Here are some desirable properties for cryptographic hash functions:

These properties below are generally considered prerequisites:

* Preimage resistant: given h it should be hard to find any m such that h = hash(m).
* Second preimage resistant: given an input m1, it should be hard to find another input, m2 (not equal to m1) such that hash(m1) = hash(m2).
* Collision-resistant: it should be hard to find two different messages m1 and m2 such that hash(m1) = hash(m2).

For each of the following applications of hash functions, explain which of these three properties are needed and which are not.


(a) Cryptographic signatures are produced by computing a hash of a message, then applying a signature function to the hash of the message. Suppose Eve has a list of messages m1,...mn, and their signatures computed using Bob's signing key, but does not have Bob's signing key. Assuming that the signature function is not susceptible to attack, it should not be possible for Eve to present Bob's signature on any message other than m1,...mn.

(b) Suppose that Eve works for a Certificate Authority. She does not have access to the special harware that computes digital signatures, but she knows the hash function. In addition, Eve can get messages signed, but every message that is signed automatically goes into a log file that Eve cannot change. Eve should not be able to produce a certificate signed by the Certificate Authority that does not appear in the log file.

Anybody can explain these to me?

thanks
Akhil

Hello,

This is an easy problem elementary to any cryptography courses. Didn't your teacher cover it? However, please be reminded of the following forum rule here:

Go and revise your textbook.