Cryptology ePrint Archive: Report 2007/238

Long-lived digital integrity using short-lived hash functions

Stuart Haber

Abstract: New collision-finding attacks on widely used cryptographic hash functions raise questions about systems that depend on certain properties of these functions for their security. Even after new and presumably better hash functions are deployed, users may have digital signatures and digital time-stamp certificates that were computed with recently deprecated hash functions. Is there any way to use a new and currently unassailable hash function to buttress the security of an old signature or time-stamp certificate?

The main purpose of this note is to remind the technical community of a simple solution to this problem that was published more than a decade ago.

Category / Keywords: implementation / hash functions, digital signatures

Publication Info: Presented at NIST's Second Cryptographic Hash Workshop, August 2006.

Date: received 15 Jun 2007

Contact author: stuart haber at acm org

Available formats: PDF | BibTeX Citation

Note: Also available as HP Labs Technical Report no. HPL-2007-58.

Version: 20070619:195921 (All versions of this report)

Discussion forum: Show discussion | Start new discussion