Provable Security

Volume 4784 of the series Lecture Notes in Computer Science pp 138-150

Does Secure Time-Stamping Imply Collision-Free Hash Functions?

  • Ahto BuldasAffiliated withCybernetica, Akadeemia tee 21, 12618 TallinnTallinn University of Technology, Raja 15, 12618 TallinnUniversity of Tartu, Liivi 2, 50409 Tartu
  • , Aivo JürgensonAffiliated withTallinn University of Technology, Raja 15, 12618 TallinnElion Enterprises Ltd, Endla 16, 15033 Tallinn

* Final gross prices may vary according to local VAT.

Get Access


We prove that there are no black-box reductions from Collision-Free Hash Functions to secure time-stamping schemes, which means that in principle secure time-stamping schemes may exist even if there exist no collision-resistant hash functions. We show that there is an oracle relative to which there exist secure time-stamping schemes but no hash function is collision-free. The oracle we use is not new — a similar idea was already used by Simon in 1998 to show that collision-free hash functions cannot be constructed from one-way permutations in a black-box way. Our oracle contains a random hash function family f and a universal collision-finder A. We show that hash-tree time-stamping schemes that use f as a hash function remain secure even in the presence of A. From more practical view, our result is an implicit confirmation that collision-finding attacks against hash functions will tell us quite little about the security of hash-tree time-stamping schemes and that we need more dedicated research about back-dating attacks against practical hash functions.