A family of hash functions is said to be -independent or -universal if selecting a hash function at random from the family guarantees that the hash codes of any designated keys are independent random variables (see precise mathematical definitions below). Such families allow good average case performance in randomized algorithms or data structures, even if the input data is chosen by an adversary. The trade-offs between the degree of independence and the efficiency of evaluating the hash function are well studied, and many -independent families have been proposed.
The goal of hashing is usually to map keys from some large domain (universe) into a smaller range, such as bins (labelled ). In the analysis of randomized algorithms and data structures, it is often desirable for the hash codes of various keys to "behave randomly". For instance, if the hash code of each key were an independent random choice in , the number of keys per bin could be analyzed using the Chernoff bound. A deterministic hash function cannot offer any such guarantee in an adversarial setting, as the adversary may choose the keys to be the precisely the preimage of a bin. Furthermore, a deterministic hash function does not allow for rehashing: sometimes the input data turns out to be bad for the hash function (e.g. there are too many collisions), so one would like to change the hash function.
The solution to these problems is to pick a function randomly from a large family of hash functions. The randomness in choosing the hash function can be used to guarantee some desired random behavior of the hash codes of any keys of interest. The first definition along these lines was universal hashing, which guarantees a low collision probability for any two designated keys. The concept of -independent hashing, introduced by Wegman and Carter in 1981, strengthens the guarantees of random behavior to families of designated keys, and adds a guarantee on the uniform distribution of hash codes.
The strictest definition, introduced by Wegman and Carter under the name "strongly universal hash family", is the following. A family of hash functions is -independent if for any distinct keys and any hash codes (not necessarily distinct) , we have:
This definition is equivalent to the following two conditions:
- for any fixed , as is drawn randomly from , is uniformly distributed in .
- for any fixed, distinct keys , as is drawn randomly from , are independent random variables.
Often it is inconvenient to achieve the perfect joint probability of due to rounding issues. Following, one may define a -independent family to satisfy:
- distinct and ,
Observe that, even if is close to 1, are no longer independent random variables, which is often a problem in the analysis of randomized algorithms. Therefore, a more common alternative to dealing with rounding issues is to prove that the hash family is close in statistical distance to a -independent family, which allows black-box use of the independence properties.
- Cormen, Thomas H.; Leiserson, Charles E.; Rivest, Ronald L.; Stein, Clifford (2009). Introduction to Algorithms (3rd ed.). MIT Press. ISBN 0-262-03384-4.
- Wegman, Mark N.; Carter, J. Lawrence (1981). "New hash functions and their use in authentication and set equality". Journal of Computer and System Sciences 22 (3): 265–279. doi:10.1016/0022-0000(81)90033-7. Conference version in FOCS'79. Retrieved 9 February 2011.
- Siegel, Alan (2004). "On universal classes of extremely random constant-time hash functions and their time-space tradeoff". SIAM Journal on Computing 33 (3): 505–543. doi:10.1137/S0097539701386216. Conference version in FOCS'89.