Digital Signatures Out of Second-Preimage Resistant Hash Functions

  • Erik Dahmen
  • Katsuyuki Okeya
  • Tsuyoshi Takagi
  • Camille Vuillaume
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5299)


We propose a new construction for Merkle authentication trees which does not require collision resistant hash functions; in contrast with previous constructions that attempted to avoid the dependency on collision resistance, our technique enjoys provable security assuming the well-understood notion of second-preimage resistance. The resulting signature scheme is existentially unforgeable when the underlying hash function is second-preimage resistant, yields shorter signatures, and is affected neither by birthday attacks nor by the recent progresses in collision-finding algorithms.


Merkle signatures provable security second-preimage resistance 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Rogaway, P.: Collision-resistant hashing: Towards making UOWHFs practical. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 470–484. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  2. 2.
    Dods, C., Smart, N., Stam, M.: Hash based digital signature schemes. In: Smart, N. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 96–115. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    García, L.C.C.: On the security and the efficiency of the merkle signature scheme. Cryptology ePrint Archive, Report 2005/192 (2005),
  4. 4.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17(2), 281–308 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Halevi, S., Krawczyk, H.: Strengthening digital signatures via randomized hashing. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 41–59. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Lamport, L.: Constructing digital signatures from a one way function. Technical Report SRI-CSL-98, SRI International Computer Science Laboratory (1979)Google Scholar
  7. 7.
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar
  8. 8.
    Naor, D., Shenhav, A., Wool, A.: One-time signatures revisited: Have they become practical. Cryptology ePrint Archive, Report 2005/442 (2005),
  9. 9.
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: 21st Annual ACM Symposium on Theory of Computing - STOC 1989, pp. 33–43. ACM Press, New York (1989)Google Scholar
  10. 10.
    Rogaway, P., Shrimpton, T.: Cryptographic hash-function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 371–388. Springer, Heidelberg (2004)Google Scholar
  11. 11.
    Rohatgi, P.: A compact and fast hybrid signature scheme for multicast packet authentication. In: ACM Conference on Computer and Communications Security - CSS 1999, pp. 93–100. ACM Press, New York (1999)Google Scholar
  12. 12.
    Shoup, V.: A composition theorem for universal one-way hash functions. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 445–452. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Szydlo, M.: Merkle tree traversal in log space and time. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 541–554. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Erik Dahmen
    • 1
  • Katsuyuki Okeya
    • 2
  • Tsuyoshi Takagi
    • 3
  • Camille Vuillaume
    • 2
  1. 1.Technische Universität DarmstadtGermany
  2. 2.Hitachi, Ltd., Systems Development LaboratoryJapan
  3. 3.Future University, HakodateJapan

Personalised recommendations