The Pure Crypto Project's Hash Function

[Ralf Senderek]

On Sat, 3 May 2003, Peter Wayner wrote:

>
> Let's not forget one of the best reasons to use a very non-linear
> hash function like SHA: forging signatures.

Of course!

> Your function may
> inadvertently allow this depending upon the values of A, B and C.
>
> Let m and m' be numbers/messages. If Alice signs m with RSA, it's
> possible for anyone to convert this into a signature of m' with a few
> steps.
>
> Let Alice's signature be m^d mod n. She really should be computing
> h(m)^d mod n, but she's not.
>
> Now let's say we can talk Alice into signing m'/m by computing (m'/m)^d mod n.
>
> Multiply the two together to get (m^d)(m'/m)^d mod n=m'^d mod n.
> Voila a signature of m'.
>
> Obviously this depends upon getting Alice to sign two values.  Even
> if she tries to avoid signing m', she might get tricked into doing
> so. Non-linear hash functions like SHA prevent this.
>
> Can your hash function stop this? I don't think it will if C=n.

In PCP C will never be n, because n is composite and C is a prime
(taken from the RSA-155 challenge). In PCP messages m and m' will
always be hashes and there are naturally additional precautions taken
to prevent that Alice is tricked into signing something that looks
like already encrypted material, that is long numbers. It will issue
a warning, if the text to be signed contains long numbers.

Thus the Pure Crypto Hash will stop this attack reliably inside PCP.

Ralf.

*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*
* Ralf Senderek  <ralf at senderek.de> http://senderek.de  * What is privacy *
* Sandstr. 60   D-41849 Wassenberg  +49 2432-3960       *     without     *
* PGP: AB 2C 85 AB DB D3 10 E7  CD A4 F8 AC 52 FC A9 ED *   Pure Crypto?  *
*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com