On the Exact Security of Full Domain Hash

  • Jean-Sébastien Coron
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1880)


The Full Domain Hash (FDH) scheme is a RSA-based signature scheme in which the message is hashed onto the full domain of the RSA function. The FDH scheme is provably secure in the random oracle model, assuming that inverting RSA is hard. In this paper we exhibit a slightly di.erent proof which provides a tighter security reduction. This in turn improves the e.ciency of the scheme since smaller RSA moduli can be used for the same level of security. The same method can be used to obtain a tighter security reduction for Rabin signature scheme, Paillier signature scheme, and the Gennaro-Halevi-Rabin signature scheme.


Hash Function Signature Scheme Random Oracle Random Oracle Model Signature Query 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    M. Bellare and P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols. Proceedings of the First Annual Conference on Computer and Commmunications Security, ACM, 1993.Google Scholar
  2. 2.
    M. Bellare and P. Rogaway, The exact security of digital signatures-How to sign with RSA and Rabin. Proceedings of Eurocrypt’96, LNCS vol. 1070, Springer-Verlag, 1996, pp. 399–416.Google Scholar
  3. 3.
    W. Diffie and M. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, IT-22,6, pp. 644–654, 1976.CrossRefMathSciNetGoogle Scholar
  4. 4.
    R. Gennaro, S. Halevi, T. Rabin, Secure hash-and-sign signatures without the random oracle, proceedings of Eurocrypt’99, LNCS vol. 1592, Springer-Verlag, 1999, pp. 123–139.Google Scholar
  5. 5.
    S. Goldwasser, S. Micali and R. Rivest, A digital signature scheme secure against adaptive chosen-message attacks, SIAM Journal of computing, 17(2):281–308, april 1988.Google Scholar
  6. 6.
    A. Lenstra and H. Lenstra (eds.), The development of the number field sieve, Lecture Notes in Mathematics, vol 1554, Springer-Verlag, 1993.Google Scholar
  7. 7.
    P. Paillier, Public-key cryptosystems based on composite degree residuosity classes. Proceedings of Eurocrypt’99, Lecture Notes in Computer Science vol. 1592, Springer-Verlag, 1999, pp. 223–238.Google Scholar
  8. 8.
    M.O. Rabin, Digitalized signatures and public-key functions as intractable as factorization, MIT/LCS/TR-212, MIT Laboratory for Computer Science, 1979.Google Scholar
  9. 9.
    R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public key cryptosystems, CACM 21, 1978.Google Scholar
  10. 10.
    RSA Laboratories, PKCS #1: RSA cryptography specifications, version 2.0, September 1998.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Jean-Sébastien Coron
    • 1
    • 2
  1. 1.Ecole Normale SupérieureParisFrance
  2. 2.Gemplus Card InternationalIssy-les-MoulineauxFrance

Personalised recommendations