Towards a Better Approximation of Full Domain Hash - or - The Reef and Shoal Integrity Arrangement

TL;DR

This paper revisits the full domain hash concept for RSA signatures, proposing a practical approximation using concatenated cryptographic and non-cryptographic hashes, exemplified by a CRC-based method with message expansion.

Contribution

It introduces a novel approximation of the full domain hash by combining cryptographic and non-cryptographic hashes, addressing practical implementation issues.

Findings

Proposes a concatenation of cryptographic and non-cryptographic hashes as an approximation.

Introduces a CRC-based method with message expansion for practical implementation.

Reevaluates the original full domain hash concept for improved security and efficiency.

Abstract

For RSA and Rabin-Williams public key digital signatures, proper message hashing and padding procedures are critical to the overall digital signature security. The theoretical work in this field coined the term `full domain hash' for a conceptually simple approach, a message hashing step with an output value as large as the signature public modulus. The practitioners learned from the theory but did not adopt the full domain hash as originally expressed. The Reef and Shoal proposal revisits the original concept and proposes the concatenation of a conventional cryptographic hash and an independent large non-cryptographic hash as an approximation of the full domain hash. The Badderlocks version 0.1 concrete proposal uses the CRC computation with large primitive polynomials preceded by an S-box message expansion phase.