Collision resistance may be unnecessary: Signing messages with randomized hashing

The hash-then-sign signature scheme´s security relies on the collision resistance of the underlying hash function. To free this reliance, people introduced random value into the construction of the hash function, called randomized hashing. When the message provider and the signer are not the same person, the known randomized hashing-then-sign signature can protect the signer from the malicious message provider, even the hash function used is not collision resistant. Unfortunately, this scheme is vulnerable to the attacks by the signer himself. In this paper, we try to solve this problem. To give a fair treat to both the signer and the message provider, we suggest to enhance the known diagram of producing signature with randomized hashing. When using the enhanced randomized hashing-then-sign signature scheme, all the forgers (include the signer himself) need to find the second preimage of the target message. In addition, we analysis the security of one randomized hashing construction and compare it with RMX construction. The result is that the security of this randomized hashing construction is as well as that of RMX construction and even better in some special cases.