Limits on the provable consequences of one-way permutations
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Proceedings of the 4th ACM conference on Computer and communications security
Bounds for Dispersers, Extractors, and Depth-Two Superconcentrators
SIAM Journal on Discrete Mathematics
Time-Stamping with Binary Linking Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Does secure time-stamping imply collision-free hash functions?
ProvSec'07 Proceedings of the 1st international conference on Provable security
Do broken hash functions affect the security of time-stamping schemes?
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
On the (im)possibility of perennial message recognition protocols without public-key cryptography
Proceedings of the 2011 ACM Symposium on Applied Computing
Hi-index | 0.00 |
It has been known for quite some time that collision-resistance of hash functions does not seem to give any actual security guarantees for unbounded hash-tree time-stamping, where the size of the hash-tree created by the time-stamping service is not explicitly restricted. We focus on the possibility of showing that there exist no black-box reductions of unbounded time-stamping schemes to collision-free hash functions. We propose an oracle that is probably suitable for such a separation and give strong evidence in support of that. However, the existence of a separation still remains open. We introduce the problem and give a construction of the oracle relative to which there seem to be no secure time-stamping schemes but there still exist collision-free hash function families. Although we rule out many useful collision-finding strategies (relative to the oracle) and the conjecture seems quite probable after that, there still remains a possibility that the oracle can be abused by some very smartly constructed wrappers. We also argue why it is probably very hard to give a correct proof for our conjecture.