ElGamal

A signature elements of the digital signature is computed by first covering the long-term private
key d utilizing a single additive process to join the key d with a first value in order to generate a
digital signature of a message m. Then, the concealed value is multiplied by a second value to
gain components (ElGamal,1985).
The first value is enumerated using the message m and another component of the digital
signature, and the second value is obtained deploying the inverse of a component of the first
value. In such a way, the signature component s is therefore produced using a process that
counters the efficiency of side channel attacks, for instance, differential side channel analysis, by
keeping away from a direct multiplication employing long-term private key d.
The above algorithm is in connection to D-H algorithm, where both the use of exponentiation in
a finite field, and its security which is based on the rigidity of calculating discrete logarithms are
the backbone of it. ElGamal algorithm’s benefit is that each time exactly similar plaintext is
encrypted. His algorithm provides different cipher text with one drawback where the cipher text
length is double the length of the plain text. It also decrypts (verifies) the signature by employing
private key to encrypt (sign) and public key (Menezes, van Oorschot and Vanstone, 1996). Thus,
we can sum up ElGamal signature scheme as follows:
By looking at a cryptographic system having cryptographic parameters that involve a proper first
number p and a generator α. A signee A has long-term private key d and public key, which is
calculated by

y=αd mod p
Then, to generate an ElGamal signature for a message m, the following steps are used.
1- Select random integer k, with the value in the range 1 to p-2, where gcd (k, p−1) =1.

2- Calculate r=αk mod p

3- Calculate s =k -1 (H(m) – d.r) mod (p-1)
Whereas H(m) is the message hash function.
Thus, the generated signature is the pair (r, s). Whereas s must not be zero. Now both r and s are
the signature.
In order to verify the signature, the following calculations are performed:
Compute, 𝑣1 ≡ 𝑟𝑠. 𝑦𝑟 𝑚𝑜𝑑 𝑝.
and 𝑣2 ≡ 𝑔𝐻(𝑚) 𝑚𝑜𝑑 𝑝.
Then if 𝑣1 = 𝑣2 , the signature is accepted as authentic.
In Cryptographic systems the setting information, electromagnetic emissions, power usage, or
channel information are used to attempt and decide a secret value employed by the cryptographic
unit during computing processes. Thus, the systems might be an issue to side channel attacks. As
a result, multiplication in a computational unit of a cryptographic system is absolutely executed
using a sequence of additions (ElGamal,1984). Therefore, through employing the side channel
attacks, interlopers usually having enough awareness that in producing ElGamal signatures and
their variants the long-term private key d is only used in one step of the generation of the
signature which is in the calculation of the signature component s by way of the signing
equation.
Consequently, an interloper may seek using differential side channel analysis for gaining
information about long-term private key d. In other words, an interloper would try to get
information from the side channel over the course of signing multiple messages comparing the
differences between this information for acquiring information about private key d. It may also
be feasible to remove enough information about long-term private key d for compromising its
secrecy through examining those differences between the information upon multiple uses of
private key d (i.e. upon multiple signing operations). Menezes, van Oorschot and Vanstone,
(1996) stated that differential side channel analysis may compromise private key d with a greater
probability if more processes in which long-term private key d is directly utilized in each signing
operation.

Rivest-Shamir-Adleman (RSA)
RSA is a public-key cryptosystem developed by Ron Rivest, Adi Shamir, and Leonard Adleman.
RSA involves the use of static keys, whereas the D-H key exchange algorithm required the
dynamic exchange of keys. The RSA system reduces communications overhead with the ability
to have static, unchanging keys for each receiver that are ‘advertised’ by a formal ‘trusted
authority’ (the hierarchical model) or distributed in an informal ‘web of trust’. The
computational problem that RSA addresses the integer factorization problem. For example, a
simple factorization problem is: What are the factors of the number 147? After trying a variety of
numbers, such as 2, 4 and 5, it is evident that they will not divide equally into 147. It soon
becomes apparent that after experimenting with more numbers, 147 only has 3 and 7 as factors.
This example is very easy, and it is worth remembering that Rivest, Shamir, and Adleman
experimented with much larger numbers, numbers with over 100 digits. Subsequently, Rivest
discovered a method that provides secure communications and did not suffer the key distribution
problem. It can be used to encrypt messages and provide digital signatures. It is the most
commonly used asymmetric algorithm, with high level of security (Alan Dhillon: 2002).

To sign a message m by RSA algorithm, the private key [d, N] is used in the equation.
𝑆≡𝑚𝑑 𝑚𝑜𝑑 𝑁
To verify the signature, the public key [e, N] is used in the equation.
 𝑚≡𝑆𝑒 𝑚𝑜𝑑 𝑁
Where N is the product of two large primes p and q.
If the message m = the received (m) then the sender is authentic and the message has integrity.
However, generally if RSA is used for signing a message, it is more efficient to sign a hash value
for the message rather than the message itself.
Digital Signature Algorithm (DSA)
As mentioned above, the Digital Signature Algorithm (DSA) is one of the variations of ElGamal
digital signature scheme. In this algorithm, a signatory, which has public and private keys, is
used to generate a digital signature of digital message; and a verifier to validate the authenticity
of the signature as well. The private key of the signatory is utilized in the signature generation
process whereas the public key is used in the signature verification process. For both signature
generation and verification, the data (which is known as a message) is decreased by means of the
Secure Hash Algorithm, like SHA which is identified in FIPS 180-1. Thus, the correct signature
of the signatory cannot be generated if an adversary does not know the private key of the
signatory. For more clarification, these signatures cannot be faked, however anyone can justify a
correctly signed message by using the signatory’s public key.

The verifier shall also gain the domain parameters in case the DSA is utilized for generating the
digital signature. These public key and domain parameters may be concerted between the two
communicating parties or gained from a trusted party (e.g., Certificate Authority, CA) (Atreya,
Hammond, Paine, Starrett, & Wu: 2002).
To sign a message m digitally, the below equations are run to generate the signature, r and s:

r = (gk mod p) mod q

s = (k -1 (H(m)+ xr) mod q

Whereas p, q, g, y are public parameters, which is long-term private key; k is a random integer
for each message.
For verification purpose, the following is performed:

w=s’-1 mod q
v= (gH(m’.w)mod q . y(r’.w mod q)mod p) mod q
If v = r then the signature is verified.
Where r', s',m' are the received signature and message.
Modified DSA Algorithm (M.DSA)
There are various customized versions of standard DSA algorithm that are supported by the NIST,
have been built up which ensured efficiency of the execution time measurement of either on the
signing side or the verification side. The M.DSA, which was developed lately has shown good
improvement in the verification time, and it will be included and compared with the proposed GOST
algorithm in later chapter for examination of execution time for signing and signature verification.
In M.DSA versions, the equations contents of both signature and verification were altered.
The computation of signature s is adjusted at the sender side, while one equation of the DSA
verification calculation is deleted and the verification equation is also adjusted to accomplish the
signature validation at the received side. These adjustments have decreased the verification time but
reserved the same difficulty level for the signature and verification of NIST-DSA (M. Rifaat: 2017
and Ali, 2004). The M.DSA signing process consists of performing the following calculations

r = (gk mod p) mod q

s = (k.x.H(m)+ r)-1 mod q
But only s is modified. It is noted that the value of r is the same as in NIST-DSA. For the
verification process, the following equations are used instead of those for NIST-DSA.
𝑢1 = ((𝑚) + 𝑟) m𝑜𝑑 𝑞
𝑢2 = (𝑠. 𝑢1) mo𝑑 𝑞
𝑣 = (𝑦𝑢2 𝑚𝑜𝑑 𝑝) mo𝑑 𝑞
Then if the value of v is equal to the received r, the signature is verified, but if they do not have
the same value then the signature will be rejected.

GOST Digital Signature

Another version of DSA algorithm is developed and used as standard by the Russian for message
signing and verification. It also utilizes primes numbers p, q, y, s, etc as DSA with the following
details (Schneier, B. 2000):
1. Prime number, p having length either between 509 to 512 or 1020 to1024 bits.
2. Prime factor q, such that its value less than p-1, namely in the range from 254 bits to 256-
bits long.
3. α (which corresponds to g in NIST-DSA). It is an integer with value less than p-1, such
that 𝑎𝑞𝑚𝑜𝑑𝑝=1.
4. An integer x, such that x < q. It is considered the private key for the signer.
5. The public key for the signer, y is calculated by the following equation.
𝑦=𝑎𝑥 𝑚𝑜𝑑 𝑝
The parameters p, q, g, and the public key y are all public, together with the hash function H.
Signing process
The signing process for GOST consists of calculating the signature parameters, r and s as
follows.

r = (ak mod p) mod q k

s = (x.r + k(H(m)) mod q
Verification process
The signature verification for GOST algorithm can be achieved by the following calculations
𝑣=(𝑚)𝑞−2𝑚𝑜𝑑𝑞
𝑧1=(𝑠.𝑣)𝑚𝑜𝑑𝑞.
𝑧2=((𝑞−𝑟)∗𝑣)𝑚𝑜𝑑𝑞
Now, z1 and z2 are substituted in the following equation to produce u.
𝑢=((𝑎𝑧1∗ 𝑦𝑧2)𝑚𝑜𝑑𝑝)𝑚𝑜𝑑𝑞
If u=r, then the signature is authentic and the message is accepted, otherwise it is rejected

Yen-Laih Digital Signature

A DSA variant which attempt to create a faster signature by computing the inverse of the fixed
private key x in advance and using it for each signature (Yen and Laih, 1995). The processes of
the Signature and verification are illustrated as follows:

Yen-Laih Signature Generating Process

The message m is first hashed using the hash function H and signed by calculating r and s as in
the following equations.
𝑟=(𝑔𝑘𝑚𝑜𝑑𝑝) 𝑚𝑜𝑑𝑞

𝑠= ((𝑟.𝑘−ℎ(𝑚)).𝑥−1)𝑚𝑜𝑑𝑞

The calculated signature r and s are then sent to the recipient, together with the message m.

Yen-Laih Verification Process

To verify the message signature, the verifier has to calculate u, using the following equations.
𝑤=𝑟−1 𝑚𝑜𝑑 𝑞
𝑢1=(𝑤.(ℎ(𝑚))𝑚𝑜𝑑𝑞
𝑢2=(𝑤.𝑠)𝑚𝑜𝑑𝑞
Then substitute u1 and u2 from equations (2.26) and (2.27) into equation 2.28 in order to
calculate v
 𝑣 = ((𝑔𝑢1.𝑦𝑢2)𝑑𝑝)𝑚𝑜𝑑𝑞
Now if v=r, signature is authentic, otherwise it is not accepted.

McCurley Digital Signature

Within this algorithm, the DSA verification process has been developed by eradicating the
inverse from the computations on the verifier side to reduce the time complexity in order to
verify the signature. The processes of the calculation of the signature and verification are as
follows:
McCurley Signature Generating Process
To generate signature in this algorithm the signer has to calculate the following:
𝑟=(𝑔𝑘𝑚𝑜𝑑 𝑝) 𝑚𝑜𝑑 𝑞.
𝑠=(𝑘.(ℎ(𝑚)+ 𝑥 .𝑟−1) 𝑚𝑜𝑑 𝑞
McCurley Verification Process
The verifier has to calculate u1 and u2, then compute v using equation
𝑢1=(ℎ(𝑚) .𝑠) 𝑚𝑜𝑑 𝑞
𝑢2=(𝑠.𝑟) 𝑚𝑜𝑑 𝑞
𝑣=((𝑔𝑢1.𝑦𝑢2) 𝑚𝑜𝑑 𝑝) 𝑚𝑜𝑑 𝑞
If v=r, then the message is authentic.

Modification of GOST
The modified M.GOST algorithm is aimed to produce improvements in the signature verification
processing time. Few alterations to the equations used for the calculation is done that reduces the
execution computation steps without affecting the security parameters that were used for the
original GOST algorithm. These alterations are written in details in the following sections that
include signing and verification. The mathematical proof of the modified verification process is
included next followed by a numerical example.