Security Analysis of Randomize-Hash-then-Sign Digital Signatures

At CRYPTO 2006, Halevi and Krawczyk proposed two randomized hash function modes and analyzed the security of digital signature algorithms based on these constructions. They showed that the security of signature schemes based on the two randomized hash function modes relies on properties similar to the second preimage resistance rather than on the collision resistance property of the hash functions. One of the randomized hash function modes was named the RMX hash function mode and was recommended for practical purposes. The National Institute of Standards and Technology (NIST), USA standardized a variant of the RMX hash function mode and published this standard in the Special Publication (SP) 800-106. In this article, we first discuss a generic online birthday existential forgery attack of Dang and Perlner on the RMX-hash-then-sign schemes. We show that a variant of this attack can be applied to forge the other randomize-hash-then-sign schemes. We point out practical limitations of the generic forgery attack on the RMX-hash-then-sign schemes. We then show that these limitations can be overcome for the RMX-hash-then-sign schemes if it is easy to find fixed points for the underlying compression functions, such as for the Davies-Meyer construction used in the popular hash functions such as MD5 designed by Rivest and the SHA family of hash functions designed by the National Security Agency (NSA), USA and published by NIST in the Federal Information Processing Standards (FIPS). We show an online birthday forgery attack on this class of signatures by using a variant of Dean’s method of finding fixed point expandable messages for hash functions based on the Davies-Meyer construction. This forgery attack is also applicable to signature schemes based on the variant of RMX standardized by NIST in SP 800-106. We discuss some important applications of our attacks and discuss their applicability on signature schemes based on hash functions with ‘built-in’ randomization. Finally, we compare our attacks on randomize-hash-then-sign schemes with the generic forgery attacks on the standard hash-based message authentication code (HMAC).

On Randomizing Hash Functions to Strengthen the Security of Digital Signatures

Halevi and Krawczyk proposed a message randomization algorithm called RMX as a front-end tool to the hash-then-sign digital signature schemes such as DSS and RSA in order to free their reliance on the collision resistance property of the hash functions. They have shown that to forge a RMX-hash-then-sign signature scheme, one has to solve a cryptanalytical task which is related to finding second preimages for the hash function. In this article, we will show how to use Dean’s method of finding expandable messages for finding a second preimage in the Merkle-Damgård hash function to existentially forge a signature scheme based on a t-bit RMX-hash function which uses the Davies-Meyer compression functions (e.g., MD4, MD5, SHA family) in 2 t/2 chosen messages plus 2 t/2 + 1 off-line operations of the compression function and similar amount of memory. This forgery attack also works on the signature schemes that use Davies-Meyer schemes and a variant of RMX published by NIST in its Draft Special Publication (SP) 800-106. We discuss some important applications of our attack.

Literacy and Digital Culture in the Early Years

In this chapter we present data drawn from observations of kindergarten children using iPads and talk with the children, their parents/guardians and teachers. We identify a continuum of practices that extends from ‘educational apps’ teaching handwriting, sight words and so forth to uses of the iPad as a device for multimodal literacy development and substantive conversation around children’s creative work. At the current time high stakes testing and the implementation of the Australian Curriculum are prompting new public and professional conversations about literacy and digital technology. The iPad is construed as both cause of and solution to problems of traditional literacy education. In this context we describe the literacies enabled by educational software available on iPads. We higlight the time constraints which bore on teachers' capacity to enact their visions of literacy education through the iPad platform and suggest ways of reflecting on responses to this constraint.

A meshless method based on Point Interpolation Method (PIM) for the space fractional diffusion equation

This paper aims to develop a meshless approach based on the Point Interpolation Method (PIM) for numerical simulation of a space fractional diffusion equation. Two fully-discrete schemes for the one-dimensional space fractional diffusion equation are obtained by using the PIM and the strong-forms of the space diffusion equation. Numerical examples with different nodal distributions are studied to validate and investigate the accuracy and efficiency of the newly developed meshless approach.

Designing a digital experience for young children with developmental disabilities

This paper reports on the development of a playful digital experience, Anim-action, designed for young children with developmental disabilities. This experience was built using the Stomp platform, a technology designed specifically to meet the needs of people with intellectual disability through facilitating whole body interaction. We provide detail on how knowledge gained from key stakeholders informed the design of the application and describe the design guidelines used in the development process. A study involving 13 young children with developmental disabilities was conducted to evaluate the extent to which Anim-action facilitates cognitive, social and physical activity. Results demonstrated that Anim-action effectively supports cognitive and physical activity. In particular, it promoted autonomy and encouraged problem solving and motor planning. Conversely, there were limitations in the system’s ability to support social interaction, in particular, cooperation. Results have been analyzed to determine how design guidelines might be refined to address these limitations.