Scribd
Upload
19 views

Dig Sig

Uploaded by

Niyathi Kelegeri
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
19 views

Dig Sig

Uploaded by

Niyathi Kelegeri
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 21

Digital Signatures

Digital Signatures
 have looked at message authentication
 but does not address issues of lack of trust
 digital signatures provide the ability to:
 verify author, date & time of signature
 authenticate message contents
 be verified by third parties to resolve disputes
 hence include authentication function with
additional capabilities
Digital Signature Model
Digital
Signature
Model
Attacks and Forgeries
 attacks
 key-only attack
 known message attack
 generic chosen message attack
 directed chosen message attack
 adaptive chosen message attack
 break success levels
 total break
 selective forgery
 existential forgery
Digital Signature Requirements
 must depend on the message signed
 must use information unique to sender
 to prevent both forgery and denial
 must be relatively easy to produce
 must be relatively easy to recognize & verify
 be computationally infeasible to forge
 with new message for existing digital signature
 with fraudulent digital signature for given message
 be practical save digital signature in storage
Direct Digital Signatures
 involve only sender & receiver
 assumed receiver has sender’s public-key
 digital signature made by sender signing
entire message or hash with private-key
 can encrypt using receivers public-key
 important that sign first then encrypt
message & signature
 security depends on sender’s private-key
ElGamal Digital Signatures
 signature variant of ElGamal, related to D-H
 so uses exponentiation in a finite (Galois)
 with security based difficulty of computing
discrete logarithms, as in D-H
 use private key for encryption (signing)
 uses public key for decryption (verification)
 each user (eg. A) generates their key
 chooses a secret key (number): 1 < xA < q-1
xA
 compute their public key: yA = a mod q
ElGamal Digital Signature
 Alice signs a message M to Bob by computing
 the hash m = H(M), 0 <= m <= (q-1)
 chose random integer K with 1 <= K <= (q-1) and
gcd(K,q-1)=1
k

compute temporary key: S1 = a mod q
 compute K-1 the inverse of K mod (q-1)

compute the value: S2 = K-1(m-xAS1) mod (q-1)

signature is:(S1,S2)
 any user B can verify the signature by computing
m

V1 = a mod q

V2 = yAS1 S1S2 mod q

signature is valid if V1 = V2
ElGamal Signature Example
 use field GF(19) q=19 and a=10
 Alice computes her key:
16

A chooses xA=16 & computes yA=10 mod 19 = 4
 Alice signs message with hash m=14 as (3,4):
 choosing random K=5 which has gcd(18,5)=1
5

computing S1 = 10 mod 19 = 3
 finding K-1 mod (q-1) = 5-1 mod 18 = 11

computing S2 = 11(14-16.3) mod 18 = 4
 any user B can verify the signature by computing
14

V1 = 10 mod 19 = 16

V2 = 43.34 = 5184 = 16 mod 19

since 16 = 16 signature is valid
Schnorr Digital Signatures
 also uses exponentiation in a finite (Galois)
 security based on discrete logarithms, as in D-H
 minimizes message dependent computation
 multiplying a 2n-bit integer with an n-bit integer
 main work can be done in idle time
 have using a prime modulus p
 p–1 has a prime factor q of appropriate size
 typically p 1024-bit and q 160-bit numbers
Schnorr Key Setup
 choose suitable primes p, q
q
 choose a such that a = 1 mod p
 (a,p,q) are global parameters for all
 each user (eg. A) generates a key
 chooses a secret key (number): 0 < sA < q
-sA
 compute their public key: vA = a mod q
Schnorr Signature
 user signs message by
 choosing random r with 0<r<q and computing
x = ar mod p
 concatenate message with x and hash result to

computing: e = H(M || x)
 computing: y = (r + se) mod q

 signature is pair (e, y)

 any other user can verify the signature as follows:


 computing: x' = ayve mod p

 verifying that: e = H(M || x’)


Digital Signature Standard (DSS)
 US Govt approved signature scheme
 designed by NIST & NSA in early 90's
 published as FIPS-186 in 1991
 revised in 1993, 1996 & then 2000
 uses the SHA hash algorithm
 DSS is the standard, DSA is the algorithm
 FIPS 186-2 (2000) includes alternative RSA &
elliptic curve signature variants
 DSA is digital signature only unlike RSA
 is a public-key technique
DSS vs RSA Signatures
Digital Signature Algorithm
(DSA)
 creates a 320 bit signature
 with 512-1024 bit security
 smaller and faster than RSA
 a digital signature scheme only
 security depends on difficulty of computing
discrete logarithms
 variant of ElGamal & Schnorr schemes
DSA Key Generation
 have shared global public key values (p,q,g):
 choose 160-bit prime number q
 choose a large prime p with 2L-1 < p < 2L
• where L= 512 to 1024 bits and is a multiple of 64
• such that q is a 160 bit prime divisor of (p-1)
 choose g = h(p-1)/q
• where 1<h<p-1 and h(p-1)/q mod p > 1
 users choose private & compute public key:
 choose random private key: x<q
 compute public key: y = gx mod p
DSA Signature Creation
 to sign a message M the sender:
 generates a random signature key k, k<q
 nb. k must be random, be destroyed after
use, and never be reused
 then computes signature pair:
r = (gk mod p)mod q
s = [k-1(H(M)+ xr)] mod q
 sends signature (r,s) with message M
DSA Signature Verification
 having received M & signature (r,s)
 to verify a signature, recipient computes:
w = s-1 mod q
u1= [H(M)w ]mod q
u2= (rw)mod q
v = [(gu1 yu2)mod p ]mod q
 if v=r then signature is verified
 see Appendix A for details of proof why
DSS Overview
Summary
 have discussed:
 digital signatures
 ElGamal & Schnorr signature schemes
 digital signature algorithm and standard

You might also like