A fundamental result in cryptography is that a digital signature scheme can be constructed from an arbitrary one-way function. A proof of this somewhat surprising statement follows from two results: first, Naor and Yung defined the notion of universal one-way hash functions and showed that the existence of such hash functions implies the existence of secure digital signature schemes. Subsequently, Rompel showed that universal one-way hash functions could be constructed from arbitrary one-way functions. Unfortunately, despite the importance of the result, a complete proof of the latter claim has never been published. In fact, a careful reading of Rompel’s original conference publication reveals a number of errors in many of his arguments which have (seemingly) never been addressed. We provide here what is — as far as we know — the first complete write-up of Rompel’s proof that universal one-way hash functions can be constructed from arbitrary one-way functions. ∗Dept. of Computer Science, University of Maryland. {jkatz,cykoo}@cs.umd.edu †This research was supported in part by NSF CAREER award #0447075.
[1]
Rajeev Motwani,et al.
Randomized Algorithms
,
1995,
SIGA.
[2]
Silvio Micali,et al.
Strong signature schemes
,
1983,
STOC '83.
[3]
Aravind Srinivasan,et al.
Chernoff-Hoeffding bounds for applications with limited independence
,
1995,
SODA '93.
[4]
Moni Naor,et al.
Universal one-way hash functions and their cryptographic applications
,
1989,
STOC '89.
[5]
Silvio Micali,et al.
A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks
,
1988,
SIAM J. Comput..
[6]
Michael R. Beauregard,et al.
The Basic Tools
,
1992
.
[7]
John Rompel,et al.
One-way functions are necessary and sufficient for secure signatures
,
1990,
STOC '90.
[8]
Moti Yung,et al.
On the Design of Provably Secure Cryptographic Hash Functions
,
1991,
EUROCRYPT.
[9]
Silvio Micali,et al.
How to sign given any trapdoor permutation
,
1992,
JACM.