Home
Login
Register
Search
Home
Digital Signature
Digital Signature
March 22, 2018 | Author: Balaram Korra | Category:
Public Key Cryptography
,
Key (Cryptography)
,
Security Engineering
,
Cybercrime
,
Information Governance
DOWNLOAD
Share
Report this link
Comments
Description
Chapter 13Digital Signature Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 13.1 Chapter 13 Objectives To define a digital signature To define security services provided by a digital signature To define attacks on digital signatures To discuss some digital signature schemes, including RSA, ElGamal, Schnorr, DSS, and elliptic curve To describe some applications of digital signatures 13.2 13-1 COMPARISON Let us begin by looking at the differences between conventional signatures and digital signatures. Topics discussed in this section: 13.1.1 13.1.2 13.1.3 13.1.4 13.3 Inclusion 390 Verification Method 390 Relationship 390 Duplicity 390 13.1.1 Inclusion A conventional signature is included in the document; it is part of the document. But when we sign a document digitally, we send the signature as a separate document. 13.4 when the recipient receives a document. the recipient receives the message and the signature. she compares the signature on the document with the signature on file. The recipient needs to apply a verification technique to the combination of the message and the signature to verify the authenticity.1.2 Verification Method For a conventional signature.5 .13. For a digital signature. 13. 1.13.6 .3 Relationship For a conventional signature. 13. there is a one-to-one relationship between a signature and a message. there is normally a one-tomany relationship between a signature and documents. For a digital signature. 7 . In digital signature. a copy of the signed document can be distinguished from the original one on file.4 Duplicity In conventional signature.13. 13.1. there is no such distinction unless there is a factor of time on the document. 1 shows the digital signature process. it is rejected. The message and the signature are sent to the receiver. otherwise.2.8 .13-2 PROCESS Figure 13. the message is accepted.1 Need for Keys 13.2 Signing the Digest 13.2. If the result is true. The sender uses a signing algorithm to sign the message. Topics discussed in this section: 13. The receiver receives the message and the signature and applies the verifying algorithm to the combination. 1 Digital signature process 13.13-2 Continued Figure 13.9 . 10 . 13.2. The signer signs with her private key.13.2 Adding key to the digital signature process Note A digital signature needs a public-key system.1 Need for Keys Figure 13. the verifier verifies with the signer’s public key. 1 Continued Note A cryptosystem uses the private and public keys of the receiver: a digital signature uses the private and public keys of the sender.13.11 . 13.2. 2 Signing the Digest Figure 13.12 .13.3 Signing the digest 13.2. 3.4 13. message authentication.13-3 SERVICES We discussed several security services in Chapter 1 including message confidentiality.3. message integrity.3 13.13 Message Authentication Message Integrity Nonrepudiation Confidentiality . A digital signature can directly provide the last three.3.3. and nonrepudiation. Topics discussed in this section: 13.1 13. for message confidentiality we still need encryption/decryption.2 13. 14 . 13. Note A digital signature provides message authentication.13.3.1 Message Authentication A secure digital signature scheme. like a secure conventional signature can provide message authentication. 2 Message Integrity The integrity of the message is preserved even if we sign the whole message because we cannot get the same signature if the message is changed. 13.3. Note A digital signature provides message integrity.13.15 . 16 . 13.3 Nonrepudiation Figure 13.13.3.4 Using a trusted center for nonrepudiation Note Nonrepudiation can be provided using a trusted party. 3.4 Confidentiality Figure 13. If there is a need for privacy. another layer of encryption/decryption must be applied. 13.17 .13.5 Adding confidentiality to a digital signature scheme Note A digital signature does not provide privacy. 18 .4.4.13-4 ATTACKS ON DIGITAL SIGNATURE This section describes some attacks on digital signatures and defines the types of forgery.2 Forgery Types 13.1 Attack Types 13. Topics discussed in this section: 13. 4.19 .13.1 Attack Types Key-Only Attack Known-Message Attack Chosen-Message Attack 13. 4.20 .2 Forgery Types Existential Forgery Selective Forgery 13.13. 3 13.2 13.1 13.5 13. Topics discussed in this section: 13.5.4 13.13-5 DIGITAL SIGNATURE SCHEMES Several digital signature schemes have evolved during the last few decades.5. Some of them have been implemented.5.21 RSA Digital Signature Scheme ElGamal Digital Signature Scheme Schnorr Digital Signature Scheme Digital Signature Standard (DSS) Elliptic Curve Digital Signature Scheme .5.5. 1 RSA Digital Signature Scheme Figure 13.6 General idea behind the RSA digital signature scheme 13.5.22 .13. e and n are public. d is private. 13.1 Continued Key Generation Key generation in the RSA digital signature scheme is exactly the same as key generation in the RSA Note In the RSA digital signature scheme.13.5.23 . 1 Continued Signing and Verifying Figure 13.13.7 RSA digital signature scheme 13.5.24 . The value of f(n) is 782544. He calculates Bob accepts the message because he has verified Alice’s signature. Now imagine that Alice wants to send a message with the value of M = 19070 to Bob. At this point key generation is complete.5.1 As a trivial example. 13. to sign the message: Alice sends the message and the signature to Bob. Bob receives the message and the signature. 160009. and calculates n = 784319.25 . She uses her private exponent.13. Now she chooses e = 313 and calculates d = 160009. suppose that Alice chooses p = 823 and q = 953.1 Continued Example 13. 5.26 .1 Continued RSA Signature on the Message Digest Figure 13.13.8 The RSA signature on the message digest 13. 5. the susceptibility of the RSA digital signature scheme depends on the strength of the hash algorithm.13.27 .1 Continued Note When the digest is signed instead of the message itself. 13. 13.5.2 ElGamal Digital Signature Scheme Figure 13.28 .9 General idea behind the ElGamal digital signature scheme 13. d is her private key.29 .13. p) is Alice’s public key.5.2 Continued Key Generation The key generation procedure here is exactly the same as the one used in the cryptosystem. (e1. 13. Note In ElGamal digital signature scheme. e2. 13.30 .10 ElGamal digital signature scheme 13.2 Continued Verifying and Signing Figure 13.5. Alice chooses p = 3119. She also chooses r to be 307.5. and S2 to Bob. S1. 13. Alice sends M.31 . she keeps d secret. and p publicly. Bob uses the public key to calculate V1 and V2.1 Continued Example 13.2 Here is a trivial example. The following shows how Alice can sign a message. She announces e1. e1 = 2. e2.13. d = 127 and calculates e2 = 2127 mod 3119 = 1702. 13. and S2 to Ted.32 . She chooses a new r. Alice sends M.5. 107.1 Continued Example 13. S1.3 Now imagine that Alice wants to send another message.13. M = 3000. Ted uses the public keys to calculate V1 and V2. to Ted. 5.3 Schnorr Digital Signature Scheme Figure 13.33 .11 General idea behind the Schnorr digital signature scheme 13.13. as her private key. d.3 Continued Key Generation 1) 2) 3) 4) Alice selects a prime p. her private key (d). e2. 6) Alice’s public key is (e1.34 . which is usually 1024 bits in length. Alice chooses e1 to be the qth root of 1 modulo p. q). her private key is (d). e2. Alice selects another prime q. Note In the Schnorr digital signature scheme. 13.13.5. Alice chooses an integer. q). 5) Alice calculates e2 = e1d mod p. p. Alice’s public key is (e1. p. 3 Continued Signing and Verifying Figure 13.35 .13.12 Schnorr digital signature scheme 13.5. Alice sends M. 2. Alice chooses a random number r. the message is accepted. Verifying Message 1.5. and S2. 3. If S1 is congruent to V modulo p. Bob calculates V = h (M | e1S2 e2−S1 mod p).3 Continued Signing 1.36 . Alice calculates S1 = h(M|e1r mod p).13. 4. 13. Alice calculates S2 = r + d × S1 mod q. 2. S1. Alice wants to send a message M. e2.4 Here is a trivial example. The verification is left as an exercise. q).37 . S1 = 200. This means S1 = 200. p. She chooses r = 11 and calculates e2 r = 35411 = 630 mod 2267.1 Continued Example 13. Note that p = 22 × q + 1. Suppose we choose q = 103 and p = 2267. which is a primitive in Z2267*. 13. We choose e0 = 2. so we have e1 = 222 mod 2267 = 354. We choose d = 30. and S2 = 35. her public key is (e1.5. Then (p −1) / q = 22. Alice’s private key is now (d). Assume that the message is 1000 and concatenation means 1000630.13. Alice sends the message M =1000. Alice calculates S2 = r + d × S1 mod q = 11 + 1026 × 200 mod 103 = 35. so e2 = 35430 mod 2267 = 1206. Also assume that the hash of this value gives the digest h(1000630) = 200. 38 .13 General idea behind DSS scheme 13.13.5.4 Digital Signature Standard (DSS) Figure 13. 1) Alice chooses primes p and q.5. 4) Alice chooses d and calculates e2 = e1d. 2) Alice uses <Zp*. p. e2.4 Continued Key Generation. ×>.13. × > and <Zq*. 3) Alice creates e1 to be the qth root of 1 modulo p. 5) Alice’s public key is (e1. her private key is (d). 13. q).39 . 14 DSS scheme 13.5.4 Continued Verifying and Signing Figure 13.40 .13. Now Alice can send a message to Bob. Assume that h(M) = 5000 and Alice chooses r = 61: Alice sends M. and S2 to Bob. Bob uses the public keys to calculate V. Alice selects e0 = 3 and calculates e1 = e0 (p−1)/q mod p = 6968. Alice chooses d = 61 as the private key and calculates e2 = e1d mod p = 2038.13.41 .5. S1. 13.5 Alice chooses q = 101 and p = 8081.1 Continued Example 13. DSS Versus ElGamal DSS signatures are smaller than ElGamal signatures because q is smaller than p.42 .13.5. 13.4 Continued DSS Versus RSA Computation of DSS signatures is faster than computation of RSA signatures when using the same p. 5 Elliptic Curve Digital Signature Scheme Figure 13.5.15 General idea behind the ECDSS scheme 13.13.43 . q. b). …). a point on the curve.5. her private key is d. …) = d × e1(…. …). p. e1. e2). 2) Alice chooses another prime q the private key d.5 Continued Key Generation Key generation follows these steps: 1) Alice chooses an elliptic curve Ep(a. 13.44 . 3) Alice chooses e1(…. 5) Alice’s public key is (a. 4) Alice calculates e2(….13. b. 5 Continued Signing and Verifying Figure 13.5.16 The ECDSS scheme 13.45 .13. 13-6 VARIATIONS AND APPLICATIONS This section briefly discusses applications for digital signatures.6.46 .6.2 Applications 13.1 Variations 13. variations and Topics discussed in this section: 13. This is called time-stamped digital signature scheme.6.47 . 13.13.1 Variations Time Stamped Signatures Sometimes a signed document needs to be time stamped to prevent it from being replayed by an adversary. Blind Signatures Sometimes we have a document that we want to get signed without revealing the contents of the document to the signer.
Report "Digital Signature"
×
Please fill this form, we will try to respond as soon as possible.
Your name
Email
Reason
-Select Reason-
Pornographic
Defamatory
Illegal/Unlawful
Spam
Other Terms Of Service Violation
File a copyright complaint
Description
Copyright © 2024 DOKUMEN.SITE Inc.