Algorithm Construction of HLI Hash Function 27 operation is lattice . n p Z A lattice that is defined from certain polynomial ring is called ideal lattice . Lyubashevsky and Micciancio showed that to obtain the hash functions that have impact resistant properties, monic and irreducible polynomial f should be chosen. Monic polynomial is a polynomial with the coefficient of the highest power of x is one. While a polynomial is irreducible if it cannot be represented as a product of lower degree polynomial [3].

3. Algorithm Construction

Hash function is constructed based on the results of algebraic operations on modular polynomial ring [ ] . , x f x R p p f Z = In this study − = n x x f , 1 − x which constitutes monic and irreducible polynomials is chosen. The election of modulo 1 − − = x x x f n led the multiplication of any two members of modular polynomials ring p f R , to be 1 1 mod 1 1 + = − − ⇔ + + − − = x x x x x x x x n n n n . 1 mod 1 − − + ≡ ⇔ x x x x n n From these results, taken , x x p = then 1 mod 1 1 2 2 1 − − + + + + = − − − x x x a x a x a x a x a x p n n n n n 1 2 2 1 1 1 − − − + + + + + = n n n x a x a x a x a 1 2 2 1 1 1 − − − − + + + + + = n n n n x a x a x a a a and furthermore obtained , 1 3 3 1 2 1 1 2 2 2 − − − − − − + + + + + + + = n n n n n n x a x a x a a x a a a x a x 3 1 2 1 2 2 3 3 3 x a a x a a x a a a x a x n n n n n n + + + + + + = − − − − − − . 1 4 4 1 − − + + + n n x a x a Rachmawati Dwi Estuningsih, Sugi Guritman and Bib P. Silalahi 28 In general, for n i ..., , 2 , 1 = apply 1 1 1 1 + − + − − − + + + + + + = i i n i n i n i n i x a x a a x a a a x a x . 1 1 − − − + + n i n x a So the multiplication algorithm in p f R , which is implemented in a computer would be easier if it is represented in a form of vector as follows: Input: vectors 1 2 1 ..., , , , − = n a a a a a and 1 2 1 ..., , , , − = n b b b b b in . , p f R Output: vector c as a hash multiplication of a and b in ; , p f R 1. Initialization p a b c mod : = and . : a w = 2. For integer 1 = i to , 1 − = n i count: a. , : w v  = where w  denotes the rotation of w to the right one unit. b. , : i d v w + = where i d is the vector whose all components are 0 except the 1 + i component is . i n a − 3. If , ≠ i b count . mod : p w b c c i + = 4. Return c. The steps in the above algorithm are essentially a modular integer matrix multiplication , mod p C AB ≡ i.e. . mod 1 2 1 1 2 1 1 3 2 1 3 2 1 1 2 2 1 1 2 1 1 1 2 1 p c c c c b b b b a a a a a a a a a a a a a a a a a a a a a a n n n n n n n n n n n n ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ ⎞ ⎜ ⎜ ⎜ ⎜ ⎜ ⎜ ⎜ ⎜ ⎝ ⎛ = ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ ⎞ ⎜ ⎜ ⎜ ⎜ ⎜ ⎜ ⎜ ⎜ ⎝ ⎛ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠ ⎞ ⎜ ⎜ ⎜ ⎜ ⎜ ⎜ ⎜ ⎜ ⎝ ⎛ + + + + + + − − − − − − − − − − − − Algorithm Construction of HLI Hash Function 29 From here an ideal lattice-based hash function family can be constructed, that is by selecting parameter m, n, d an integer where m is divisible by n and p is prime. The input of this hash function is m d x Z ∈ with . p d This input is divided into n m vectors namely , ..., , , 2 1 m d n m x x x x Z ∈ = with , n d i x Z ∈ . ..., , 2 , 1 n m i = The key of hash functions is any two vectors . , , 1 n p p f R b a Z ≅ ∈ It is of this key that other vectors ⊗ = −1 i i a a p f i R b x , 1 ∈ + − for n m i ..., , 3 , 2 = will be generated. Furthermore, hash function family can be defined: { } n p p f m d a a R h n m p f Z Z ≅ → = , : , , , H which ∑ = + ⊗ = n m i i i a b x a x h 1 . The following algorithm for hash functions: Keywords: two arbitrary vectors . , , 1 n p p f R b a Z ≅ ∈ Input: m d n m x x x x Z ∈ = ..., , , 2 1 with . ..., , 2 , 1 , n m i x n d i = ∈ Z Output: ∑ = + ⊗ = n m i i i a b x a x h 1 as a result of multiplication and addition the ring ; , p f R 1. Initialize . : = h 2. For integers , 1 n m di s i = = compute: a. . i i i x a k ⊗ = b. . b k h i i + = c. . 1 i i h a = + d. . i h h h + = 3. Return h. Rachmawati Dwi Estuningsih, Sugi Guritman and Bib P. Silalahi 30 Because the hash function must then be compression in nature, so the output length must be smaller than the length of the input, therefore the parameters chosen above must meet . log log log log d p n m d m p n ⇔

4. Speed Analysis