Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
A new signature scheme based on the DSA giving message recovery
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
On the Security of RSA Padding
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Postal Revenue Collection in the Digital Age
FC '00 Proceedings of the 4th International Conference on Financial Cryptography
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
Classification of Hash Functions Suitable for Real-Life Systems
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Completely non-malleable schemes
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Lattice-based completely non-malleable public-key encryption in the standard model
Designs, Codes and Cryptography
Hi-index | 0.00 |
The security of many signature schemes depends on the verifier's assurance that the same hash function is applied during signature verification as during signature generation. Several schemes provide this assurance by appending a hash function identifier to the hash value. We show that such "hash function firewalls" do not necessarily prevent an opponent from forging signatures with a weak hash function and we give "weak hash function" attacks on several signature schemes that employ such firewalls. We also describe a new signature forgery attack on PKCS #1 v1.5 signatures, possible even with a strong hash function, based on choosing a new (and suspicious-looking) hash function identifier as part of the attack.