Security Analysis of Randomize-Hash-then-Sign Digital Signatures

At CRYPTO 2006, Halevi and Krawczyk proposed two randomized hash function modes and analyzed the security of digital signature algorithms based on these constructions. They showed that the security of signature schemes based on the two randomized hash function modes relies on properties similar to the second preimage resistance rather than on the collision resistance property of the hash functions. One of the randomized hash function modes was named the RMX hash function mode and was recommended for practical purposes. The National Institute of Standards and Technology (NIST), USA standardized a variant of the RMX hash function mode and published this standard in the Special Publication (SP) 800-106. In this article, we first discuss a generic online birthday existential forgery attack of Dang and Perlner on the RMX-hash-then-sign schemes. We show that a variant of this attack can be applied to forge the other randomize-hash-then-sign schemes. We point out practical limitations of the generic forgery attack on the RMX-hash-then-sign schemes. We then show that these limitations can be overcome for the RMX-hash-then-sign schemes if it is easy to find fixed points for the underlying compression functions, such as for the Davies-Meyer construction used in the popular hash functions such as MD5 designed by Rivest and the SHA family of hash functions designed by the National Security Agency (NSA), USA and published by NIST in the Federal Information Processing Standards (FIPS). We show an online birthday forgery attack on this class of signatures by using a variant of Dean’s method of finding fixed point expandable messages for hash functions based on the Davies-Meyer construction. This forgery attack is also applicable to signature schemes based on the variant of RMX standardized by NIST in SP 800-106. We discuss some important applications of our attacks and discuss their applicability on signature schemes based on hash functions with ‘built-in’ randomization. Finally, we compare our attacks on randomize-hash-then-sign schemes with the generic forgery attacks on the standard hash-based message authentication code (HMAC).

On Randomizing Hash Functions to Strengthen the Security of Digital Signatures

Halevi and Krawczyk proposed a message randomization algorithm called RMX as a front-end tool to the hash-then-sign digital signature schemes such as DSS and RSA in order to free their reliance on the collision resistance property of the hash functions. They have shown that to forge a RMX-hash-then-sign signature scheme, one has to solve a cryptanalytical task which is related to finding second preimages for the hash function. In this article, we will show how to use Dean’s method of finding expandable messages for finding a second preimage in the Merkle-Damgård hash function to existentially forge a signature scheme based on a t-bit RMX-hash function which uses the Davies-Meyer compression functions (e.g., MD4, MD5, SHA family) in 2 t/2 chosen messages plus 2 t/2 + 1 off-line operations of the compression function and similar amount of memory. This forgery attack also works on the signature schemes that use Davies-Meyer schemes and a variant of RMX published by NIST in its Draft Special Publication (SP) 800-106. We discuss some important applications of our attack.

An investigation of pile diameter influence in the bearing capacity on Dynamic Load Test (DLT)

During the construction of five residential buildings in the city of Taubate, State of São Paulo, it was possible to carry out one comprehensive investigation of the behavior of precast concrete piles in clay shales. This paper describes the results of Dynamic Load Tests (DLT's) executed in three piles with different diameters and with the same embedded length. The tests were monitored using the PDA(R) (Pile Driving Analyzer) and the pile top displacement was measured by pencil and paper procedure. From the curves of RMX versus DMX resulted from CASE(R) method, CAPWAPC(R) analyses were made for signals where the maximum mobilized soil resistance was verified. The results were compared with the predicted bearing capacity using the semi-empirical method of Decourt & Quaresma (1978) and Decourt (1982) based on SPT values and the description of the soil profile. Some comments related to the values of quake and damping used for clay shales in the analyses are also presented.

Avaliação da deformação, perda de massa e rugosidade das fresas, após osteotomia para implantes osseointegrados, com diferentes tipos de metais

Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES)

Video promocional de la Biblioteca de la Universidad de Las Palmas de Gran Canaria, 2013

Vídeo de promoción de la Biblioteca Universitaria con música de Mariano Pávez, canción Portal de Luz, ExplendorMix por Ginés Cedrés y Mariano Pávez, de su Álbum: 13 Lunas RMX (2013). Se recogen los distintos servicios que ofrece la Biblioteca Universitaria de Las Palmas de Gran Canaria, así como las distintas bibliotecas temáticas de la misma.