On the Impact of the SHA-1 Collider on Mexican Digital Signatures with Legal Binding

Authors

  • Luis Julian Domínguez Pérez CIMAT Zacatecas
  • Laiphel M. Gómez Trujillo Centro de Investigación y de Estudios Avanzados CINVESTAV-IPN
  • Nareli Cruz Cortés Centro de Investigación en Computación-IPN
  • Francisco Rodríguez Henríquez Centro de Investigación y de Estudios Avanzados CINVESTAV-IPN

DOI:

https://doi.org/10.13053/cys-23-4-3103

Keywords:

SHA, digital signatures, RSA

Abstract

Security warranties of the RSA-type digital signatures are based on two main hypothesis: First, in the assumption that factoring gigantic integer numbers is a computationally unfeasible problem. Second, in the assumption that hash functions produce a unique digest for any digital document. With these two hypothesis in mind, in the last decades in Mexico, and also in other countries, legislation has been enacted to legalize digital signatures. In Mexico, the combination of the RSA algorithm and the SHA-1 hash function can be used to legally validate digital contracts. This selection of algorithms is known as the RSA-SHA-1 digital signature. However, recently the SHA-1 hash function has suffered a {\it falsification} attack in which, given an arbitrary document for which the SHA-1 digest was produced, it is possible to generate a second document with the same digest. In other words, this attack permits to find arbitrary pairs of documents that share the same digest. This situation has provoked that the RSA-SHA-1 algorithm used to sign legal contracts is on risk to be broken. In this article, some of the repercussions in the information security of the legal documents signed with this protocol are discussed. We also discuss some countermeasures that can mitigate this vulnerability.

Author Biographies

Luis Julian Domínguez Pérez, CIMAT Zacatecas

CONACyT Research Fellow.

Laiphel M. Gómez Trujillo, Centro de Investigación y de Estudios Avanzados CINVESTAV-IPN

M.Sc. Student

Nareli Cruz Cortés, Centro de Investigación en Computación-IPN

Professor

Francisco Rodríguez Henríquez, Centro de Investigación y de Estudios Avanzados CINVESTAV-IPN

Professor

Downloads

Published

2019-12-20

Issue

Vol. 23 No. 4 (2019): 23-4(2019)

Section

Articles

License 

Hereby I transfer exclusively to the Journal "Computación y 
Sistemas", published by the Computing Research Center (CIC-IPN),
the Copyright of the aforementioned paper. I also accept that these 
rights will not be transferred to any other publication, in any other 
format, language or other existing means of developing.
I certify that the paper has not been previously disclosed or simultaneo
usly submitted to any other publication, and that it does not contain 
material whose publication would violate the Copyright or other 
proprietary rights of any person, company or institution. I certify that 
I have the permission from the institution or company where I work or 
study to publish this work.
The representative author accepts the responsibility for the publication
of this paper on behalf of each and every one of the authors. 
This transfer is subject to the following conditions:
  • The authors retain all ownership rights (such as patent rights) of this work, except for the publishing rights transferred to the CIC, through this document.
  • Authors retain the right to publish the work in whole or in part in any book they are the authors or publishers. They can also make use of this work in conferences, courses, personal web pages, and so on.
  • Authors may include working as part of his thesis, for non-profit distribution only.