Posts Tagged ‘Randomized Hashing
To accommodate the randomizing of a message during digital signature generation and verification, additional operations are needed as specified below.
- Obtain the rv (Randomized Value).
- Randomize the message Ms with rv obtaining the randomized message M.
- Generate a digital signature sig on the randomized message M.
- Provide the original message Ms, the random value rv and the digital signature sig for signature verification.
- The digital signature verifier receives the signature sig′, the message Ms′ and the random value rv′.
- Ms′ is randomized with rv′ (Ms′ is used as Ms, and rv′ is used as rv in the randomization process). Let the randomized result be M′.
- M′ and the signature sig′ are used in the signature verification and validation process.
Randomized hashing is designed for situations where one party, the message preparer, generates all or part of a message to be signed by a second party, the message signer. If the message preparer is able to find cryptographic hash function collisions (i.e., two messages producing the same hash value), then she might prepare meaningful versions of the message that would produce the same hash value and digital signature, but with different results (e.g., transferring $1,000,000 to an account, rather than $10). Cryptographic hash functions have been designed with collision resistance as a major goal, but the current concentration on attacking cryptographic hash functions may result in a given cryptographic hash function providing less collision resistance than expected. Randomized hashing offers the signer additional protection by reducing the likelihood that a preparer can generate two or more messages that ultimately yield the same hash value during the digital signature generation process – even if it is practical to find collisions for the hash function. However, the use of randomized hashing may reduce the amount of security provided by a digital signature when all portions of the message are prepared by the signer.
In randomized hashing, a quantity, called a “random value,” or rv, that the preparer cannot predict, is used by the signer to modify the message. This modification occurs after the preparer commits to the message (i.e., passes the message to the signer), but before the signer computes the hash value. The technique specified in this Recommendation does not require knowledge of the specific cryptographic hash function; the same randomization process is used regardless of the cryptographic hash functions used in the digital signature applications. Protocol and application designers should select cryptographic hash functions believed to be collision resistant, and then consider the use of the randomized hashing in the design of their protocol or application whenever one party prepares a full or partial message for signature by another party.
The randomization method specified in this Recommendation is an approved method for randomizing messages prior to hashing. The method will enhance the security provided by the approved cryptographic hash functions in certain digital signature applications.