Towards a Better Approximation of Full Domain Hash - or - The Reef and Shoal Integrity Arrangement

Abstract

For RSA and Rabin-Williams public key digital signatures, proper message hashing and padding procedures are critical to the overall digital signature security. The theoretical work in this field coined the term `full domain hash' for a conceptually simple approach, a message hashing step with an output value as large as the signature public modulus. The practitioners learned from the theory but did not adopt the full domain hash as originally expressed. The Reef and Shoal proposal revisits the original concept and proposes the concatenation of a conventional cryptographic hash and an independent large non-cryptographic hash as an approximation of the full domain hash. The Badderlocks version 0.1 concrete proposal uses the CRC computation with large primitive polynomials preceded by an S-box message expansion phase.