Proceedings of the 4th ACM conference on Computer and communications security
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Efficient collision search attacks on SHA-0
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Universally composable time-stamping schemes with audit
ISC'05 Proceedings of the 8th international conference on Information Security
Efficient signature schemes supporting redaction, pseudonymization, and data deidentification
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Can We Construct Unbounded Time-Stamping Schemes from Collision-Free Hash Functions?
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
A Secure Round-Based Timestamping Scheme with Absolute Timestamps (Short Paper)
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Knowledge-binding commitments with applications in time-stamping
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Does secure time-stamping imply collision-free hash functions?
ProvSec'07 Proceedings of the 1st international conference on Provable security
Optimally tight security proofs for hash-then-publish time-stamping
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Hi-index | 0.00 |
We study the influence of collision-finding attacks on the security of time-stamping schemes. We distinguish between client-side hash functions used to shorten the documents before sending them to time-stamping servers and server-side hash functions used for establishing one way causal relations between time stamps. We derive necessary and sufficient conditions for client side hash functions and show by using explicit separation techniques that neither collision-resistance nor 2nd preimage resistance is necessary for secure time-stamping. Moreover, we show that server side hash functions can even be not one-way. Hence, it is impossible by using black-box techniques to transform collision-finders into wrappers that break the corresponding time-stamping schemes. Each such wrapper should analyze the structure of the hash function. However, these separations do not necessarily hold for more specific classes of hash functions. Considering this, we take a more detailed look at the structure of practical hash functions by studying the Merkle-Damgård (MD) hash functions. We show that attacks, which are able to find collisions for MD hash functions with respect to randomly chosen initial states, also violate the necessary security conditions for client-side hash functions. This does not contradict the black-box separations results because the MD structure is already a deviation from the black-box setting. As a practical consequence, MD5, SHA-0, and RIPEMD are no more recommended to use as client-side hash functions in time-stamping. However, there is still no evidence against using MD5 (or even MD4) as server-side hash functions.