Skip to main content
SpringerLink
Log in

On Hash Function Firewalls in Signature Schemes

  • Conference paper
  • First Online:
Topics in Cryptology — CT-RSA 2002 (CT-RSA 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2271))

Included in the following conference series:

Abstract

The security of many signature schemes depends on the verifier’s assurance that the same hash function is applied during signature verification as during signature generation. Several schemes provide this assurance by appending a hash function identifier to the hash value. We show that such “hash function firewalls” do not necessarily prevent an opponent from forging signatures with a weak hash function and we give “weak hash function” attacks on several signature schemes that employ such firewalls. We also describe a new signature forgery attack on PKCS #1 v1.5 signatures, possible even with a strong hash function, based on choosing a new (and suspicious-looking) hash function identifier as part of the attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ANSI. ANSI X9.31: Digital Signatures Using Reversible Public-Key Cryptography for the Financial Services Industry (rDSA), 1998.

    Google Scholar 

  2. ANSI. ANSI X9.62: Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm, 1998.

    Google Scholar 

  3. D. R. L. Brown and D. B. Johnson. Formal security proofs for a signature scheme with partial message recovery. Technical Report CORR 2000-39, Department of C&O, University of Waterloo, 2000. Available at http://www.cacr.math.uwaterloo.ca/.

  4. J.-S. Coron, D. Naccache, and J.P. Stern. On the security of RSA padding. In M. J. Wiener, editor, Advances in Cryptology — CRYPTO’ 99 Proceedings, volume 1666 of Lecture Notes in Computer Science, pages 1–18. Springer, 1999.

    Google Scholar 

  5. Taher ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31:469–472, 1985.

    Article  MATH  MathSciNet  Google Scholar 

  6. L. C. Guillou and J.-J. Quisquater. A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory. In C. Günther, editor, Advances in Cryptology — EUROCRYPT’ 88 Proceedings, volume 330 of Lecture Notes in Computer Science, pages 123–128. Springer, 1988.

    Google Scholar 

  7. IEEE. IEEE Std 1363-2000: Standard Specifications for Public-Key Cryptography, 2000.

    Google Scholar 

  8. IEEE P1363 Working Group. IEEE P1363a: Standard Specifications for Public-Key Cryptography: Additional Techniques (draft), June 2001. Draft D9. Available from http://grouper.ieee.org/groups/1363.

  9. ISO/IEC. ISO/IEC FCD 9796-2: Security techniques-Digital signature schemes giving message recovery-Part 2: Mechanisms using a hash-function, 1997.

    Google Scholar 

  10. ISO/IEC. ISO/IEC 10118-3: Security techniques-Hash-functions-Part 3: Dedicated hash-functions, 1998.

    Google Scholar 

  11. ISO/IEC. ISO/IEC 14888-2: Security techniques-Digital signatures with appendix-Part 2: Identity-based mechanisms, 1999.

    Google Scholar 

  12. ISO/IEC. ISO/IEC 9796-3: Security techniques-Digital signature schemes giving message recovery-Part 3: Discrete logarithm based mechanisms, 2000.

    Google Scholar 

  13. ISO/IEC. ISO/IEC FCD 9796-2: Security techniques-Digital signature schemes giving message recovery-Part 2: Integer factorization based mechanisms, draft, April 28, 2001.

    Google Scholar 

  14. J. Linn. RE: re: Interoperability. pem-dev@tis.com message, 15 November 1990. Message-ID 〈9011151315.AA22619@decpa.pa.dec.com〉.

    Google Scholar 

  15. S. M. Matyas, D. B. Johnson, A. V. Le, R. Prymak, W. C. Martin, W. S. Rohland, and J. D. Wilkins. Public key cryptosystem key management based on control vectors. U.S. Patent No. 5,200,999, 6 April 1993. Filed 27 September 1991.

    Google Scholar 

  16. NIST. FIPS PUB 180-1: Secure Hash Standard, 1994.

    Google Scholar 

  17. NIST. FIPS PUB 186-2: Digital Signature Standard, 2000.

    Google Scholar 

  18. NIST. FIPS PUB 180-2 (Draft): Secure Hash Standard, May 2001.

    Google Scholar 

  19. K. Nyberg and R. Rueppel. A new signature scheme based on the DSA giving message recovery. In First ACM Conference on Computer and Communcations Security, pages 58–61. ACM Press, 1993.

    Google Scholar 

  20. L. Pintsov and S. Vanstone. Postal revenue collection in the digital age. Presented at Fourth International Financial Cryptography Conference, FC’ 00, February 2000.

    Google Scholar 

  21. M. O. Rabin. Digitalized signatures and public-key functions as intractable as factorization. Technical Report MIT/LCS/TR-212, MIT Laboratory for Computer Science, 1979.

    Google Scholar 

  22. Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21:120–126, 1978.

    Article  MATH  MathSciNet  Google Scholar 

  23. RSA Laboratories. PKCS #1 v1.5: RSA Encryption Standard, 1993. Available at http://www.rsasecurity.com/rsalabs/pkcs.

  24. H. C. Williams. A modification on the RSA public-key encryption procedure. IEEE Transactions on Information Theory, 26:726–729, 1980.

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. RSA Laboratories, 20 Crosby Drive, 01730, Bedford, MA, USA

    Burton S. Kaliski Jr.

Authors
  1. Burton S. Kaliski Jr.
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Electrical Engineering, Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, 3001, Leuven-Heverlee, Belgium

    Bart Preneel

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kaliski, B.S. (2002). On Hash Function Firewalls in Signature Schemes. In: Preneel, B. (eds) Topics in Cryptology — CT-RSA 2002. CT-RSA 2002. Lecture Notes in Computer Science, vol 2271. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45760-7_1

Download citation

  • DOI: https://doi.org/10.1007/3-540-45760-7_1

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-43224-1

  • Online ISBN: 978-3-540-45760-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation