Universal one-way hash function

In cryptography a universal one-way hash function (UOWHF, often pronounced "woof") is a type of universal hash function of particular importance to cryptography. UOWHFs are proposed as an alternative to collision-resistant hash functions (CRHFs). CRHFs have a strong collision-resistance property: that it is hard, given randomly chosen hash function parameters, to find any collision of the hash function. In contrast, UOWHFs require that it be hard to find a collision where one preimage is chosen independently of the hash function parameters. The primitive was suggested by Moni Naor and Moti Yung and is also known as "target collision resistant" hash functions; it was employed to construct general digital signature schemes without trapdoor functions, and also within chosen-ciphertext secure public key encryption schemes.

The UOWHF family contains a finite number of hash functions with each having the same probability of being used.

Definition
The security property of a UOWHF is as follows. Let $$A$$ be an algorithm that operates in two phases:


 * Initially, $$A$$ receives no input (or just a security parameter) and chooses a value $$x$$.
 * A hash function $$H$$ is chosen randomly from the family. $$A$$ then receives $$H$$ and must output $$y \ne x$$ such that $$H(x) = H(y)$$.

Then for all polynomial-time $$A$$ the probability that $$A$$ succeeds is negligible.

Applications
UOWHFs are thought to be less computationally expensive than CRHFs, and are most often used for efficiency purposes in schemes where the choice of the hash function happens at some stage of execution, rather than beforehand. For instance, the Cramer–Shoup cryptosystem uses a UOWHF as part of the validity check in its ciphertexts.