Full Domain Hash

Information about Full Domain Hash

In cryptography, the Full Domain Hash (FDH) is an RSA-based signature scheme that follows the hash-and-sign paradigm. It is provably secure (i.e, is existentially unforgeable under adaptive chosen-message attacks) in the random oracle model. FDH involves hashing a message using a function whose image size equals the size of the RSA modulus, and then raising the result to the secret RSA exponent.

Exact security of full domain hash

In the random oracle model, if RSA is $\text{[math]}$ -secure, then the full domain hash RSA signature scheme is $\text{[math]}$ -secure where, $\text{[math]}$ and $\text{[math]}$ .

For large $\text{[math]}$ this boils down to $\text{[math]}$ .

This means that if there exists an algorithm that can forge a new FDH signature that runs in time t, computes at most $\text{[math]}$ hashes, asks for at most $\text{[math]}$ signatures and succeds with probability $\text{[math]}$ , then there must also exist an algorithm that breaks RSA with probability $\text{[math]}$ in time $\text{[math]}$ .

References

Jean-SÃ©bastien Coron: On the Exact Security of Full Domain Hash. CRYPTO 2000: pp229–235 (PDF)
Mihir Bellare, Phillip Rogaway: The Exact Security of Digital Signatures - How to Sign with RSA and Rabin. EUROCRYPT 1996: pp399–416 (PDF)

Cryptography (or cryptology; derived from Greek κρυπτός kryptÃ³s "hidden," and the verb γράφω grÃ¡fo "write" or λεγειν legein
..... Click the link for more information.

RSA is an algorithm for public-key cryptography. It was the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in public key cryptography.
..... Click the link for more information.

digital signature or digital signature scheme is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form.
..... Click the link for more information.

In cryptography, a system has provable security if its security requirements can be stated formally in an adversarial model, as opposed to heuristically, with clear assumptions that the adversary has access to the system as well as enough computational resources.
..... Click the link for more information.

In a digital signature or Message Authentication Code (MAC) system, an existential forgery is the creation (by an adversary) of any message and a valid signature (or MAC) for , where has not been signed or MACed in the past by the legitimate signer/MAC generator.
..... Click the link for more information.

SIAM J. Computing

..... Click the link for more information.

In cryptography, a random oracle is an oracle (a theoretical black box) that responds to every query with a (truly) random response chosen uniformly from its output domain, except that for any specific query, it responds the same way every time it receives that query.
..... Click the link for more information.

crypto-, from the Greek kryptos, is an English prefix that means "hidden" or "secret".

The term crypto is also employed as shorthand for the following:

Cryptography, the practice of the use of encryption.

..... Click the link for more information.

Mihir Bellare is a cryptographer at the University of California, San Diego. He has published several seminal papers in the field of cryptography, many coauthored with Phillip Rogaway. His students include Michel Abdalla, Chanathip Namprempre and Tadayoshi Kohno.
..... Click the link for more information.

Phillip Rogaway is a professor of computer science at the University of California, Davis. He graduated with an AB in computer science from UC Berkeley and completed his PhD in cryptography at MIT, in the Theory of Computation group. He has taught at UC Davis since 1994.

Dr.
..... Click the link for more information.

EuroCrypt is a conditional access system for Multiplexed Analogue Components-encoded analogue satellite television. It had several versions (M, S and S2). It supported receivers with card slots and those with embedded keys.
..... Click the link for more information.

This article is copied from an article on Wikipedia.org - the free encyclopedia created and edited by online user community. The text was not checked or edited by anyone on our staff. Although the vast majority of the wikipedia encyclopedia articles provide accurate and timely information please do not assume the accuracy of any particular article. This article is distributed under the terms of GNU Free Documentation License.

Herod_Archelaus