Skip to main content

Strengthening Digital Signatures via Randomized Hashing

Document Type Expired Internet-Draft (cfrg RG)
Expired & archived
Authors Shai Halevi , Dr. Hugo Krawczyk
Last updated 2007-10-23
RFC stream Internet Research Task Force (IRTF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream IRTF state (None)
Consensus boilerplate Unknown
Document shepherd (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document describes a randomized hashing scheme consisting of a simple message randomization transform that when used as a front-end to regular hash-then-sign signature schemes, such as RSA and DSS, frees these signatures from their current vulnerability to off-line collision attacks against the underlying hash function. The proposed mechanism can work with any hash function as-is and requires no change to the underlying signature algorithm. Incorporating this mechanism into existing applications requires changes that are comparable in their complexity to accommodating a new (deterministic) hash function such as SHA-256. Visit for more information and updates on this work.


Shai Halevi
Dr. Hugo Krawczyk

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)