{"id":15645227,"url":"https://github.com/benwr/bromberg_sl2","last_synced_at":"2025-04-14T00:37:11.170Z","repository":{"id":45963775,"uuid":"315605839","full_name":"benwr/bromberg_sl2","owner":"benwr","description":"Cayley hashing as in \"Navigating in the Cayley Graph of SL₂(𝔽ₚ)\"","archived":false,"fork":false,"pushed_at":"2021-11-30T20:54:25.000Z","size":101,"stargazers_count":55,"open_issues_count":4,"forks_count":6,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-10T11:16:43.773Z","etag":null,"topics":["hash","hashing","homomorphic","matrix-multiplication","monoid","monoidal","sl2","tillich-zemor"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/benwr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-11-24T11:06:43.000Z","updated_at":"2025-01-01T05:59:46.000Z","dependencies_parsed_at":"2022-08-24T01:41:20.195Z","dependency_job_id":null,"html_url":"https://github.com/benwr/bromberg_sl2","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/benwr%2Fbromberg_sl2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/benwr%2Fbromberg_sl2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/benwr%2Fbromberg_sl2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/benwr%2Fbromberg_sl2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/benwr","download_url":"https://codeload.github.com/benwr/bromberg_sl2/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248803509,"owners_count":21164066,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hash","hashing","homomorphic","matrix-multiplication","monoid","monoidal","sl2","tillich-zemor"],"created_at":"2024-10-03T12:05:15.401Z","updated_at":"2025-04-14T00:37:11.150Z","avatar_url":"https://github.com/benwr.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Bromberg-Shpilrain-Vdovina SL₂ Homomorphic Hashing\n\nThis is an implementation of the Tillich-Zémor-style hash function\npresented in the paper [\"Navigating in the Cayley Graph of SL₂(𝔽ₚ)\"\n](https://link.springer.com/article/10.1007%2Fs00233-015-9766-5) by\nBromberg, Shpilrain, and Vdovina.\n\n\u003e ### Warning\n\u003e\n\u003e This module is not produced by cryptography experts, but by\n\u003e [some random guy](http://benwr.net). Furthermore, the algorithm\n\u003e was published in 2017, and is itself not at all battle-tested. Only\n\u003e use this library if you either (a) know what you're doing and have\n\u003e read and understood our code, and/or (b) are building something that\n\u003e does not rely heavily on the cryptographic properties of the hash\n\u003e function.\n\u003e\n\u003e If you _are_ a cryptography expert, we welcome any bug reports or\n\u003e pull requests! We also welcome them if you're not a cryptography\n\u003e expert; this library is quite simple, and should be easy to grok\n\u003e over a coffee with a copy of the paper linked above in hand.\n\n# What is this library for?\n\nThis library implements a putatively-strong hash function H with the\nuseful property that it gives a monoid homomorphism. This means there\nis a cheap operation `*` such that given strings `s1` and `s2`,\n`H(s1 ++ s2) = H(s1) * H(s2)`.\n\nThis property is especially useful for applications where some very\nlong string may be constructed via many different routes, but you'd\nnonetheless like to be able to quickly rule out unequal strings.\n\nIt also allows you to hash _parts_ of your data as you acquire them,\nand then merge them later in whatever order is convenient. This allows\nfor very flexible hashing schemes.\n\nH has some other cool properties, and is in some limited but\npotentially-useful sense \"provably secure\". See Bromberg et al. for\ndetails.\n\n# How to use this library\n\nThis library provides the means to construct `HashMatrix`es, using\n`hash()`, which takes a slice of bytes. These hashes can be compared,\nor serialized to hex strings using `to_hex`.\n\n```\nuse bromberg_sl2::*;\nassert_eq!(\n  hash(\"hello, world! It's fun to hash stuff!\".as_ref()).to_hex(),\n  \"01c5cf590d32654c87228c0d66441b200aec1439e54e724f05cd3c6c260634e565594b61988933e826e9705de22884ce007df0f733a371516ddd4ac9237f7a46\");\n```\n\nHashes may also be composed, using the `*` operator:\n\n```rust\nuse bromberg_sl2::*;\nassert_eq!(\n  hash(\"hello, \".as_ref()) * hash(\"world!\".as_ref()),\n  hash(\"hello, world!\".as_ref())\n);\n```\n\n# Technical Details\n\nWe use the A(2) and B(2) matrices as generators, and\np = 2^127 - 1 as our prime order, for fast modular arithmetic.\n\nWe have not yet attempted to seriously optimize this library, and\nperformance is a secondary goal. As of right now our procedure is\nabout 1/3 as fast as SHA3-512.\n\nWe needed an architecture-agnostic cryptographic hash procedure with\na monoid homomorphism respecting string concatenation, written in a\nlow-level language. While there are\n[a](https://github.com/srijs/hwsl2-core)\n[few](https://github.com/nspcc-dev/tzhash)\n[implementations](https://github.com/phlegmaticprogrammer/tillich_zemor_hash)\nof related algorithms, e.g. the venerable [but broken\n](https://link.springer.com/chapter/10.1007/978-3-642-19574-7_20) Tillich-Zémor hash,\nfrom [\"Hashing with SL₂\"\n](https://link.springer.com/chapter/10.1007/3-540-48658-5_5),\nnone of them fulfill these desiderata.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbenwr%2Fbromberg_sl2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbenwr%2Fbromberg_sl2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbenwr%2Fbromberg_sl2/lists"}