On the Security of Left-Right Cayley Hash Functions

Abstract

Cayley hash functions, which are hash functions based on walks on Cayley graphs of groups, are a well-studied class of hash functions with provable security (under assumptions on computational hardness of some group-theoretical problems). In a recent work by Aikawa, Jo, and Satake (Transactions on Mathematical Cryptology, 2023), they proposed a variant of Cayley hash functions called left-right Cayley hash functions, whose design intended the problem of finding a collision to be as difficult as the problem of finding collisions of two Cayley hash functions simultaneously. In this paper we show, as opposed to the expectation, that finding a collision of their hash function is reduced to finding a collision of a single Cayley hash function. We also propose a possible countermeasure against this issue.