On Randomizing Hash Functions to Strengthen the Security of Digital Signatures
Data(s) |
2009
|
---|---|
Resumo |
Halevi and Krawczyk proposed a message randomization algorithm called RMX as a front-end tool to the hash-then-sign digital signature schemes such as DSS and RSA in order to free their reliance on the collision resistance property of the hash functions. They have shown that to forge a RMX-hash-then-sign signature scheme, one has to solve a cryptanalytical task which is related to finding second preimages for the hash function. In this article, we will show how to use Dean’s method of finding expandable messages for finding a second preimage in the Merkle-Damgård hash function to existentially forge a signature scheme based on a t-bit RMX-hash function which uses the Davies-Meyer compression functions (e.g., MD4, MD5, SHA family) in 2 t/2 chosen messages plus 2 t/2 + 1 off-line operations of the compression function and similar amount of memory. This forgery attack also works on the signature schemes that use Davies-Meyer schemes and a variant of RMX published by NIST in its Draft Special Publication (SP) 800-106. We discuss some important applications of our attack. |
Identificador | |
Publicador |
Springer |
Relação |
http://link.springer.com/chapter/10.1007%2F978-3-642-01001-9_5 DOI:10.1007/978-3-642-01001-9_5 Gauravaram, Praveen & Knudsen, Lars R. (2009) On Randomizing Hash Functions to Strengthen the Security of Digital Signatures. In Advances in Cryptology - EUROCRYPT 2009. Springer, Berlin, pp. 88-105. |
Direitos |
Copyright 2009 Springer Berlin Heidelberg |
Fonte |
School of Electrical Engineering & Computer Science; Science & Engineering Faculty |
Palavras-Chave | #Digital signatures #Hash functions #Davies-Meyer #RMX |
Tipo |
Book Chapter |