Points to be discussed

1. What is DSS?
2. What is Digital Signature?
3. Write and Explain Digital Signature
Algorithm(DSA).
4. Describe the attack on Digital
Signature.
5. Attacks on Digital Signature.
6. Elliptic Curve Cryptography

What is DSS?
Digital Signature Standard (DSS)
As we know, signature is a way of authenticating the data coming from a
trusted individual. Similarly, digital signature is a way of authenticating a
digital data coming from a trusted source. Digital Signature Standard
(DSS) is a Federal Information Processing Standard(FIPS) which defines
algorithms that are used to generate digital signatures with the help
of Secure Hash Algorithm(SHA) for the authentication of electronic
documents. DSS only provides us with the digital signature function
and not with any encryption or key exchanging strategies.
OR
Digital Signature is a way to validate the authenticity and integrity of the
message or digital or electronic documents. Authenticity means to check
whether the data is coming from a valid source or not to the receiver i.e.
to verify the identity of the sender and integrity means to check that the
data or message should not be altered during the transmission.

DSS or Digital Signature Standard was introduced by the National

Institute of Standards and Technology (NIST) in 1994. It has become
the United States government standard for electronic document
authentication. The Federal Information Processing Standard (FIPS) 186
specifies the DSS. It was first proposed in 1991 and revised in 1993 as a
result of public concerns about the scheme’s security.
DSS employs SHA (Secure Hash Algorithm) to create digital signatures
and offers a new digital signature mechanism known as the Digital
Signature Algorithm.

The entire process is explained with the help of following diagram

DSS approach in Cryptography

The DSS is different in the fact that the RSA algorithm uses the public key,
private key and hash function whereas the DSS uses the public key,
private key, hash function, a random number k, and global public key.
Therefore, DSS provides more security than RSA algorithms.

A hash code is generated from the message and given as input to the
signature function on the sender side. The other inputs to a signature
function include a unique random number k for the signature, the
private key of sender PR(a), and the global public key i.e., PU(g).
The output of the signature function consists of two components: s & r,
which are concatenated with the input message and then sent to the
receiver. Signature = {s, r}.

On the receiver side, the hash code for the message sent is generated by
the receiver by applying a hash function. The verification function is used
for verifying the message and signature sent by the sender. The
verification function takes the hash code generated, signature components
s and r, the public key of the sender (PU(a)), and the global public key.
The signature function is compared with the output of the verification
function and if both the values match, the signature is valid because A
valid signature can only be generated by the sender using its private key.

Steps involved in DSS in Cryptography?

● Generation of keys i.e., public and private keys for the source.
● Creation of digital signature by the source for a message.
● The receiver verifies the digital signature.

https://www.simplilearn.com/tutorials/cryptography-tutorial/digital-signat
ure-algorithm

What Are Digital Signatures?

The objective of digital signatures is to authenticate and verify documents and

data. This is necessary to avoid tampering and digital modification or forgery
during the transmission of official documents.

With one exception, they work on the public key cryptography architecture.
Typically, an asymmetric key system encrypts using a public key and decrypts
with a private key. For digital signatures, however, the reverse is true. The
signature is encrypted using the private key and decrypted with the public key.
Because the keys are linked, decoding it with the public key verifies that the
proper private key was used to sign the document, thereby verifying the
signature's provenance.
The image above shows the entire process, from the signing of the key to its
verification. So, go through each step to understand the procedure thoroughly.

● Step 1: M, the original message is first passed to a hash function denoted

by H# to create a digest.

● Step 2: Next, it bundles the message together with the hash digest h and
encrypts it using the sender’s private key.

● Step 3: It sends the encrypted bundle to the receiver, who can decrypt it
using the sender’s public key.

● Step 4: Once it decrypts the message, it is passed through the same hash
function (H#), to generate a similar digest.

● Step 5: It compares the newly generated hash with the bundled hash value
received along with the message. If they match, it verifies data integrity.

There are two industry-standard ways to implement the above methodology.

They are:

1. RSA Algorithm

2. DSA Algorithm

Both the algorithms serve the same purpose, but the encryption and
decryption functions differ quite a bit. So, now that you understand how it is
supposed to function while verifying the signature, let’s deep dive into our
focus for today, the DSA Algorithm.
Block Diagram of Digital Signature

A digital signature is a type of electronic signature based on cryptography and

used to authenticate the identity of the sender of a message or the signer of a
document and to ensure that the original content of the message or document
is unchanged.

The block diagram of the digital signature process is as follows:

● Message or Document: This is the data or document that needs to be

signed.

● Hashing: The document or message is converted into a fixed-length hash

using a cryptographic hash function.

● Encryption: The hash is then encrypted using the sender's private key.

● Signature: The encrypted hash is the document's digital signature.

● Verification: The signature is then verified using the sender's public key to
ensure the signature's validity and the document's authenticity.
Role of Digital Signatures

● Digital signatures are used for authentication or verification. They are used
to verify the authenticity and integrity of a digital document or message.

● The prominent role of a digital signature is to ensure the integrity and

authenticity of a digital document or message. A digital signature is
essentially a type of electronic signature which provides non-repudiation
and authentication between two parties. It serves as proof that the two
parties have agreed to specific terms and conditions and have mutually
verified the contents of a document or message.

● Digital signatures can also protect confidential information, ensuring that

only authorized persons can access the data.

● Furthermore, digital signatures can also be used to track a digital

transaction's source and ensure that it has not been modified.
What Is the DSA Algorithm?

Digital Signatures Algorithm is a FIPS (Federal Information Processing

Standard) for digital signatures. It was proposed in 1991 and globally
standardized in 1994 by the National Institute of Standards and Technology
(NIST). It functions on the framework of modular exponentiation and discrete
logarithmic problems, which are difficult to compute as a force-brute system.

DSA Algorithm provides three benefits, which are as follows:

● Message Authentication: You can verify the origin of the sender using the
right key combination.

● Integrity Verification: You cannot tamper with the message since it will
prevent the bundle from being decrypted altogether.

● Non-repudiation: The sender cannot claim they never sent the message if
verifies the signature.

The image above shows the entire procedure of the DSA algorithm. You will
use two different functions here, a signing function and a verification function.
The difference between the image of a typical digital signature verification
process and the one above is the encryption and decryption part. They have
distinct parameters, which you will look into in the next section of this lesson
on the DSA Algorithm.

Keeping the image above in mind, go ahead and see how the entire process
works, starting from creating the key pair to verifying the signature at the end.

1. Key Generation

There are two steps in the key generation process: parameter generation and
per-user keys.
Parameter Generation

● Initially a user needs to choose a cryptographic hash function (H) along

with output length in bits |H|. Modulus length N is used in when output
length |H| is greater.

● Then choose a key length L where it should be multiple of 64 and lie in

between 512 and 1024 as per Original DSS length. However, lengths 2048
or 3072 are recommended by NIST for lifetime key security.

● The values of L and N need to be chosen in between (1024, 60), (2048,

224), (2048, 256), or (3072, 256) according to FIPS 186-4. Also, a user
should chose modulus length N in such a way that modulus length N
should be less than key length (N<L) and less than and equal to output
length (N<=|H|).

● Later a user can choose a prime number q of N bit and another prime
number as p of L bit in such a way that p-1 is multiple of q. And then
choose h as an integer from the list ( 2……..p-2).

● Once you get p and q values, find out

g = h^(p-1)/q*mod(p). If you get g = 1, please try another value for h and

compute again for g except 1.

p, q and g are the algorithm parameters that are shared amongst different
users of the systems.

Per-user Keys

To compute the key parameters for a single user, first choose an integer x
(private key) from the list (1…….q-1), then compute the public key,
y=g^(x)*mod(p).

2. Signature Generation

● It passes the original message (M) through the hash function (H#) to get
our hash digest(h).

● It passes the digest as input to a signing function, whose purpose is to give

two variables as output, s, and r.

● Apart from the digest, you also use a random integer k such that 0 < k < q.

● To calculate the value of r, you use the formula r = (gk mod p) mod q.

● To calculate the value of s, you use the formula s = [K-1(h+x . R)mod q].

● It then packages the signature as {r,s}.

● The entire bundle of the message and signature {M,r,s} are sent to the
receiver.

3. Key Distribution

While distributing keys, a signer should keep the private key (x) secret and
publish the public key (y) and send the public key (y) to the receiver without
any secret mechanism.

Signing

Signing of message m should be done as follows:

● first choose an integer k from (1……q-1)

● compute

r = g^(k)*mod(p)*mod(q). If you get r = 0, please try another random value of k

and compute again for r except 0.

● Calculate

s=(k^(-1)*(H(m)+xr))*mod(q). If you get s = 0, please try another random value

of k and compute again for s except 0.

● The signature is defined by two key elements (r,s). Also, key elements k
and r are used to create a new message. Nevertheless, computing r with
modular exponential process is a very expensive process and computed
before the message is known. Computation is done with the help of the
Euclidean algorithm and Fermat's little theorem.

4. Signature Verification

● You use the same hash function (H#) to generate the digest h.

● You then pass this digest off to the verification function, which needs other
variables as parameters too.

● Compute the value of w such that: s*w mod q = 1

● Calculate the value of u1 from the formula, u1 = h*w mod q

● Calculate the value of u2 from the formula, u2 = r*w mod q

● The final verification component v is calculated as v = [((gu1 . yu2) mod p)

mod q].
● It compares the value of v to the value of r received in the bundle.

● If it matches, the signature verification is complete.

Describe the Attacks on digital signatures

In general, three types of attacks are attempted against digital signatures, as outlined
below:

∑ Chosen-message attack: In the chosen-message attack, the attacker tricks a

genuine user into digitally signing messages that the user does not normally intend to
sign. As a result, the attacker obtains a pair of the original message that was signed
and the signature. Using this, the attacker tries to create a new message that she wants
the genuine user to sign and uses the previous signature.

∑ Known-message attack: In the known-message attack, the attacker obtains

previous few messages and the corresponding digital signatures from a genuine user.
Like the known-plaintext attack in the case of encryption, the attacker now tries to
create a new message and forge the digital signature of the genuine user onto it.

Key-only attack: In the key-only attack, the assumption is that some information was
made public by a genuine user. This attacker now tries to misuse this public
information. This is similar to the ciphertext-only attack in encryption. Here, the
attacker tries to create the signature of the genuine user.

Elliptic curve cryptography (ECC)

RSA is the most prominent algorithm used in public key cryptography techniques for
encryption and digital signatures. Over the years, the key lengths for RSA have been
increasing. This puts considerable burden on RSA. Another public key cryptography
technique is gaining popularity in the last few years. It is called as Elliptic Curve
Cryptography (ECC). The main difference between RSA and ECC is that unlike RSA,
ECC offers the same level of security for smaller key sizes. ECC is highly
mathematical in nature, and therefore, we shall just have an overview of this
technique.

Elliptic curves
An elliptic curve is similar to a normal curve drawn as a graph on x and y-axes. It has
points. Each point can be designated by an (x, y) coordinate, just like any other graph.
For instance, a point can be designated as (4, –9), which means that it is 4 units on the
right hand side of the x-axis from the center and 9 below the y-axis from the center, as
shown in Fig. 4.51
Consider an elliptic curve (E) with a point P. Now, generate a random number d. Let
we have Q = d ¥ P. Now, the mathematics says that E, P and Q are public values, and
the challenge is to find d. This is called as elliptic curve discrete logarithm problem.
As long as the curve is big enough, it is almost impossible to find d. Thus, E, P, Q
together form the public key and d is the corresponding private key.