Article

On the Exact Security of Full Domain Hash

Author:

Jean-Sébastien CoronAuthors Info & Claims

CRYPTO '00: Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology

Pages 229 - 235

Published: 20 August 2000 Publication History

Abstract

The Full Domain Hash (FDH) scheme is a RSA-based signature scheme in which the message is hashed onto the full domain of the RSA function. The FDH scheme is provably secure in the random oracle model, assuming that inverting RSA is hard. In this paper we exhibit a slightly different proof which provides a tighter security reduction. This in turn improves the efficiency of the scheme since smaller RSA moduli can be used for the same level of security. The same method can be used to obtain a tighter security reduction for Rabin signature scheme, Paillier signature scheme, and the Gennaro-Halevi-Rabin signature scheme.

References

[1]

M. Bellare and P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols. Proceedings of the First Annual Conference on Computer and Commmunications Security, ACM, 1993.

Crossref

Google Scholar

[2]

M. Bellare and P. Rogaway, The exact security of digital signatures - How to sign with RSA and Rabin. Proceedings of Eurocrypt'96, LNCS vol. 1070, Springer-Verlag, 1996, pp. 399-416.

Crossref

Google Scholar

[3]

W. Diffie and M. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, IT-22, 6, pp. 644-654, 1976.

Google Scholar

[4]

R. Gennaro, S. Halevi, T. Rabin, Secure hash-and-sign signatures without the random oracle, proceedings of Eurocrypt'99, LNCS vol. 1592, Springer-Verlag, 1999, pp. 123-139.

Crossref

Google Scholar

[5]

S. Goldwasser, S. Micali and R. Rivest, A digital signature scheme secure against adaptive chosen-message attacks, SIAM Journal of computing, 17(2):281-308, april 1988.

Crossref

Google Scholar

[6]

A. Lenstra and H. Lenstra (eds.), The development of the number field sieve, Lecture Notes in Mathematics, vol 1554, Springer-Verlag, 1993.

Google Scholar

[7]

P. Paillier, Public-key cryptosystems based on composite degree residuosity classes. Proceedings of Eurocrypt'99, Lecture Notes in Computer Science vol. 1592, Springer-Verlag, 1999, pp. 223-238.

Crossref

Google Scholar

[8]

M.O. Rabin, Digitalized signatures and public-key functions as intractable as factorization, MIT/LCS/TR-212, MIT Laboratory for Computer Science, 1979.

Crossref

Google Scholar

[9]

R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public key cryptosystems, CACM 21, 1978.

Crossref

Google Scholar

[10]

RSA Laboratories, PKCS #1 : RSA cryptography specifications, version 2.0, September 1998.

Google Scholar

Cited By

View all

Fleischhacker NJager TSchröder D(2019)On Tight Security Proofs for Schnorr SignaturesJournal of Cryptology10.1007/s00145-019-09311-532:2(566-599)Online publication date: 1-Apr-2019
https://dl.acm.org/doi/10.1007/s00145-019-09311-5
Joye MMichalevsky YChang CRührmair UHolcomb DGuajardo J(2018)RSA Signatures Under Hardware RestrictionsProceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security10.1145/3266444.3266451(51-54)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3266444.3266451
Jager TKakvi SMay ALie DMannan MBackes MWang X(2018)On the Security of the PKCS#1 v1.5 Signature SchemeProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243798(1195-1208)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243798
Show More Cited By

On the Exact Security of Full Domain Hash
1. Security and privacy

Recommendations

Optimal Security Proofs for Full Domain Hash, Revisited

RSA Full Domain Hash (RSA-FDH) is a digital signature scheme, secure against chosen message attacks in the random oracle model. The best known security reduction from the RSA assumption is non-tight, i.e., it loses a factor of $$q_s$$qs, where $$q_s$$qs ...
Security Proof for Partial-Domain Hash Signature Schemes
CRYPTO '02: Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology

We study the security of partial-domain hash signature schemes, in which the output size of the hash function is only a fraction of the modulus size. We show that for e = 2 (Rabin), partial-domain hash signature schemes are provably secure in the ...
Optimal security proofs for full domain hash, revisited
EUROCRYPT'12: Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques

RSA Full Domain Hash (RSA-FDH) is a digital signature scheme, secure again chosen message attacks in the random oracle model. The best known security reduction from the RSA assumption is nontight, i.e., it loses a factor of q_s, where q_s is the number of ...

Comments

Information & Contributors

Information

Published In

CRYPTO '00: Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology

August 2000

544 pages

ISBN:3540679073

Editor:
Mihir Bellare

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 20 August 2000

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

104
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Fleischhacker NJager TSchröder D(2019)On Tight Security Proofs for Schnorr SignaturesJournal of Cryptology10.1007/s00145-019-09311-532:2(566-599)Online publication date: 1-Apr-2019
https://dl.acm.org/doi/10.1007/s00145-019-09311-5
Joye MMichalevsky YChang CRührmair UHolcomb DGuajardo J(2018)RSA Signatures Under Hardware RestrictionsProceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security10.1145/3266444.3266451(51-54)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3266444.3266451
Jager TKakvi SMay ALie DMannan MBackes MWang X(2018)On the Security of the PKCS#1 v1.5 Signature SchemeProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243798(1195-1208)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243798
Hu XTang CWong DZheng X(2018)Efficient pairing-free PRE schemes for multimedia data sharing in IoTMultimedia Tools and Applications10.1007/s11042-017-5387-177:14(18327-18354)Online publication date: 1-Jul-2018
https://dl.acm.org/doi/10.1007/s11042-017-5387-1
Kakvi SKiltz E(2018)Optimal Security Proofs for Full Domain Hash, RevisitedJournal of Cryptology10.1007/s00145-017-9257-931:1(276-306)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1007/s00145-017-9257-9
Schuldt JShinagawa KKarri RSinanoglu OSadeghi AYi X(2017)On the Robustness of RSA-OAEP Encryption and RSA-PSS Signatures Against (Malicious) Randomness FailuresProceedings of the 2017 ACM on Asia Conference on Computer and Communications Security10.1145/3052973.3053040(241-252)Online publication date: 2-Apr-2017
https://dl.acm.org/doi/10.1145/3052973.3053040
(2016)Born and raised distributivelyTheoretical Computer Science10.1016/j.tcs.2016.02.031645:C(1-24)Online publication date: 13-Sep-2016
https://dl.acm.org/doi/10.1016/j.tcs.2016.02.031
Russell ATang QYung MZhou H(2016)CliptographyProceedings, Part II, of the 22nd International Conference on Advances in Cryptology --- ASIACRYPT 2016 - Volume 1003210.1007/978-3-662-53890-6_2(34-64)Online publication date: 4-Dec-2016
https://dl.acm.org/doi/10.1007/978-3-662-53890-6_2
Hofheinz D(2016)Algebraic PartitioningProceedings, Part I, of the 13th International Conference on Theory of Cryptography - Volume 956210.1007/978-3-662-49096-9_11(251-281)Online publication date: 10-Jan-2016
https://dl.acm.org/doi/10.1007/978-3-662-49096-9_11
Zhou FPeng SXu JXu Z(2016)Identity-Based Batch Provable Data PossessionProceedings of the 10th International Conference on Provable Security - Volume 1000510.1007/978-3-319-47422-9_7(112-129)Online publication date: 10-Nov-2016
https://dl.acm.org/doi/10.1007/978-3-319-47422-9_7
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Recommendations

Optimal Security Proofs for Full Domain Hash, Revisited

Security Proof for Partial-Domain Hash Signature Schemes

Optimal security proofs for full domain hash, revisited

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations