Abstract. There is a foundational problem involving collision-resistant hash-functions: common constructions are keyless, but formal definitions are keyed. The discrepancy stems from the fact that a function H: {0, 1} ∗ → {0, 1} n always admits an efficient collision-finding algorithm, it’s just that us human beings might be unable to write the program down. We explain a simple way to sidestep this difficulty that avoids having to key our hash functions. The idea is to state theorems in a way that prescribes an explicitly-given reduction, normally a black-box one. We illustrate this approach using well-known examples involving digital signatures, pseudorandom functions, and the Merkle-Damg˚ard construction. Key words. Collision-free hash function, Collision-intractable hash function, Collision-resistant hash function, Cryptographic hash function, Provable security. 1

We propose an efficient batch signature generation scheme for signing multiple messages simultaneously. The scheme can be based on any signature scheme with appendix and resultant signatures preserve the property of independent verification by different recipients. The scheme is shown to be of almost constant complexity for both generation and verification as the number of messages increases while the size of the signature increases only logarithmically with the number of messages in the batch. It is demonstrated that the security of the batch signature is equivalent to the security of the underlying signature mechanisms. Keywords: Batch Cryptography, Digital Signature, Efficiency, Binary Tree. 1 Introduction Electronic commerce is already presenting many new marketing opportunities for commercial organizations. Whilst the notion of electronic commerce pre-existed its usage over the Internet, today electronic commerce and the Internet are often considered as natural allies. A key re...