On the Generic Insecurity of the Full Domain Hash

نویسندگان

  • Yevgeniy Dodis
  • Roberto Oliveira
  • Krzysztof Pietrzak
چکیده

The Full-Domain Hash (FDH) signature scheme [3] forms one the most basic usages of random oracles. It works with a family F of trapdoor permutations (TDP), where the signature of m is computed as f−1(h(m)) (here f ∈R F and h is modelled as a random oracle). It is known to be existentially unforgeable for any TDP family F [3], although a much tighter security reduction is known for a restrictive class of TDP’s [10, 14] — namely, those induced by a family of claw-free permutations (CFP) pairs. The latter result was shown [11] to match the best possible “black-box” security reduction in the random oracle model, irrespective of the TDP family F (e.g., RSA) one might use. In this work we investigate the question if it is possible to instantiate the random oracle h with a “real” family of hash functions H such that the corresponding schemes can be proven secure in the standard model, under some natural assumption on the family F . Our main result rules out the existence of such instantiations for any assumption on F which (1) is satisfied by a family of random permutations; and (2) does not allow the attacker to invert f ∈R F on an a-priori unbounded number of points. Moreover, this holds even if the choice ofH can arbitrarily depend on f . As an immediate corollary, we rule out instantiating FDH based on general claw-free permutations, which shows that in order to prove the security of FDH in the standard model one must utilize significantly more structure on F than what is sufficient for the best proof of security in the random oracle model.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

An Improved Hash Function Based on the Tillich-Zémor Hash Function

Using the idea behind the Tillich-Zémor hash function, we propose a new hash function. Our hash function is parallelizable and its collision resistance is implied by a hardness assumption on a mathematical problem. Also, it is secure against the known attacks. It is the most secure variant of the Tillich-Zémor hash function until now.

متن کامل

Discretized Adjoint State Time and Frequency Domain Full Waveform Inversion: A Comparative Study

This study derives the discretized adjoint states full waveform inversion (FWI) in both time and frequency domains based on the Lagrange multiplier method. To achieve this, we applied adjoint state inversion on the discretized wave equation in both time domain and frequency domain. Besides, in this article, we introduce reliability tests to show that the inversion is performing as it should be ...

متن کامل

Evolutionary design of domain specific non-cryptographic hash functions

Hash functions are inseparable part of modern computer world. Fast associative arrays so popular among computer programmers for their robustness and simplicity, are based on them. Their performance greatly depends on their design and although their roots are deep in the past, the topic of designing a well performing hash function is still often discussed today. There is currently a plenty of ex...

متن کامل

A Model of Authors’ Generic Competence of EAP Research Articles: A Qualitative Meta-Synthesis Approach

Genre analysis as an area of great concern in recent decades, involves the observation of linguistic features used by a determined discourse community. The research article (RA) is one of the most widely researched genres in academic writing which is realized through some rhetorical moves and discursive steps to achieve a communicative purpose. This study aimed at proposing a model of generic p...

متن کامل

Short Signatures from Weaker Assumptions

We provide constructions of (m, 1)-programmable hash functions (PHFs) for m ≥ 2. Mimicking certain programmability properties of random oracles, PHFs can, e.g., be plugged into the generic constructions by Hofheinz and Kiltz (J. Cryptol. 2011) to yield digital signature schemes from the strong RSA and strong q-Diffie-Hellman assumptions. As another application of PHFs, we propose new and effici...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2005