Scribd
Upload
12 views23 pages

Digital Signatures: Cryptography

Uploaded by

Memoona Basharat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
12 views23 pages

Digital Signatures: Cryptography

Uploaded by

Memoona Basharat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 23

‫جامعة اال‬

College of Computer Science & Information Technology

Department of Computer Science

CRYPTOGRAPHY

Digital Signatures
Digital Signatures
• Digital signatures: One party generates signature,
many parties can verify.
• Digital Signature: a data string which associates a
message with some originating entity.
• Digital Signature Scheme:
– a signing algorithm: takes a message and a (private) signing
key, outputs a signature
– a verification algorithm: takes a (public) verification key, a
message, and a signature
• Provides:
– Authentication, Data integrity, Non-Repudiation
Digital Signatures Scheme

 Used to provide
◼ Data integrity
◼ Message authentication
◼ Non-repudiation
RSA signature algorithm
“Textbook RSA” Signatures
Key generation (as in RSA encryption):
Public key: (e, n) used for verification
Private key: d, used for generation
Signing message m with private key
• Compute  = md mod n
Verifying signature  using public key (e, n)
• Check whether e mod n = m
Insecurity of “Textbook RSA”

• A no-message attack
– Choose arbitrary , compute m= e mod n
– (m,) is a valid pair
• Forging signature on arbitrary message
– To forge signature on message m
• query signing oracle for m1 (obtaining 1)
• m2=m/m1 (mod n) (obtaining 2)
– (m, 1 2) is a valid pair
RSA Signatures with Hash
Use a hash function H: {0,1}*→ Zn*

Signing message m with private key (n,d)


• Compute  = H(m)d mod n
Verifying signature  using public key (e, n)
• Check whether e mod n = H(m)
Digital Signature Standard (DSS)
Digital Signature Standard (DSS)

⚫ Proposed by the National Institute of Standards


and Technology (NIST) in 1991
⚫ DSS uses a digital signature algorithm (DSA):
⚫ Designed to provide only the digital signature function
⚫ Cannot be used for encryption or key exchange
⚫ Must be a public-key technique (publicly verifiable)
⚫ Use the SHA for hashing the message
Digital Signature Approaches
(DSS vs. RSA)
DSA Key Generation
⚫ NIST adopted DSA based on ElGamal digital.
⚫ have shared global public key values (p,q,g):
⚫ choose q, a 160 bit
⚫ choose a large prime p
⚫ users choose private & compute public key:
⚫ choose d<q
⚫ compute y = gd (mod p)
The ElGamal public key
cryptosystem
DSA Signature Creation
⚫ to sign a message M the sender:
⚫ generates a one time random signature key k,
k<q
⚫ then computes signature pair:
r = (gk(mod p))(mod q)
s = k-1(H(M)+ d.r)(mod q)
⚫ sends signature (r,s) with message M
DSA Signature Verification
⚫ having received M & signature (r,s)
⚫ to verify a signature, recipient computes:
w = s-1(mod q)
u1= (H(M).w)(mod q)
u2= (r.w)(mod q)
v = (gu1.yu2(mod p)) (mod q)
⚫ if v=r then signature is verified

d
Note: Y is a public parameter, y = g (mod p)
r = (gk(mod p))(mod q)
s = k-1(H(M)+ d.r)(mod q)
w = s-1(mod q)
u1= (H(M).w)(mod q)
u2= (r.w)(mod q)
v = (gu1.yu2(mod p)) (mod q)
Proof:?
v = (gu1.yu2(mod p)) (mod q)
= (gu1 yu2 mod p) mod q
= ( gh(M)s^{-1} gd.r.s^{-1} mod p) mod q
=(g(h(M)+dr)s^{-1} mod p) mod q
= gk (mod p) mod q
= r
DSA Example Signature: (r, s)
r = (gk mod p) mod q
s = k-1 ( h(M) + d.r) mod q
◼ Take q=101, p=7879, g=170,
d=75; then Y=4567

◼ To sign the message SHA-1(x)=22,


◼ Alice selects k=50; Then
r=(17050 mod 7879) mod 101=94,
s=(22+75*94)50-1 mod 101=97

(x, (94,97)) is the signed message


-1
w = s (mod q)
u1= (H(M).w)(mod q)
u2= (r.w)(mod q)
u1 u2
v = (g .y (mod p)) (mod q)

◼ The signature (94,97) on the message digest 22 can


be verify by the following computations:

w=97-1 mod 101=25


u1=22*25 mod 101=45
u2=94*25 mod 101=27

(17045*456727 mod 7879) mod 101 = 94 =r


The Elliptic Curve Digital Signature
Algorithm (ECDSA)
Elliptic curve over GF(23)

 n = 23
 E = 29 : y = x + x + 4
2 3

# E = 29  group is cyclic
 The points in E are  and the following:
P = (0, 2) 2P = (13, 12) 3P = (11, 9) 4P = (1, 12)
5P = (7, 20) 6P = (9, 11) 7P = (15, 9) 8P = (14, 5)
9P = (4, 7) 10P = (22, 5) 11P = (10, 5) 12P = (17, 9)
13P = (8, 15) 14P = (18, 9) 15P = (18, 14) 16P = (8, 8)
17P = (17, 14) 18P = (10, 18) 19P = (22, 18) 20P = (4, 16)
21P = (14, 18) 22P = (15, 17) 23P = (9, 12) 24P = (7, 3)
25P = (1, 11) 26P = (11, 14) 27P = (13, 11) 28P = (0, 21)
29P = O 30P = P
29 points
Key pair

Alice(signer)
D = (q, a, b, G, n)
Key generation:
1. Select random d: 1 ≤ d ≤ n-1
2. Q = d·G
Q(xQ, yQ) is public d is private

n = 23, q : y 2 = x 3 + x + 4
G = (0,2) d = 25 → private key
Q=25. G= (1,11)→ public key
D = (q, 1, 4, G, 23)
ECDSA generation & verification
Alice Bob
Parameters D = (q, a, b, G, n) Parameters D = (q, a, b, G, n, h)
Associated keys (d, Q) Alice’s public key Q
Alice’s signature (r, s) on m
To sign message m: To verify signature (r, s):
1. k randomly chosen 0 < k < n-1 1. check: 1 ≤ r ≤ n-1, 1 ≤ s ≤ n -1
2. k·G = (x1, y1) r =x1 mod n 2. e = SHA-1(m)
3. if r = 0 abort and start again 3. w = s-1 mod n
4. e = SHA-1(m) 4. u1 = e·w mod n u2 = r·w mod n
5. s = k-1· ( e + d·r) mod n 5. X = u1·G + u2·Q, if X =  → reject
6. if s = 0 abort and start again 6. X=(x1, y1) v = x1 mod n
Output: (r, s) 7. if v = r → accept
D, Q, m, r, s
Proof that signature verification works:
s = k −1 (e + dr ) modn  k  s −1 (e + dr )  s −1e + s −1rd  we + wrd  u1 + u2 d modn
u1G + u2Q = ( u1 + u2 d )G = kG  v = r
END

You might also like