Information Security

Dr. Irfan Yousuf

Department of Computer Science (New Campus)
UET, Lahore
(Week 8: October 21 - 25, 2024 )
Outline

•Digital Signatures
Digital Signatures

• A digital signature is a mathematical technique used to

validate the authenticity and integrity of a digital
document, message or software.

• It's the digital equivalent of a handwritten signature or

stamped seal, but it offers far more inherent security.

• A digital signature is intended to solve the problem of

tampering and impersonation in digital communications.
Digital Signatures

• Digital signatures can provide evidence of origin, identity

and status of electronic documents, transactions or digital
messages.

• In many countries, digital signatures are considered legally

binding in the same way as traditional handwritten
document signatures.
How do digital signatures work?

• Digital signatures are based on public key cryptography,

also known as asymmetric cryptography.

• Using a public key algorithm -- such as Rivest-Shamir-

Adleman, or RSA -- two keys are generated, creating a
mathematically linked pair of keys: one private and one
public.
How do digital signatures work?

• For encryption and decryption, the person who creates the

digital signature uses a private key to encrypt signature-
related data. The only way to decrypt that data is with the
signer's public key.

• If the recipient can't open the document with the signer's

public key, that indicates there's a problem with the
document or the signature. This is how digital signatures
are authenticated
Digital Certificates

• Digital certificates, also called public key certificates, are

used to verify that the public key belongs to the issuer.
• Digital certificates contain the public key, information
about its owner, expiration dates and the digital signature
of the certificate's issuer.
• Digital certificates are issued by trusted third-party
certificate authorities (CAs), such as DocuSign or
GlobalSign.
• The party sending the document and the person signing it
must agree to use a given CA.
Hash Function
• A hash function is a mathematical function or algorithm
that simply takes a variable number of characters (called
a ”message”) and converts it into a string with a fixed
number of characters (called a hash value or simply, a
hash).
• The values returned by a hash function are called hash
values, hash codes, digests, or simply hashes.
Modular Hash Function
• h(k) = k mod m
• m is generally a prime number.
Cryptographic Hash Function
• Hash functions (hashing algorithms) used in computer
cryptography are known as "cryptographic hash functions.

• In cryptography, hash functions transform input data of

arbitrary size (e.g., a text message) to a result of fixed size
(e.g., 256 bits), which is called hash value (or hash code,
message digest, or simply hash).

• Examples of such functions are SHA-256 and SHA3-256,

which transform arbitrary input to 256-bit output
SHA-256("hello") = "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824“

SHA-256(“Hello”) = “185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969”
Cryptographic Hash Function
Cryptographic Hash Function
• Hash functions are known to be collision-resistant and
irreversible.

• Hash functions are irreversible by design, which means that

there is no fast algorithm to restore the input message from
its hash value.
Model of Digital Signature
Model of Digital Signature
• Each person adopting this scheme has a public-private key
pair.
• Generally, the key pairs used for encryption/decryption and
signing/verifying are different. The private key used for
signing is referred to as the signature key and the public
key as the verification key.
• Signer feeds data to the hash function and generates hash of
data.
• Hash value and signature key are then fed to the signature
algorithm which produces the digital signature on given
hash. Signature is appended to the data and then both are
sent to the verifier.
Model of Digital Signature
• Verifier feeds the digital signature and the verification key
into the verification algorithm. The verification algorithm
gives some value as output.
• Verifier also runs same hash function on received data to
generate hash value.
• For verification, this hash value and output of verification
algorithm are compared. Based on the comparison result,
verifier decides whether the digital signature is valid.
• Since digital signature is created by ‘private’ key of signer
and no one else can have this key; the signer cannot
repudiate signing the data in future.
Digital Signature Algorithm (DSA)
• The Digital Signature Algorithm (DSA) is a widely-used
asymmetric cryptographic algorithm for digital signatures.

• DSA is a part of the Digital Signature Standard (DSS)

established by the U.S. National Institute of Standards and
Technology (NIST) to provide secure digital signatures for
electronic documents and data.
DSA Steps
1. Parameter Generation
2. Key Pair Generation
3. Signature Generation
4. Signature Verification
DSA: Parameter Generation

Verify with p=19, q=3, h=5

DSA: Key Generation

• The private key, a is any random number such that

0 < a< q.

• The public key, A = g^a mod p

DSA: Signature Generation
DSA Example: Signature Generation
DSA: Signature Verification
DSA Example: Signature Verification

Source: https://www.di-mgt.com.au/public-key-crypto-discrete-logs-4-dsa.html
DSA model
RSA vs. DSA

• RSA: Primarily used for encryption, digital signatures, and

key exchange. RSA's versatility makes it suitable for
various cryptographic applications.

• DSA: Specifically designed for digital signatures. It's not

intended for encryption or key exchange, but it excels in
providing data integrity and authentication through
signatures.
RSA vs. DSA

• RSA: In RSA, you generate a key pair consisting of a

public key and a private key. The security of RSA relies on
the difficulty of factoring the product of two large prime
numbers.

• DSA: DSA key pairs involve a prime number 'p', a

subprime 'q', a generator 'g', and a private key 'x' that needs
to be generated. The public key 'y' is calculated based on 'x'
and the other parameters.
RSA vs. DSA

• RSA: Security in RSA depends on the size of the modulus

(key length), with longer keys offering higher security.
Common key lengths range from 1024 to 4096 bits.

• DSA: DSA uses specific prime numbers 'p' and 'q' along
with the choice of 'g'. The security depends on the proper
selection of these domain parameters.
RSA vs. DSA

• RSA: Security in RSA depends on the size of the modulus

(key length), with longer keys offering higher security.
Common key lengths range from 1024 to 4096 bits.

• DSA: DSA uses specific prime numbers 'p' and 'q' along
with the choice of 'g'. The security depends on the proper
selection of these domain parameters.
DSA model
Merkle Damgard Construction

• The Merkle Damgard construction is a process of making a

cryptographic hash function using a one-way compression
function.

• This construction is based on the rule that if the

compression function is collision resistance, the hash
function will also be collision resistance.

• Many popular hash functions like MD5, SHA-1, and SHA-

2 have been designed using Merkle Damgard construction.
Merkle Damgard Construction

• The Merkle-Damgard Scheme is an iterated hash function.

• It is used in the compression of messages to create message

digests.

• It involves the following four steps.

Merkle Damgard: Step 1

• The message length and padding are appended to create a

larger message.

• This message should be evenly divisible in blocks of n bits.

Here n is the size of the block to be processed by the
compression algorithm.
Merkle Damgard: Step 1

• It is important to carefully select the padding scheme for

message length expansion because weak padding can
introduce security vulnerability to the function.
• Padding should be MD-compliant which means it should
satisfy following conditions:
Merkle Damgard: Step 1

• In one of the MD-compliant schemes, we use two blocks.

• The first one is a padding block that contains “1” followed

by “0,” and the second one is the message size block.
Merkle Damgard: Step 2

• The message is now divided into ‘t’ blocks.

• Each block has a size of n bits.
• The blocks are named M1, M2, M3, M4, … Mt.
• Since there are t blocks, there will be t iterations, and each
iteration would produce a digest.
• And the digests created at t iterations are called H1, H2,
H3, … Ht.
Merkle Damgard: Step 3
• There are t iterations of the compression function.
• At ith iteration, the compression takes in input the
parameters Hi-t and Mi to create the digest Hi.
• Hi-1 is the digest created by the compression function in
the previous iteration.
• For the first iteration, H0 is provided as the initialization
digest value.
Merkle Damgard: Step 3
• Thus in the first iteration, the compression function
operates on the block of message M1 and the initialized
digest (constant value) H0.
• This gives the digest H1, which along with M2, is then
used to compute H2 and so on.
Merkle Damgard: Step 4
• The digest Ht that is obtained in the end is treated as the
digest for the original message M.
One-way compression function
• In cryptography, a one-way compression function is a
function that transforms two fixed-length inputs into a
fixed-length output.

• The transformation is "one-way", meaning that it is

difficult given a particular output to compute inputs which
compress to that output.
One-way compression function
• A compression function mixes two fixed length inputs and
produces a single fixed length output of the same size as
one of the inputs.
• This can also be seen as that the compression function
transforms one large fixed-length input into a shorter,
fixed-length output.
• For instance, input A might be 128 bits, input B 128 bits
and they are compressed together to a single output of 128
bits. This is equivalent to having a single 256-bit input
compressed to a single output of 128 bits.
One-way function
• A one-way function is a function that is easy to compute
but hard to invert.
• A one-way compression function (also called hash
function) should be easy to compute and should have the
following properties
One-way function

Given a function h:X →Y, then we say that h is:

• preimage resistant (one-way):
if given y Y it is computationally infeasible to find a value x X s.t.
h(x) = y
• 2-nd preimage resistant (weak collision resistant):
if given x  X it is computationally infeasible to find a value x’  X, s.t.
x’x and h(x’) = h(x)
• collision resistant (strong collision resistant):
if it is computationally infeasible to find two distinct values x’,x  X,
s.t. h(x’) = h(x)
How to construct One-way function
• One-way compression functions are often built from block
ciphers.
• Block ciphers take (like one-way compression functions)
two fixed size inputs (the key and the plaintext) and return
one single output (the ciphertext) which is the same size as
the input plaintext.
• However, modern block ciphers are only partially one-way.
That is, given a plaintext and a ciphertext it is infeasible to
find a key that encrypts the plaintext to the ciphertext. But,
given a ciphertext and a key a matching plaintext can be
found simply by using the block cipher's decryption
function.
How to construct One-way function
• To turn a block cipher into a one-way compression function
some extra operations have to be added.

• Some methods to turn any normal block cipher into a one-

way compression function are
• Davies–Meyer,
• Matyas–Meyer–Oseas,
• Miyaguchi–Preneel
Davies–Meyer
Matyas–Meyer–Oseas
Matyas–Meyer–Oseas
Miyaguchi–Preneel
Block Cipher Davies–Meyer Matyas–Meyer–Oseas Miyaguchi–Preneel
Well Known Hash Functions
• MD5
• output 128 bits
• collision resistance completely broken by researchers in China in 2004
• SHA1
• output 160 bits
• no collision found yet, but method exist to find collisions in less than 2^80
• considered insecure for collision resistance
• one-wayness still holds
• SHA2 / SHA3 (SHA-224, SHA-256, SHA-384, SHA-512)
• outputs 224, 256, 384, and 512 bits, respectively
• No real security concerns yet
Summary
• Digital Signatures