Security for computer networks: an introduction to data security in teleprocessing and electronic funds transfer
A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Confirmation that some hash functions are not collision free
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Hash functions based on block ciphers: a synthetic approach
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Security of iterated hash functions based on block ciphers
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
A Design Principle for Hash Functions
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
One Way Hash Functions and DES
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
The MD4 Message Digest Algorithm
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Keying Hash Functions for Message Authentication
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Collision-Resistant Hashing: Towards Making UOWHFs Practical
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
TIGER: A Fast New Hash Function
Proceedings of the Third International Workshop on Fast Software Encryption
Formal aspects of mobile code security
Formal aspects of mobile code security
Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups
Journal of Cryptology
Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
How to Fill Up Merkle-Damgård Hash Functions
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Hash-and-sign with weak hashing made secure
ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
A failure-friendly design principle for hash functions
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
On the possibility of constructing meaningful hash collisions for public keys
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Second preimages on n-bit hash functions for much less than 2n work
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Strengthening digital signatures via randomized hashing
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Collision-Resistant no more: hash-and-sign paradigm revisited
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
SP 800-106. Randomized Hashing for Digital Signatures
SP 800-106. Randomized Hashing for Digital Signatures
Domain extension for enhanced target collision-resistant hash functions
FSE'10 Proceedings of the 17th international conference on Fast software encryption
Cryptanalysis of the 10-round hash and full compression function of SHAvite-3-512
AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
The first 30 years of cryptographic hash functions and the NIST SHA-3 competition
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
On the security of tan et al. serverless RFID authentication and search protocols
RFIDSec'12 Proceedings of the 8th international conference on Radio Frequency Identification: security and privacy issues
| Hi-index | 0.00 |
Halevi and Krawczyk proposed a message randomization algorithm called RMX as a front-end tool to the hash-then-sign digital signature schemes such as DSS and RSA in order to free their reliance on the collision resistance property of the hash functions. They have shown that to forge a RMX-hash-then-sign signature scheme, one has to solve a cryptanalytical task which is related to finding second preimages for the hash function. In this article, we will show how to use Dean's method of finding expandable messages for finding a second preimage in the Merkle-Damgård hash function to existentially forge a signature scheme based on a t -bit RMX-hash function which uses the Davies-Meyer compression functions (e.g., MD4, MD5, SHA family) in 2 t /2 chosen messages plus 2 t /2 + 1 off-line operations of the compression function and similar amount of memory. This forgery attack also works on the signature schemes that use Davies-Meyer schemes and a variant of RMX published by NIST in its Draft Special Publication (SP) 800-106. We discuss some important applications of our attack.