| Resumen |
Hash functions are essential in the design of digital signatures due to their computational efficiency and resistance to post-quantum attacks. However, their fixed-length output can introduce vulnerabilities in certain hash-based signature schemes. In this study, we analyze the security impact of replacing SHA-512 with SHA-160 in a previously proposed digital signature algorithm. Our experiment involves verifying two PDF files, whose byte representations exploit the SHA-160 collision from the SHAttered attack. When SHA-160 is used, the signature's verification parameter remains identical for both messages due to hash collisions, causing verification failure. In contrast, SHA-512 correctly distinguishes between them, ensuring proper validation. This vulnerability is not consistently detectable through stan-dard security assessments like entropy analysis, which evaluate multiple signed messages rather than identifying specific cases where the weakness occurs. In addition, the algorithm's chaotic properties remain unchanged regardless of the SHA function used. These findings highlight the influence of SHA selection in digital signatures, indicating how a single choice of hash function can influence the security of the scheme. © 2025 IEEE. |
