In this chapter, I will discuss some important aspects of universal families of hash functions. I will not remain completely general, however, as we are only interested in universal families of hash functions for the purpose of privacy amplification of QKD-produced bits. In the first section, I explain my motivations, detailing the requirements for families of hash functions in the scope of privacy amplification. I then give some definitions of families and show how they fit our needs. Finally, I discuss their implementation.

Defined in Section 6.3.1, the essential property of an ∈/|B|-almost universal family of hash function is recalled in Fig. 7.1.

Requirements

For the purpose of privacy amplification, families of hash functions should meet some important requirements. They are listed below:

• The family should be universal (∈ = 1) or very close to it (∈ ≈ 1).

• The number of bits necessary to represent a particular hash function within its family should be reasonably low.

• The family should have large input and large output sizes.

• The evaluation of a hash function within the family should be efficient.

The first requirement directly affects the quality of the produced secret key. The closer to universality, the better the secrecy of the resulting key – see Section 6.3.1.

The second requirement results from the fact that the hash function will be chosen randomly within its family and such a choice has to be transmitted between Claude and Dominique. It is not critical, however, because the choice of the hash function need not be secret. A number of bits proportional to the input size is acceptable.