On Provably Secure Time-Stamping Schemes

  • Ahto Buldas
  • Märt Saarepera
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3329)


It is almost a folklore-knowledge that hash-based time-stamping schemes are secure if the underlying hash function is collision-resistant but still no rigorous proofs have been published. We try to establish such proof and conclude that the existing security conditions are improper because they ignore precomputations by adversaries.After analyzing a simplistic patent filing scenario, we suggest a new security condition for time-stamping schemes that leads to a new security property of hash functions – chain-resistance. We observe that if the variety of possible shapes of hash-chains is polynomial (and the verification procedure is suitably improved), then the time-stamping scheme becomes provably secure, assuming that the underlying hash function is collision-resistant. Finally, we show that in some sense, the restrictions in the security definition are necessary – conventional black-box techniques are unable to prove that chain-resistance follows from collision-resistance.


Hash Function Turing Machine Random Oracle Security Condition Security Proof 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bayer, D., Haber, S., Stornetta, W.-S.: Improving the efficiency and reliability of digital time-stamping. In: Sequences II: Methods in Communication, Security, and Computer Science, pp. 329–334. Springer, New York (1993)Google Scholar
  2. 2.
    Benaloh, J., de Mare, M.: Efficient broadcast time-stamping. Tech. report 1, Clarkson Univ. Dep. of Mathematics and Computer Science (August 1991)Google Scholar
  3. 3.
    Buldas, A., Laud, P., Lipmaa, H., Villemson, J.: Time-Stamping with Binary Linking Schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 486–501. Springer, Heidelberg (1998)Google Scholar
  4. 4.
    Haber, S., Stornetta, W.-S.: How to time-stamp a digital document. Journal of Cryptology 3(2), 99–111 (1991)CrossRefGoogle Scholar
  5. 5.
    Haber, S., Stornetta, W.-S.: Secure Names for Bit-Strings. In: ACM Conference on Computer and Communications Security, pp. 28–35 (1997)Google Scholar
  6. 6.
    Gertner, Y., Kannan, S., Malkin, T., Reingold, O., Viswanathan, M.: The relationship between public key encryption and oblivious transfer. In: FOCS 2000, 41st IEEE Symposium on the Foundations of Computer Science, pp. 325–335 (2000)Google Scholar
  7. 7.
    Hohenberger, S.R.: The Cryptographic Impact of Groups with Infeasible Inversion. Master Thesis. Massachusetts Institute of Technology (May 2003)Google Scholar
  8. 8.
    Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: Proceedings of 21st Annual ACM Symposium on the Theory of Computing, pp. 44–61 (1989)Google Scholar
  9. 9.
    ISO IEC 18014-3,Time-stamping services – Part 3: Mechanisms producing linked tokensGoogle Scholar
  10. 10.
    Luby, M.: Pseudorandomness and cryptographic applications. Princeton University Press, Princeton (1996)zbMATHGoogle Scholar
  11. 11.
    Merkle, R.C.: Protocols for public-key cryptosystems. In: Proceedings of the 1980 IEEE Symposium on Security and Privacy, pp. 122–134 (1980)Google Scholar
  12. 12.
    Russell, A.: Necessary and sufficient conditions for collision-free hashing. Journal of Cryptology 8, 87–99 (1995)zbMATHGoogle Scholar
  13. 13.
    Simon, D.: Finding collisions on a one-way street: can secure hash functions be based on general assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 334–345. Springer, Heidelberg (1998)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Ahto Buldas
    • 1
    • 2
    • 3
  • Märt Saarepera
    • 4
  1. 1.University of TartuTartuEstonia
  2. 2.CyberneticaTallinnEstonia
  3. 3.Tallinn University of TechnologyTallinnEstonia
  4. 4.Independent researcher 

Personalised recommendations