Skip to main content

Strengthening Digital Signatures via Randomized Hashing

Document Type Expired Internet-Draft (cfrg RG)
Authors Shai Halevi , Dr. Hugo Krawczyk
Last updated 2007-10-23
Stream Internet Research Task Force (IRTF)
Intended RFC status (None)
Expired & archived
Stream IRTF state (None)
Consensus boilerplate Unknown
Document shepherd (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document describes a randomized hashing scheme consisting of a simple message randomization transform that when used as a front-end to regular hash-then-sign signature schemes, such as RSA and DSS, frees these signatures from their current vulnerability to off-line collision attacks against the underlying hash function. The proposed mechanism can work with any hash function as-is and requires no change to the underlying signature algorithm. Incorporating this mechanism into existing applications requires changes that are comparable in their complexity to accommodating a new (deterministic) hash function such as SHA-256. Visit for more information and updates on this work.


Shai Halevi
Dr. Hugo Krawczyk

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)