Hash functions are a basic cryptographic primitive. Certain hash functions try to prove security against collision and preimage attacks by reductions to known hard problems. These hash functions usually have some additional properties that allow for that reduction. Hash functions which are additive or multiplicative are vulnerable to a quantum attack using the hidden subgroup problem algorithm for quantum computers. Using a quantum oracle to the hash, we can reconstruct the kernel of the hash function, which is enough to find collisions and second preimages. When the hash functions are additive with respect to the group operation in an Abelian group, there is always an efficient implementation of this attack. We present concrete attack examples to provable hash functions, including a preimage attack to SWIFFT and collision finding for certain multiplicative homomorphic hash schemes.

中文翻译：

---

同态哈希函数的量子碰撞发现

散列函数是一种基本的加密原语。某些散列函数试图通过减少已知的难题来证明对碰撞和原像攻击的安全性。这些散列函数通常有一些额外的属性，允许减少。加法或乘法的哈希函数容易受到使用量子计算机隐藏子群问题算法的量子攻击。对散列使用量子预言机，我们可以重建散列函数的内核，这足以找到碰撞和第二个原像。当散列函数相对于阿贝尔群中的群操作是可加的时，这种攻击总是有一个有效的实现。我们为可证明的哈希函数提供了具体的攻击示例，