Article

Security Proof for Partial-Domain Hash Signature Schemes

Author:

Jean-Sébastien CoronAuthors Info & Claims

CRYPTO '02: Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology

Pages 613 - 626

Published: 18 August 2002 Publication History

Abstract

We study the security of partial-domain hash signature schemes, in which the output size of the hash function is only a fraction of the modulus size. We show that for e = 2 (Rabin), partial-domain hash signature schemes are provably secure in the random oracle model, if the output size of the hash function is larger than 2/3 of the modulus size. This provides a security proof for a variant of the signature standards ISO 9796-2 and PKCS#1 v1.5, in which a larger digest size is used.

References

[1]

ANSI X9.31, Digital signatures using reversible public-key cryptography for the financial services industry (rDSA) , 1998.

[2]

M. Bellare and P. Rogaway, Random oracles are practical : a paradigm for designing efficient protocols . Proceedings of the First Annual Conference on Computer and Commmunications Security, ACM, 1993.

[3]

M. Bellare and P. Rogaway, The exact security of digital signatures - How to sign with RSA and Rabin . Proceedings of Eurocrypt'96, LNCS vol. 1070, Springer-Verlag, 1996, pp. 399-416.

[4]

R. Canetti, O. Goldreich and S. Halevi, The random oracle methodology, revisited , STOC '98, ACM, 1998.

[5]

J.S. Coron, D. Naccache and J.P. Stern, On the security of RSA Padding , Proceedings of Crypto'99, LNCS vol. 1666, Springer-Verlag, 1999, pp. 1-18.

[6]

J.S. Coron, On the exact security of Full Domain Hash , Proceedings of Crypto 2000, LNCS vol. 1880, Springer-Verlag, 2000, pp. 229-235.

[7]

J.S. Coron, Security proof for partial-domain hash signature schemes . Full version of this paper. Cryptology ePrint Archive, http://eprint.iacr.org.

[8]

S. Goldwasser, S. Micali and R. Rivest, A digital signature scheme secure against adaptive chosen-message attacks , SIAM Journal of computing, 17(2):281-308, april 1988.

[9]

G.H. Hardy and E.M. Wright, An introduction to the theory of numbers , Oxford science publications, fifth edition.

[10]

K. Hickman, The SSL Protocol , December 1995. Available electronically at : http://www.netscape.com/newsref/std/ssl.html

[11]

ISO/IEC 9796-2, Information technology - Security techniques - Digital signature scheme giving message recovery, Part 2 : Mechanisms using a hash-function , 1997.

[12]

A.J. Menezes, P. C. van Oorschot and S.A. Vanstone, Handbook of Applied Cryptography , CRC press, 1996.

[13]

P. Paillier, Public-key cryptosystems based on composite degree residuosity classes , proceedings of Eurocrypt'99, LNCS 1592, pp. 223-238, 1999.

[14]

R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public key cryptosystems , CACM 21, 1978.

[15]

RSA Laboratories, PKCS #1 : RSA cryptography specifications , version 1.5, November 1993 and version 2.0, September 1998.

[16]

B. Vallée, Generation of elements with small modular squares and provably fast integer factoring algorithms , Mathematics of Computation, vol. 56, number 194, april 1991, pp. 823-849.

Cited By

Coron JNaccache DTibouchi MWeinmann R(2016)Practical Cryptanalysis of ISO 9796-2 and EMV SignaturesJournal of Cryptology10.1007/s00145-015-9205-529:3(632-656)Online publication date: 1-Jul-2016
https://dl.acm.org/doi/10.1007/s00145-015-9205-5
Seurin Y(2014)On the Lossiness of the Rabin Trapdoor FunctionProceedings of the 17th International Conference on Public-Key Cryptography --- PKC 2014 - Volume 838310.1007/978-3-642-54631-0_22(380-398)Online publication date: 26-Mar-2014
https://dl.acm.org/doi/10.1007/978-3-642-54631-0_22
Bitansky NDachman-Soled DGarg SJain AKalai YLópez-Alt AWichs D(2013)Why “fiat-shamir for proofs” lacks a proofProceedings of the 10th theory of cryptography conference on Theory of Cryptography10.1007/978-3-642-36594-2_11(182-201)Online publication date: 3-Mar-2013
https://dl.acm.org/doi/10.1007/978-3-642-36594-2_11
Show More Cited By

Security Proof for Partial-Domain Hash Signature Schemes

Recommendations

A Provably Secure Proxy Signature Scheme in Certificateless Cryptography

A proxy signature scheme enables an original signer to delegate its signing capability to a proxy signer and then the proxy signer can sign a message on behalf of the original signer. Recently, in order to eliminate the use of certificates in certified ...
Improved convertible authenticated encryption scheme with provable security

Convertible authenticated encryption (CAE) schemes allow a signer to produce an authenticated ciphertext such that only a designated recipient can decrypt it and verify the recovered signature. The conversion property further enables the designated ...
A pairing-free and provably secure certificateless signature scheme

Certificateless Signature (CLS) scheme is a notable cryptographic technique for solving the key escrow problem in identity-based cryptosystem (IBC). In the CLS, the private key is computed collectively by both the key generation center (KGC) and the ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

CRYPTO '02: Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology

August 2002

628 pages

ISBN:354044050X

Editor:
Moti Yung

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 18 August 2002

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Coron JNaccache DTibouchi MWeinmann R(2016)Practical Cryptanalysis of ISO 9796-2 and EMV SignaturesJournal of Cryptology10.1007/s00145-015-9205-529:3(632-656)Online publication date: 1-Jul-2016
https://dl.acm.org/doi/10.1007/s00145-015-9205-5
Seurin Y(2014)On the Lossiness of the Rabin Trapdoor FunctionProceedings of the 17th International Conference on Public-Key Cryptography --- PKC 2014 - Volume 838310.1007/978-3-642-54631-0_22(380-398)Online publication date: 26-Mar-2014
https://dl.acm.org/doi/10.1007/978-3-642-54631-0_22
Bitansky NDachman-Soled DGarg SJain AKalai YLópez-Alt AWichs D(2013)Why “fiat-shamir for proofs” lacks a proofProceedings of the 10th theory of cryptography conference on Theory of Cryptography10.1007/978-3-642-36594-2_11(182-201)Online publication date: 3-Mar-2013
https://dl.acm.org/doi/10.1007/978-3-642-36594-2_11
Fischlin M(2012)Black-box reductions and separations in cryptographyProceedings of the 5th international conference on Cryptology in Africa10.1007/978-3-642-31410-0_26(413-422)Online publication date: 10-Jul-2012
https://dl.acm.org/doi/10.1007/978-3-642-31410-0_26

View Options

View options

Figures

Tables

Media

View Table of Conten