## Relation between Successfulness of Birthday Attack on Digital Signature and Hash Function Irregularity

Citations: | 1 - 0 self |

### BibTeX

@MISC{Tuba_relationbetween,

author = {Milan Tuba and Nadezda Stanarevic and Milan Tuba and Nadezda Stanarevic},

title = {Relation between Successfulness of Birthday Attack on Digital Signature and Hash Function Irregularity},

year = {}

}

### OpenURL

### Abstract

Abstract:- In many network communications it is crucial to be able to authenticate both the contents and the origin of a message. Digital signatures based on public key schemas are used for such authentication. In order to provide message authentication the signature must depend on the contents of the message being signed. Since the public key-based signature schemes take too much time to compute, hash functions that map messages to short digests h(M) are used. Among other desirable properties of hash functions, an interesting one is that it should be collision-resistant, that is it should be difficult to find two messages with the same hash value. To find a collision the birthday attack is used, which shows that attacker may not need to examine too many messages before he finds a collision. Even worse, in estimates of attack successfulness it is always assumed that the hash function is regular, meaning that all points in the range have the same number of preimages under h. If h is not regular, fewer trials are required to find a collision. In this paper we first compute tighter upper and lower bounds for the number of birthday attack trials when the hash function is regular. Then we examine different types of irregularity of the hash function and the quantitative changes in the required number of trials to find a collision which then compromises the digital signature system. Key-Words:- Digital signature, Birthday attack, Irregular hash function, Hash collision 1

### Citations

85 |
Applied Cryptography Second Edition: protocols, algorithms and source code in C
- Schneier
- 1996
(Show Context)
Citation Context ...an actual, use cases. Stinson [11] says that preimage resistance implies collision resistance under certain circumstances, such as, for example, when the hash function is "close to" uniform. Schneier =-=[12]-=- says that to prevent birthday attacks one should choose the output length t large enough that 2 t/2 trials are infeasible. Buchmann's discussion of the attack says [13] that the distribution on the c... |

80 | A new forward-secure digital signature scheme
- Abdalla, Reyzin
- 2000
(Show Context)
Citation Context ... signature scheme is a type of asymmetric cryptography used to simulate the security properties of a handwritten signature on the paper. Digital signature schemes consist of at least three algorithms =-=[3]-=-: ISSN: 1790-0832 186 Issue 2, Volume 7, February 2010WSEAS TRANSACTIONS on INFORMATION SCIENCE and APPLICATIONS Milan Tuba, Nadezda Stanarevic � � � a key generation algorithm, a signature algorithm... |

60 | Strengthening digital signatures via randomized hashing
- Halevi, Krawczyk
- 2006
(Show Context)
Citation Context ...hould map strings of bits of variable length to fix-length strings of bits, called the hash value of the message {0,1} m � {0,1} t , where m > t [4], [5]. Ideally it has the following properties [6], =-=[7]-=-, [8]: � � � � � � The length of h(M) should be small so that messages can be signed efficiently. The function h should be a publicly known one-way function – it should be hard to find a message that ... |

43 |
Preimages on n-Bit Hash Functions for Much Less than 2n Work
- Kelsey, Schneier, et al.
- 2005
(Show Context)
Citation Context ... map strings of bits of variable length to fix-length strings of bits, called the hash value of the message {0,1} m � {0,1} t , where m > t [4], [5]. Ideally it has the following properties [6], [7], =-=[8]-=-: � � � � � � The length of h(M) should be small so that messages can be signed efficiently. The function h should be a publicly known one-way function – it should be hard to find a message that hashe... |

30 | Some observations on the theory of cryptographic hash functions
- Stinson
- 2001
(Show Context)
Citation Context ...n the past years, literature in the field describes relatively small number of examples in which irregular hash functions are used and cover mostly theoretical, rather than actual, use cases. Stinson =-=[11]-=- says that preimage resistance implies collision resistance under certain circumstances, such as, for example, when the hash function is "close to" uniform. Schneier [12] says that to prevent birthday... |

29 | Hash Function Balance and its Impact on Birthday Attacks. Number 2003/65 in Cryptology eprint archive. eprint.iacr.org
- Bellare, Kohno
- 2003
(Show Context)
Citation Context ...d a pair of messages M ≠ M' such that h(M)=h(M'). The question is can we compute “irregularity amount” of hash function. The idea of “irregularity amount” or hash function's balance was introduced in =-=[10]-=-. Balance can be defined as a real number between 0 and 1, where balance 1 indicates that the hash function is regular and balance 0 indicates that it is a constant function, meaning as irregular as c... |

7 |
Welsh “Complexity and Cryptography,” An Introduction
- Talbot, Dominic
- 2006
(Show Context)
Citation Context ...st h(M) are used. 1.2 Hash Function A hash function h should map strings of bits of variable length to fix-length strings of bits, called the hash value of the message {0,1} m � {0,1} t , where m > t =-=[4]-=-, [5]. Ideally it has the following properties [6], [7], [8]: � � � � � � The length of h(M) should be small so that messages can be signed efficiently. The function h should be a publicly known one-w... |

2 |
Encryption and decryption algorithm of data transmission in network security
- Tsang-Yean, Huey-Ming
(Show Context)
Citation Context ... safety of information would make pointless any serious communication or data exchange. In general, the functions of security system are confidentiality, authentication, integrity and non-repudiation =-=[1]-=-. The last three functions are usually facilitated by digital signatures. In order to provide message authentication the signature must depend on the contents of the message being signed. The problem ... |

2 | A general approach to off-line signature verification
- Kovari, Albert, et al.
(Show Context)
Citation Context ...y of the mechanism they use. 1.1 Digital Signature To prove the authenticity of legal, financial or other important documents in electronic form, a mechanism analog to handwritten signature is needed =-=[2]-=-. Such method first and foremost has to be resistant to forgeries. A digital signature or digital signature scheme is a type of asymmetric cryptography used to simulate the security properties of a ha... |

2 |
A New Message Digest Function for Message Authentication
- Rahman, Masum, et al.
(Show Context)
Citation Context ...n h should map strings of bits of variable length to fix-length strings of bits, called the hash value of the message {0,1} m � {0,1} t , where m > t [4], [5]. Ideally it has the following properties =-=[6]-=-, [7], [8]: � � � � � � The length of h(M) should be small so that messages can be signed efficiently. The function h should be a publicly known one-way function – it should be hard to find a message ... |

1 | Probability of collisions in soft input decryption
- Zivic, Ruland
(Show Context)
Citation Context ...M) are used. 1.2 Hash Function A hash function h should map strings of bits of variable length to fix-length strings of bits, called the hash value of the message {0,1} m � {0,1} t , where m > t [4], =-=[5]-=-. Ideally it has the following properties [6], [7], [8]: � � � � � � The length of h(M) should be small so that messages can be signed efficiently. The function h should be a publicly known one-way fu... |

1 |
An alternative analysis of the open hashing algorithm
- Sun, Nakamura
(Show Context)
Citation Context ...at sender's consent or knowledge. The time required to find a collision is one of the most important measures in evaluating a hash algorithm. This time is also called the search cost of the algorithm =-=[9]-=-. 1.4 The Balance Measure of Hash Functions The most important properties of hash function, concerning a digital signature, is collision resistance - an attacker should not be able to find a pair of m... |

1 |
Introduction to cryptography
- J
(Show Context)
Citation Context ...s "close to" uniform. Schneier [12] says that to prevent birthday attacks one should choose the output length t large enough that 2 t/2 trials are infeasible. Buchmann's discussion of the attack says =-=[13]-=- that the distribution on the corresponding hash values is the uniform distribution. Aforementioned proofs and assumptions depend on the regularity of the hash functions and its ISSN: 1790-0832 191 Is... |