Secure Hash-and-Sign Signatures Without the Random Oracle

  • Rosario Gennaro
  • Shai Halevi
  • Tal Rabin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1592)


We present a new signature scheme which is existentially unforgeable under chosen message attacks, assuming some variant of the RSA conjecture. This scheme is not based on “signature trees”, and nstead it uses the so called “hash-and-sign” paradigm. It is unique in that the assumptions made on the cryptographic hash function in use are well defined and reasonable (although non-standard). In particular, we do not model this function as a random oracle. We construct our proof of security in steps. First we describe and prove a construction which operates in the random oracle model. Then we show that the random oracle in this construction can be replaced by a hash function which satisfies some strong (but well defined!) computational assumptions. Finally, we demonstrate that these assumptions are reasonable, by proving that a function satisfying them exists under standard intractability assumptions.


Digital Signatures RSA Hash and Sign Random Oracle Smooth Numbers Chameleon Hashing 


  1. 1.
    N. Barić, and B. Pfitzmann. Collision-free accumulators and Fail-stop signature schemes without trees. In Advances in Cryptology — Eurocrypt’ 97, LNCS vol. 1233, Springer, 1997, pages 480–494.Google Scholar
  2. 2.
    M. Bellare and P. Rogaway. Random Oracles are Practical: a Paradigm for Designing Efficient Protocols. In 1st Conf. on Computer and Communications Security, ACM, pages 62–73, 1993.Google Scholar
  3. 3.
    M. Bellare and P. Rogaway. The Exact Security of Digital Signatures: How to Sign with RSA and Rabin. In Advances in Cryptology — Eurocrypt’ 96, LNCS vol. 1070, Springer-Verlag, 1996, pages 399–416.Google Scholar
  4. 4.
    G. Brassard, D. Chaum, and C. Crépeau. Minimum disclosure proofs of knowledge. JCSS, 37(2):156–189, 1988.zbMATHGoogle Scholar
  5. 5.
    R. Canetti, O. Goldreich and S. Halevi. The Random Oracle Methodology, Revisited. STOC’ 98, ACM, 1998, pages ???-???.Google Scholar
  6. 6.
    L. Carter and M. Wegman. Universal Hash Functions. J. of Computer and System Science 18, 1979, pp. 143–154.zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    R. Cramer and I. Damgård. New generation of secure and practical RSA-based signatures. In Advances in Cryptology — CRYPTO’ 96, LNCS vol. 1109, Springer-Verlag, 1996, pages 173–185.CrossRefGoogle Scholar
  8. 8.
    I. Damgård. Collision free hash functions and public key signature schemes. In Advances in Cryptology — Eurocrypt’ 87, LNCS vol. 304, Springer, 1987, pages 203–216.Google Scholar
  9. 9.
    C. Dwork and M. Naor. An efficient existentially unforgeable signature scheme and its applications. In J. of Cryptology, 11(3), Summer 1998, pp. 187–208zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    National Institute for Standards and Technology. Secure Hash Standard, April 17 1995.Google Scholar
  11. 11.
    R. Gennaro, D. Micciancio, and T. Rabin. An Efficient Non-Interactive Statistical Zero-Knowledge Proof System for Quasi-Safe Prime Products. Proceedings of 1998 ACM Conference on Computers and Communication Security.Google Scholar
  12. 12.
    S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing, 17(2):281–308, April 1988.Google Scholar
  13. 13.
    National Institute of Standards and Technology. Digital Signature Standard (DSS), Technical report 169, August 30, 1991.Google Scholar
  14. 14.
    A.K. Lenstra and H.W. Lenstra, Jr. Algorithms in number theory. In Handbook of theoretical computer science, Volume A (Algorithms and Complexity), J. Van Leeuwen (editor), MIT press/ Elsevier, 1990. Pages 673–715.Google Scholar
  15. 15.
    D. Pointcheval and J. Stern. Security Proofs for Signature Schemes. In Advances in Cryptology — Proceedings of EUROCRYPT’96, LNCS vol. 1070, Springer-Verlag, pages 387–398.Google Scholar
  16. 16.
    R. Rivest, A. Shamir and L. Adelman. A Method for Obtaining Digital Signature and Public Key Cryptosystems. Comm. of ACM, 21 (1978), pp. 120–126zbMATHCrossRefGoogle Scholar
  17. 17.
    A. Shamir. On the generation of cryptographically strong pseudorandom sequences. ACM Trans. on Computer Systems, 1(1), 1983, pages 38–44.CrossRefMathSciNetGoogle Scholar
  18. 18.
    H. Krawczyk and T. Rabin. Chameleon Hashing and Signatures. manuscript.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Rosario Gennaro
    • 1
  • Shai Halevi
    • 1
  • Tal Rabin
    • 1
  1. 1.IBM T.J. Watson Research CenterYorktown HeightsUSA

Personalised recommendations