Universal one-way hash function

In cryptography a Universal One Way Hash Function (UOWHF), often pronounced "woof", is a type of universal hash function of particular importance to cryptography. UOWHF's are proposed as an alternative to collision-resistant hash functions (CRHFs). CRHFs have a strong collision-resistance property: that it is hard, given randomly chosen hash function parameters, to find any collision of the hash function. In contrast, UOWHFs require that it be hard to find a collision where one preimage is chosen independently of the hash function parameters.

The Universal One Way Hash Function (UOWHF) family contains a finite number of hash functions with each having the same probability of being used.

The security property of a UOWHF is as follows. Let ${\displaystyle A}$ be an algorithm that operates in two phases:

• Initially, ${\displaystyle A}$ receives no input (or, just a security parameter) and chooses a value ${\displaystyle x}$.
• A hash function ${\displaystyle H}$ is chosen from the family. ${\displaystyle A}$ then receives ${\displaystyle H}$ and must output ${\displaystyle y}$ such that ${\displaystyle H(x)=H(y)}$.

Then for all polynomial-time ${\displaystyle A}$ the probability that ${\displaystyle A}$ succeeds is negligible.

UOWHFs are thought to be less computationally expensive than CRHFs, and are most often used for efficiency purposes in schemes where the choice of the hash function happens at some stage of execution, rather than beforehand. For instance, the Cramer-Shoup system uses a UOWHF as part of the validity check in its ciphertexts.

• Moni Naor and Moti Yung, "Universal One-Way Hash Functions and their Cryptographic Applications.", 1986, , from [1]

• Oded Goldreich, "Foundations of Cryptography" , Volume 2, Cambridge University Press, 2004, from [2]