Scribd
Upload
132 views

Digital Signature Algorithm

The document discusses the Digital Signature Algorithm (DSA). It begins by providing background on the Digital Signature Standard (DSS) approved by the US government. It then explains that DSA uses the SHA hash algorithm and is a variant of the ElGamal signature scheme based on discrete logarithms. The document proceeds to describe the key generation, signature generation, and signature verification processes for DSA. It provides an example to illustrate these steps. Finally, it includes proofs for how the signature verification works.

Uploaded by

ashalizajohn
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
132 views

Digital Signature Algorithm

The document discusses the Digital Signature Algorithm (DSA). It begins by providing background on the Digital Signature Standard (DSS) approved by the US government. It then explains that DSA uses the SHA hash algorithm and is a variant of the ElGamal signature scheme based on discrete logarithms. The document proceeds to describe the key generation, signature generation, and signature verification processes for DSA. It provides an example to illustrate these steps. Finally, it includes proofs for how the signature verification works.

Uploaded by

ashalizajohn
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

Digital Signature Algorithm

Presented By
Asha Liza John
MPhil CS3, IIITMK

Digital Signature Standard (DSS)


US Govt. approved signature scheme
Designed by NIST in early 90s
Published as FIPS 186 in 1991
Revised in 1993, 1996, 2000, 2009, 2013
Uses the SHA hash algorithm
DSS is the standard. DSA is the algorithm

DSA algorithm is used for digital signature only

DSS vs. RSA Signature

Digital Signature Algorithm (DSA)


Creates a 320-bit signature

Variant of ElGamal
Security depends on difficulty in computing

discrete logarithms.

DSA Key Generation


Shared global public key values (p,q,g) :
Choose 160-bit prime number q
Choose a large prime p with 2L-1 < p < 2L
Where 512 L 1024 and L 0 (mod 64)
Also, q is a 160 - bit prime factor of (p-1)

Choose g = h(p-1)/q mod p


Where 1 < h < p-1 and h(p-1)/q mod p >1

Users choose private key & compute public key :


Choose random private key x < q
Compute public key y = gx mod p

DSA Signature Generation


To sign a message M the

sender :
Generates a random signature

key k, k < q
Note : k is destroyed after use
and never reused
Then computes signature pair :

r = (gk mod p) mod q


s = [k-1(H(M) + xr)] mod q
Sends signature (r,s) with

message M

DSA Signature Verification


To verify a signature recipient

computes :
w = (s)-1 mod q
u1 = [H(M)w] mod q
u2 = (rw) mod q

v = [ (gu1yu2) mod p] mod q


If v=r then signature is

verified

Example
Key Generation
Let q=3, x=2,k=1, H(M) = 11
q is a prime factor of p-1. So p=nq+1 = 2(3)+1 = 7

= h(p-1)/q mod p

= gx mod p

= 26/3 mod 7

= 42 mod 7

= 22 mod 7 = 4

= 16 mod 7 = 2

Example
Signature Generation
r

= (gk mod p) mod q

= [k-1(H(M)+xr)] mod q

= (41 mod 7) mod 3

= [4*(11+(2*1))] mod 3

= 4 mod 3 = 1

= [4*13] mod 3
= 52 mod 3 = 1

Send r=1, s=1 and message M.

Note : k*k-1 1 mod q

1* k-1 1 mod 3

k-1 = 4 ;

Example
Signature Verification
Receives values M= M, s=s, r=r.

Calculate w, u1, u2 and v as follows and check if v=r :

= (s)-1 mod q

u2 = (r*w) mod q

= (1)-1 mod 3

= (1*1) mod 3

= 4 mod 3 = 1

= 1 mod 3 = 1

u1 = [ H(M)*w] mod q

= [(gu1yu2) mod p] mod q

= [11*1] mod 3

= [(42*21) mod 7] mod 3

= 11mod 3 = 2

= [32 mod 7] mod 3

Here, v=r so signature is verified.

= 4 mod 3 = 1

How v = r ??

How v = r ??
y(rw) mod q mod p = g(xrw) mod q mod p
Proof

How v = r ??
For any integer t, if g = h(p1)/q mod p then gt mod p = gt mod q mod p

Proof
By Fermat's theorem (Chapter 8), because h is relatively prime to
p, we have Hp1 mod p = 1. Hence, for any nonnegative integer n

How v = r ??
For any integer t, if g = h(p1)/q mod p then gt mod p = gt mod q mod p

Proof (Contd)

How v = r ??
For nonnegative integers a and b:
g(a mod q + b mod q) mod p = g(a+b) mod q mod p
Proof

How v = r ??
((H(M) + xr)w) mod q = k
Proof(Contd)

How v = r ??
((H(M) + xr)w) mod q = k
Proof

You might also like