Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Introduction to Cryptography
Some Observations on the Theory of Cryptographic Hash Functions
Designs, Codes and Cryptography
Complexity and Cryptography: An Introduction
Complexity and Cryptography: An Introduction
An alternative analysis of the open hashing algorithm
Math'04 Proceedings of the 5th WSEAS International Conference on Applied Mathematics
Probability of collisions in soft input decryption
MATH'08 Proceedings of the American Conference on Applied Mathematics
A general approach to off-line signature verification
WSEAS Transactions on Computers
Second preimages on n-bit hash functions for much less than 2n work
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Strengthening digital signatures via randomized hashing
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Hi-index | 0.00 |
Use of computer networks is expanding in many important areas such as e-government, e-business, e-learning etc. In any such communications network it is crucial to be able to authenticate both the contents and the origin of a message. Digital signatures (based on public key schemas) are used for authentication and ideally they should provide the same guarantees as a handwritten signatures: unforgeability (only the author of a message should be able to sign his name to a message), undeniability (the author of a message should not be able to deny he signed it at a later stage) and authentication (the signature should allow the contents of the message to be authenticated). In order to provide message authentication the signature must depend on the contents of the message being signed. Two major problems with the public key-based signature schemes are that they are existentially forgeable and if the message is long then the signature will take a long time to compute. To overcome both of these problems hash functions that map a (possibly lengthy) message M to a small digest h(M) are used. Among other desirable properties (the length of h(M) should be small, the function h should be a publicly known one-way function, it should destroy algebraic relationships between messages and signatures), an interesting one is that it should be 'collision-resistant', that is it should be difficult to find two messages with the same hash value. To find a collision the birthday attack is used, which shows that attacker may not need to examine too many messages before he finds a collision. If attacker generates random messages and computes their hash values then with probability at least ½ he finds a collision after generating √(2|R|) messages, where |R| is the total number of possible hash values for the corresponding hash function. The real situation is even worse. In previous estimates it is always assumed that the hash function is regular, meaning that all points in the range have the same number of pre-images under h. If h is not regular, fewer trials are required. Here we examine different types of irregularity of the hash function and the quantitative changes in the required number of trials to find a collision.