Security Proof for Partial-Domain Hash Signature Schemes

  • Jean-Sébastien Coron
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2442)


We study the security of partial-domain hash signature schemes, in which the output size of the hash function is only a fraction of the modulus size. We show that for e = 2 (Rabin), partial-domain hash signature schemes are provably secure in the random oracle model, if the output size of the hash function is larger than 2/3 of the modulus size. This provides a security proof for a variant of the signature standards ISO 9796-2 and PKCS#1 v1.5, in which a larger digest size is used.


Signature Schemes Provable Security Random Oracle Model 


  1. 1.
    ANSI X9.31, Digital signatures using reversible public-key cryptography for the financial services industry (rDSA), 1998.Google Scholar
  2. 2.
    M. Bellare and P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols. Proceedings of the First Annual Conference on Computer and Commmunications Security, ACM, 1993.'Google Scholar
  3. 3.
    M. Bellare and P. Rogaway, The exact security of digital signatures-How to sign with RSA and Rabin. Proceedings of Eurocrypt’96, LNCS vol. 1070, Springer-Verlag, 1996, pp. 399–416.Google Scholar
  4. 4.
    R. Canetti, O. Goldreich and S. Halevi, The random oracle methodology, revisited, STOC’ 98, ACM, 1998.Google Scholar
  5. 5.
    J.S. Coron, D. Naccache and J.P. Stern, On the security of RSA Padding, Proceedings of Crypto’99, LNCS vol. 1666, Springer-Verlag, 1999, pp. 1–18.Google Scholar
  6. 6.
    J.S. Coron, On the exact security of Full Domain Hash, Proceedings of Crypto 2000, LNCS vol. 1880, Springer-Verlag, 2000, pp. 229–235.Google Scholar
  7. 7.
    J.S. Coron, Security proof for partial-domain hash signature schemes. Full version of this paper. Cryptology ePrint Archive,
  8. 8.
    S. Goldwasser, S. Micali and R. Rivest, A digital signature scheme secure against adaptive chosen-message attacks, SIAM Journal of computing, 17(2):281–308, april 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    G.H. Hardy and E.M. Wright, An introduction to the theory of numbers, Oxford science publications,.fifth edition.Google Scholar
  10. 10.
    K. Hickman, The SSL Protocol, December 1995. Available electronically at:
  11. 11.
    ISO/IEC 9796-2, Information technology-Security techniques-Digital signature scheme giving message recovery, Part 2: Mechanisms using a hash-function, 1997.Google Scholar
  12. 12.
    A.J. Menezes, P. C. van Oorschot and S.A. Vanstone, Handbook of Applied Cryptography, CRC press, 1996.Google Scholar
  13. 13.
    P. Paillier, Public-key cryptosystems based on composite degree residuosity classes, proceedings of Eurocrypt’99, LNCS 1592, pp. 223–238, 1999.Google Scholar
  14. 14.
    R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public key cryptosystems, CACM 21, 1978.Google Scholar
  15. 15.
    RSA Laboratories, PKCS #1: RSA cryptography speci.cations, version 1.5, November 1993 and version 2.0, September 1998.Google Scholar
  16. 16.
    B. Vallée, Generatiosn of elements with small modular squares and provably fast integer factoring algorithms, Mathematics of Computation, vol. 56, number 194, april 1991, pp. 823–849.zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Jean-Sébastien Coron
    • 1
  1. 1.Gemplus Card InternationalIssy-les-MoulineauxFrance

Personalised recommendations