Does secure time-stamping imply collision-free hash functions?

Authors:
Ahto Buldas;Aivo Jürgenson
Affiliations:
Cybernetica, Tallinn, Estonia and Tallinn University of Technology, Tallinn, Estonia and University of Tartu, Tartu, Estonia;Tallinn University of Technology, Tallinn, Estonia and Elion Enterprises Ltd., Tallinn, Estonia
Venue:
ProvSec'07 Proceedings of the 1st international conference on Provable security
Year:
2007

Citing 9
Cited 2

Limits on the provable consequences of one-way permutations

STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Secure names for bit-strings

Proceedings of the 4th ACM conference on Computer and communications security
The relationship between public key encryption and oblivious transfer

FOCS '00 Proceedings of the 41st Annual Symposium on Foundations of Computer Science
Update on SHA-1

CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Efficient collision search attacks on SHA-0

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Finding collisions in the full SHA-1

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
How to break MD5 and other hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Do broken hash functions affect the security of time-stamping schemes?

ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security

Can We Construct Unbounded Time-Stamping Schemes from Collision-Free Hash Functions?

ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
On the (im)possibility of perennial message recognition protocols without public-key cryptography

Proceedings of the 2011 ACM Symposium on Applied Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

We prove that there are no black-box reductions from Collision-Free Hash Functions to secure time-stamping schemes, which means that in principle secure time-stamping schemes may exist even if there exist no collision-resistant hash functions. We show that there is an oracle relative to which there exist secure time-stamping schemes but no hash function is collision-free. The oracle we use is not new -- similar idea was already used by Simon in 1998 to show that collision-free hash functions cannot be constructed from one-way permutations in a black-box way. Our oracle contains a random hash function family f and a universal collision-finder A. We show that hash-tree time-stamping schemes that use f as a hash function remain secure even in the presence of A. From more practical view, our result is an implicit confirmation that collision-finding attacks against hash functions will tell us quite little about the security of hash-tree time-stamping schemes and that we need more dedicated research about back-dating attacks against practical hash functions.