Skip to main content
SpringerLink
Log in
Book cover

International Conference on Provable Security

ProvSec 2008: Provable Security pp 241–253Cite as

How to Use Merkle-Damgård — On the Security Relations between Signature Schemes and Their Inner Hash Functions

  • Conference paper

  • 726 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5324))

Abstract

This paper reports a thorough standard-model investigation on how attacks on hash functions impact the security of hash-and-sign signature schemes. We identify two important properties that appear to be crucial in analyzing the nature of security relations between signature schemes and their inner hash functions: primitiveness and injectivity. We then investigate the security relations in the general case of hash-and-sign signatures and in the particular case of first-hash-then-sign signatures, showing a gap of security guarantees between the two paradigms. We subsequently apply our results on two operating modes to construct a hash function family from a hash function based on the well-known Merkle-Damgård construction (such as MD5 and SHA-1). For completeness, we give concrete attack workloads for attacking operating modes used in practical implementations of signature schemes.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ANSI X9.62-1998. Public key cryptography for the financial services industry: The elliptic curve digital signature algorithm (1998)

    Google Scholar 

  2. Bellare, M., Rogaway, P.: The exact security of digital signatures - how to sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  3. Bellare, M., Rogaway, P.: PSS: Provably secure encoding method for digital signatures. In: IEEE P1363a (submission) (August 1998)

    Google Scholar 

  4. Biham, E., Chen, R., Joux, A., Carribault, P., Lemuet, C., Jalby, W.: Collisions of SHA-0 and Reduced SHA-1. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 36–57. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  5. Boneh, D., Lynn, B., Shacham, H.: Short Signatures from the Weil Pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  6. Coron, J.-S.: Optimal security proofs for PSS and other signature schemes. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 272–287. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  7. Cramer, R., Shoup, V.: Signature Schemes Based on the Strong RSA Assumption. In: ACM Conference on Computer and Communications Security, pp. 46–51 (1999)

    Google Scholar 

  8. Damgård, I.: A Design Principle for Hash Functions. In: McCurley, K.S., Ziegler, C.D. (eds.) Advances in Cryptology 1981 - 1997. LNCS, vol. 1440, pp. 416–427. Springer, Heidelberg (1999)

    Google Scholar 

  9. Gennaro, R., Halevi, S., Rabin, T.: Secure hash-and-sign signature without the random oracle. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 123–139. Springer, Heidelberg (1999)

    Google Scholar 

  10. Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. of Computing 17(2), 281–308 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  11. Guillou, L., Quisquater, J.-J.: A “paradoxical” identity-based signature scheme resulting from zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 216–231. Springer, Heidelberg (1990)

    Chapter  Google Scholar 

  12. Kelsey, J., Schneier, B.: Second preimages on n-bit hash functions for much less than 2n work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474–490. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  13. Klima, V.: Tunnels in Hash Functions: MD5 Collisions Within a Minute, http://eprint.iacr.org/2006/105

  14. Lucks, S.: A failure-friendly design principle for hash functions. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 474–494. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  15. Manuel, S., Peyrin, T.: Collisions on SHA-0 in one hour. FSE 2008 (to appear, 2008)

    Google Scholar 

  16. Mendel, F., Rechberger, C., Rijmen, V.: Update on SHA-1. In: Rump Session of Crypto 2007 (2007)

    Google Scholar 

  17. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)

    MATH  Google Scholar 

  18. Merkle, R.: One Way Hash Functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)

    Google Scholar 

  19. National Institute of Standards and Technology. Digital Signature Standard (DSS). FIPS —Publication 186 (May 1994)

    Google Scholar 

  20. Rogaway, P.: Formalizing Human Ignorance. In: Nguyên, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 211–228. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  21. Sasaki, Y., Wang, L., Ohta, Y., Kunihiro, N.: New messages difference for MD4. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 329–348. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  22. Schnorr, C.P.: Efficient signatures generation by smart cards. Journal of Cryptology 4(3), 161–174 (1991)

    Article  MATH  Google Scholar 

  23. Stevens, M., Lenstra, A., de Weger, B.: Chosen-prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 1–22. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  24. Wang, X.Y., Yu, H.B.: How to Break MD5 and Other Hash Functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  25. Wang, X.Y., Lai, X.J., Feng, D., Chen, H., Yu, X.: Cryptanalysis for Hash Functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  26. Wang, X.Y., Yu, H.B., Yin, Y.L.: Efficient Collision Search Attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  27. Wang, X.Y., Yin, Y.L., Yu, H.B.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. DCSSI, 51 bd. De la Tour Maubourg, 75700, Paris Cedex 07, France

    Emmanuel Bresson & Benoît Chevallier-Mames

  2. Gemalto, 6 rue de la Verrerie, 92190, Meudon, France

    Christophe Clavier

  3. Gemalto, Avenue du Jujubier, 13705, La Ciotat, France

    Aline Gouget & Pascal Paillier

  4. Orange Labs, 38-40 rue du Général Leclerc, 92794, Issy-les-Moulineaux, France

    Thomas Peyrin

Authors
  1. Emmanuel Bresson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Benoît Chevallier-Mames
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christophe Clavier
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Aline Gouget
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Pascal Paillier
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Thomas Peyrin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Cryptography and Security Department Institute for Infocomm Research, Singapore

    Joonsang Baek

  2. Institute for Infocomm Research, 119613, Singapore

    Feng Bao

  3. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 200240, Shanghai, China

    Kefei Chen  & Xuejia Lai  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bresson, E., Chevallier-Mames, B., Clavier, C., Gouget, A., Paillier, P., Peyrin, T. (2008). How to Use Merkle-Damgård — On the Security Relations between Signature Schemes and Their Inner Hash Functions. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds) Provable Security. ProvSec 2008. Lecture Notes in Computer Science, vol 5324. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88733-1_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-88733-1_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-88732-4

  • Online ISBN: 978-3-540-88733-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation