Sciweavers

Share
CRYPTO
2005
Springer

On the Generic Insecurity of the Full Domain Hash

10 years 21 days ago
On the Generic Insecurity of the Full Domain Hash
The Full-Domain Hash (FDH) signature scheme [3] forms one the most basic usages of random oracles. It works with a family F of trapdoor permutations (TDP), where the signature of m is computed as f−1 (h(m)) (here f ∈R F and h is modelled as a random oracle). It is known to be existentially unforgeable for any TDP family F [3], although a much tighter security reduction is known for a restrictive class of TDP’s [10, 14] — namely, those induced by a family of claw-free permutations (CFP) pairs. The latter result was shown [11] to match the best possible “black-box” security reduction in the random oracle model, irrespective of the TDP family F (e.g., RSA) one might use. In this work we investigate the question if it is possible to instantiate the random oracle h with a “real” family of hash functions H such that the corresponding schemes can be proven secure in the standard model, under some natural assumption on the family F. Our main result rules out the existence of su...
Yevgeniy Dodis, Roberto Oliveira, Krzysztof Pietrz
Added 26 Jun 2010
Updated 26 Jun 2010
Type Conference
Year 2005
Where CRYPTO
Authors Yevgeniy Dodis, Roberto Oliveira, Krzysztof Pietrzak
Comments (0)
books