We provide a correct version of Remark 3.5 of the paper mentioned in the title. Also, we fix a typo in Remark 4.4 of that paper.
In [1, Remark 3.5], we construct (under certain additional assumptions) a collision-intractable hash function family from a pseudo-free family of finite computational groups in a nontrivial variety of groups. However, that construction is incorrect. Moreover, the following assumption made in [1, Remark 3.5] is redundant: For each ( ), is one-to-one.
Until now, to the best of our knowledge, there are no works using Remark 3.5 of  in the proofs. Therefore the error in that remark has not yet affected the validity of other results.
Here is a correct version of Remark 3.5 of . In this version, we construct a collision-intractable hash function family in a slightly more general sense than in the original version.
Assume that the family of computational groups is pseudo-free in with respect to and σ. In this remark, we need the following additional assumptions:
The variety is nontrivial (as in Remark 3.4).
There exists a deterministic polynomial-time algorithm that, given integers , computes (as in Remark 3.4).
There exists a polynomial η such that for all and .
Let π be a polynomial such that for any . Suppose . Denote by the set of all pairs such that and . For every , let be a mapping defined as in Remark 3.4. Moreover, we choose these mappings so that, given (where ) and , can be computed in deterministic polynomial time. Also, suppose is the distribution of the random variable , where and . Of course, the probability ensemble is polynomial-time samplable. Then Remark 3.4 implies that the family is a collision-intractable (or collision-resistant) hash function family with respect to . Namely, the following conditions hold:
For all and , maps into , where .
Given (where and ) and , can be computed in deterministic polynomial time.
If , then for any probabilistic polynomial-time algorithm A,
is negligible as a function of .
In fact, this remark (as well as [1, Remarks 3.4 and 3.6]) holds even if the family is weakly pseudo-free in with respect to and σ. The definition of weak pseudo-freeness can be obtained from the definition of pseudo-freeness by requiring the equations to be variable-free.
Also, in [1, Remark 4.4],
should be understood as
 M. Anokhin, Constructing a pseudo-free family of finite computational groups under the general integer factoring intractability assumption, Groups Complex. Cryptol. 5 (2013), no. 1, 53–74. Search in Google Scholar
© 2019 Walter de Gruyter GmbH, Berlin/Boston