Skip to main content
SpringerLink
Log in

On the Insecurity of the Fiat-Shamir Signatures with Iterative Hash Functions

  • Conference paper
Provable Security (ProvSec 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5848))

Included in the following conference series:

  • 463 Accesses

Abstract

At FOCS 2003, Goldwasser and Kalai showed the insecurity of the digital signature schemes obtained by the Fiat-Shamir transformation in the standard model. However, the proof of this negative result is complicated. This paper shows a much simpler counter example in the restricted (but realistic) case that the hash functions are designed by iterating an underlying hash function with an a-priori bounded input length, although we slightly extend the Fiat-Shamir paradigm. The result in [19] ruled out the case that the underlying identification schemes are interactive proofs, whereas this result can apply to the case.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abdalla, M., An, J., Bellare, M., Namprempre, C.: From identification to signatures via the fiat-shamir transform: Minimizing assumptions for security and forward-security. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, p. 418. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  2. Barak, B.: How to go beyond the black-box simulation barrier. In: Proceedings of the 42th IEEE Annual Symposium on Foundations of Computer Science (FOCS 2001) (October 2001), http://www.math.ias.edu/~boaz

  3. Barak, B., Goldreich, O.: Universal arguments and their applications. In: Conference on Computational Complexity 2002 (2002)

    Google Scholar 

  4. Bellare, M., Ristenpart, T.: Multi-property-preserving hash domain extension and the emd transform. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 299–314. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  5. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: First ACM Conference on Computer and Communication Security, pp. 62–73. Association for Computing Machinery (1993)

    Google Scholar 

  6. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge functions. In: Ecrypt Hash Workshop 2007 (May 2007)

    Google Scholar 

  7. Boldyreva, A., Fischlin, M.: Analysis of random oracle instantiation scenarios for oaep and other practical schemes. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 412–429. Springer, Heidelberg (2005)

    Google Scholar 

  8. Bellare, M., Boldyreva, A., Palacio, A.: An uninstantiable random-oracle-model scheme for a hybrid-encryption problem. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 171–188. Springer, Heidelberg (2004)

    Google Scholar 

  9. Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. In: Proceedings of the 30th annual ACM Symposium on Theory of Computing (STOC 1998), New York, pp. 209–218 (1998)

    Google Scholar 

  10. Canetti, R., Goldreich, O., Halevi, S.: On the random oracle methodology as applied to length-restricted signature schemes. In: Naor [26], pp. 40–57

    Google Scholar 

  11. Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity based encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004)

    Google Scholar 

  12. Chang, D., Nandi, M.: Improved indifferentiability security analysis of chopMD hash function. In: Preproceedings of FSE 2008 (2008)

    Google Scholar 

  13. Coron, J.S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damgård revisited: How to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430–448. Springer, Heidelberg (2005)

    Google Scholar 

  14. Damgård, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)

    Google Scholar 

  15. Dodis, Y., Oliveria, R., Pietrzak, K.: On the generic insecurity of the full domain hash. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 449–466. Springer, Heidelberg (2005)

    Google Scholar 

  16. Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. SIAM. J. Computing 30(2), 391–437 (2000); Presented in STOC 1991

    Article  MATH  MathSciNet  Google Scholar 

  17. Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1986)

    Google Scholar 

  18. Goldreich, O.: Foundations of Cryptography, 1st edn., vol. 2 (Basic Applications). Cambridge University Press, Cambridge (2004)

    MATH  Google Scholar 

  19. Goldwasser, S., Kalai, Y.T.: On the (In)security of the Fiat-Shamir Paradigm. In: Proceedings of the 44th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2003 (2003)

    Google Scholar 

  20. Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal of Computing 17(2), 281–308 (1988)

    Article  MATH  MathSciNet  Google Scholar 

  21. Halevi, S., Myers, S., Rackoff, C.: On seed-incompressible functions. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 19–36. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  22. Maurer, U.M., Renner, R., Holenstein, C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor [26], pp. 21–39

    Google Scholar 

  23. Maurer, U.M., Tessaro, S.: Domain extension of public random functions: Beyond the birthday barrier. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 187–204. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  24. Merkle, R.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)

    Google Scholar 

  25. Micali, C.: CS proofs. In: Proceedings of the 35th IEEE Annual Symposium on Foundations of Computer Science (FOCS 1994), pp. 436–453 (1997)

    Google Scholar 

  26. Naor, M. (ed.): TCC 2004. LNCS, vol. 2951. Springer, Heidelberg (2004)

    MATH  Google Scholar 

  27. Nielsen, J.B.: Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-commiting Encryption Case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 111. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  28. Ohta, K., Okamoto, T.: On concrete security treatment of signatures derived from identification. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 354–369. Springer, Heidelberg (1998)

    Google Scholar 

  29. Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996)

    Google Scholar 

  30. Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. Journal of Cryptology 13(4), 361–396 (2000)

    Article  MATH  Google Scholar 

  31. Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: Proceedings of the 40th IEEE Annual Symposium on Foundations of Computer Science (FOCS 1999), pp. 543–553 (1999)

    Google Scholar 

  32. De Santis, A., Di Crescenzo, G., Ostrovsky, R., Persiano, G., Sahai, A.: Robust non-interactive zero knowledge. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 566. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. NTT, 3-9-11 Midori-cho, Musashino-shi, Tokyo, 180-8585, Japan

    Eiichiro Fujisaki & Ryo Nishimaki

  2. Department of Mathematical and Computing Sciences, Tokyo Institute of Technology, W8-55, 2-12-1 Ookayama, Meguro-ku, Tokyo, 152-8552, Japan

    Keisuke Tanaka

Authors
  1. Eiichiro Fujisaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ryo Nishimaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Keisuke Tanaka
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Macquarie University, 2109, Sydney, NSW, Australia

    Josef Pieprzyk

  2. School of Information Science and Technology, Sun Yat-Sen University, 510275, Guangzhou, P.R.China

    Fangguo Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Fujisaki, E., Nishimaki, R., Tanaka, K. (2009). On the Insecurity of the Fiat-Shamir Signatures with Iterative Hash Functions. In: Pieprzyk, J., Zhang, F. (eds) Provable Security. ProvSec 2009. Lecture Notes in Computer Science, vol 5848. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04642-1_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04642-1_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04641-4

  • Online ISBN: 978-3-642-04642-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation