Strongly 2-Universal Family of Hash Functions from {0,1}^m -> {0,1}^n
=====================================================================
Random Toeplitz Matrix A of dimensions n x m:
Populate the first row and first column of A with random {0,1} entries.
Any other entry A_{ij} = A_{i-1, j-1}; i.e., all the diagonals in A
have the same value.
Now define the family:
H = { h_{A, b}(x) = Ax + b | A is a random n x m Toeplitz matrix,
b is a random {0,1}^n vector }
All calculations are done in GF(2).
Hence any hash function h_{A,b} is specified by (m + n - 1) + n bits.
(m + n - 1) for A, n for b. How many functions are there in H?
CLAIM: H is a strongly 2-UnivHashFam.
Proof. Want to show for x != y \in {0,1}^m and alpha, beta \in {0,1}^n
(*) Pr_h [ h(x) = alpha AND h(y) = beta ]
= 1/(2^n)^2 = 1/2^{2n}
[FIRST: let us find the Pr of getting an appropriate A.]
If h(x) = Ax + b = alpha, and h(x) = Ay + b = beta
then A(x-y) = (beta - alpha).
Call z = x-y, gamma = beta - alpha. Want Pr[ Az = gamma ]
Remember z != 0^n, since x != y.
[ -------- A_1 --------- ] [ z_1 ]
[ -------- A_2 --------- ] [ z_2 ]
[ -------- . --------- ] [ . ]
[ -------- . --------- ] [ . ]
[ -------- A_i --------- ] [ . ]
[ -------- . --------- ] [ . ]
[ -------- . --------- ] [ . ]
[ -------- A_n --------- ] [ . ]
[ . ]
[ z_m ]
Can imagine that first entry of z is a 1. (I.e., z_1 = 1.)
(If first j entries of z are zero,
define z' = [z_(j+1) ..... z_m]^T,
define A' as A without its first j columns.
note that Pr[ A'.z' = gamma ] = Pr[ A.z = gamma ]
)
If A.z = gamma, then A_1.z = gamma_1, A_2.z = gamma_2 etc.
We will defer decisions again: we first look at the first row A_1,
and then the new bit A_{21} on the second row,
then the new bit A_{31} on the third row, and so on.
Pr[A_1.z = gamma_1] = 1/2.
(This is just Claim 2.2.3 from Lec #2. We have looked at A_1.)
Pr[A_2.z = gamma_2 | A_1 ] = 1/2.
(Want A_{21}z_1 = gamma_2 - (A_{22}z_2 + ... + A_{2m}z_m)
= gamma_2 - (A_{11}z_2 + ... + A_{1,m-1}z_m).
Either RHS = 0 or 1. Hence A_{21} must be 0 or 1 for equality.
Note that A_{21} is new random value not in row A_1.
Hence new coin flip, which has prob = 1/2.
We have now looked at A_{21}.)
Similarly each of the other gamma_i values,
Pr[A_i.z = gamma_i | A_1, A_2, ..., A_{i-1} ] = 1/2.
Thus
Pr[ Az = gamma ] =
Pr[A_1.z = gamma_1] *
Pr[A_2.z = gamma_2 | A_1 ] *
...
Pr[A_n.z = gamma_n | A_1, A_2, ..., A_{n-1} ]
= (1/2)^n.
[NEXT: let us find the Pr of getting an appropriate b for such A's.]
Conditioning on such an A,
for (Ax + b) to be equal to alpha, we must have b = (alpha - Ax).
Chance of this b appearing is (1/2)^n, since b randomly from {0,1}^n
Since A and b chosen independently,
chance of (*) is (1/2)^n * (1/2)^n, as desired.
QED.
Strongly 2-Universal Hash Family of functions from GF(q) -> GF(q)
=================================================================
We assume that q is such that there is a corresponding finite field of
size q. (I.e., q is a prime or prime power.)
H = { h_{a,b}(x) = ax+b | a, b \in GF(q) }
All calculations are in GF(q).
Claim: H is a Strongly 2-UnivHashFam.
Proof. If (ax + b = alpha) AND (ay + b = beta), then
[ alpha ] = [ x 1 ] [ a ]
[ beta ] [ y 1 ] [ b ]
But x != y, and thus the 2x2 matrix is invertible. Given alpha and
beta, there are unique values in GF(q) that a and b must have, and
the probability of that is 1/q^2.
QED.
Another Strongly 2-UnivHashFam from {0,1}^m -> {0,1}^n
======================================================
Note that setting q = 2^m, and then taking the first n bits of the
answer, we can get another hash family from {0,1}^m -> {0,1}^n. But
calculations in the field GF(2^m) are more involved than in GF(2), and
furthermore, if m is large, we use more randomness here (2m bits as
opposed to m+2n-1 bits for the previous hash function).