4 ( q − 1) i +1 . 7 Since q > 2 , i > 1, then we ha v e ( q − 1) i < ( q − 1) i +1 log 2 q + q − log 2 q − 1 q + 4 ( q − 1) i +1 < ( q − 1) i +1 . Since εN is an intege r, then N ≥ ( q − 1) i +1 . F rom [4], w e kn o w there exists an [ n, n − 1 , 2 , q ] MDS co de C . Let n = ( q − 1) i +1 , we m a y assume that e = (1 , · · · , 1) ∈ C , then f r om Th eorem 2.7, w e hav e the f ollo w ing. Theorem 4.3 There exists a (1 − 2 ( q − 1) i +1 ) −△ U (( q − 1) i +1 ; q ( q − 1) i +1 − 1 , q ) ( q > 2 , i > 1) hash f amily . 5 An New Bound for ε − S U Hash F ami ly F or n, m > 0, we d enote 2( n − 1) b y a , denote m ( n − 1)(log 2 n − 3) + 6 n − 2 m − 4 by b and d enote ( m − 2)( nm − 2 n + 1) + ( n − m ) log 2 n by c . Then, ε 4 ( n, m ) = b − √ b 2 − 4 ac 2 a . Lemma 5.1 If n > 2 m , then 1 > ε 4 ( n, m ) > 1 m . Pro of: Since n > 2 m > 1, th en n ( m − 1)( m − log 2 n ) < 0. So, 2( n − 1) − [ m ( n − 1)(log 2 n − 3) + 6 n − 2 m − 4] + ( m − 2)( nm − 2 n + 1) + ( n − m ) log 2 n < 0 . This is to say a + b + c < 0. T h us, ε 4 ( n, m ) = − b − √ b 2 − 4 ac 2 a < 1 . Since 2( n − 1) − m [ m ( n − 1)(log 2 n − 3) + 6 n − 2 m − 4] + m 2 [( m − 2)( nm − 2 n + 1) + ( n − m ) log 2 n ] = 2( n − 1) + m 2 log 2 n + m ( m 2 − 3 m + 4) + 3 mn ( m − 2) + m 3 ( n − log 2 n ) + m 2 n ( m − 1)( m − 4) > 0 . (It is ob vious when m ≥ 4. So, w e only n eed to c hec k on the cases m = 2 and m = 3 to get the r esult.) This is to say , a + bm + cm 2 > 0 . 8 Th us, ε 4 ( n, m ) > 1 m .  F rom the p ro of of Theorem 2.13 in [8], we ha v e that if there exists an ε − S U ( N ; n, m ) hash family , then there exists a constan t-w eigh t ( N − 1 , n, 2(1 − ε ) N/m, 2) co de. Using the Sin gleton b ound , we ha ve n ≤ 2 N − 1 − 2 N (1 − ε ) /m +1 . So, the b ound (4) is c hanged to N ≥ m log 2 n m − 2(1 − ε ) . (6) Theorem 5.2 If ther e exists an ε − S U ( N ; n, m ) hash family and n > 2 m , then the b ound (6) is b etter than (3) when 1 ≥ ε ≥ ε 4 ( n, m ); the b ound (3) is b etter than (6) when ε 4 ( n, m ) > ε ≥ 1 m . Pro of: The b ound (6) b etter than (3) means m log 2 n m − 2(1 − ε ) ≥ 1 + n ( m − 1) 2 mε ( n − 1) + m − n . F rom th e ab ov e inequalit y , w e hav e 1 ≥ ε ≥ ε 4 ( n, m ) . Using the same w a y , we can get: the b oun d (3) is b etter when ε 4 ( n, m ) > ε ≥ 1 m .  Note: In b oth b ounds, εN m m ust b e an in teger. References [1] J. L. Carter and M. N. W egman, “Universal Classes of Hash F unctions,” Com- puter and System Scienc es , vol. 18, pp. 143-1 54, 1 979. [2] A. Wigderson, “ Lectures o n the F usion Metho d a nd Eera ndomization,” T ech- nical Rep ort SOCS-95 .2, Schoo l o f Comprter Science, McGill Univ ersity ( file/ pub/tec h-rep orts/ library/r e ports / 95/TR95.2.ps.gz at the anonymous ftp site ftp.cs.mcgill.ca ). 9 [3] D. R. Stinson, “Universal Hashing and Authentication Codes,” Designs, Co des and Crypto gr aph y , vol. 4 , pp. 369- 380, Oct.1994 . [4] J. H. v an Lin t, “Intro duction to Co ding Theory ,” Springer-V erlag , 3rd ed. New Y o rk, Inc., pp. 64 -69, 1 999. [5] D. V. Sarwate, “A Note o n Universal Classes of Ha s h F unctio ns ,” Information Pr o c essing L etters , vol. 1 0 , pp. 41-4 5, 19 80. [6] J. Bierbr auer, T. Johanss an, G. Kabatianskii and B. Smeets, “O n F amilies of Hash F unctio ns via Geometr ic Co des and Concatenation,” In ” Adv a nces in Cryptology -CR YP TO ’93 ”, D. R. Stinson, ed., (Lectur e No tes in Computer Science), London: Spr ing er-V erlag, vol. 77 3, pp. 3 31-342, 19 93. [7] Jia nzhong ZHANG and Guo zhenXIA O, “T he C o nstructions of Authentication Co des With Hashing,” Ele ctr onics and Information T e chnolo gy , vol.6, pp. 533- 539, 2 001. [8] D. R. Stinson, “On the Connectio ns Be tw een Universal Ha shing, Combinato- rial Designs and Erro r-Corre c ting Co des,” Congr essus Numer , vol. 114, pp. 7-27, 1996. [9] D. R. Stinson, “Combinatorial T echniques for Universal Hashing ,” Computer and System Scienc es , vol.48, pp. 3 37-346, Apr. 1994 . [10] T . Johanss on, B. Smeets a nd G. Ka batianskii, “On the Cardina lity of Sys tem- atic Authen tication Co des via Err or Co rrecting Co des,” IEEE T r ansactions on In formatio n The ory , VOL. 42, NO. 2 , pp. 566-5 78, Ma r. 19 9 6. 10