Why we need digital signature

o Alice orders a pink car from the car salesmen Bob

o After seeing the pink car, Alice states that she has never ordered it

o How can Bob prove towards a judge that Alice has ordered a pink car?
(And that he did not fabricate the order himself)

o Symmetric cryptography fails because both Alice and Bob can be

malicious

o Can be achieved with public-key cryptography

Basic Principle of Digital Signatures
o For a given message x, a digital signature is appended to the message
(just like a conventional signature).

o Only the person with the private key should be able to generate the
signature.

o The signature must change for every document.

o The signature is realized as a function with the message x and the

private key as input.

o The public key and the message x are the inputs to the verification
function.
Core Security Services

Confidentiality: Information is kept secret from all but authorized parties.

Integrity: Ensures that a message has not been modified in transit.

Message Authentication: Ensures that the sender of a message is

authentic. An alternative term is data origin authentication.

Non-repudiation: Ensures that the sender of a message can not deny the
creation of the message. (c.f. order of a pink car)
Additional Security Services
Identification/entity authentication: Establishing and verification of the identity of an
entity, e.g. a person, a computer, or a credit card.

Access control: Restricting access to the resources to privileged entities.

Availability: The electronic system is reliably available.

Auditing: Provides evidences about security relevant activities, e.g., by keeping logs about
certain events.

Physical security: Providing protection against physical tampering and/or responses to

physical tampering attempts

Anonymity: Providing protection against discovery and misuse of identity

 Key Generation Encryption & Decryption
• Choose p and q
• Compute n = p * q • Public key is (e, n) , Private key is (d, n)
• Compute φ(n) = (p - 1) * (q - 1)
• The encryption of m is c =me mod n
• Choose e such that 1 < e < φ(n) and e and φ (n) are coprime.
• Compute a value for d such that (d * e) mod φ(n) = 1. • The decryption of m = cd mod n

• Public key is (e, n)

• Private key is (d, n)

7
Suppose Bob wants to send a signed message (x=4) to Alice.
Security of the RSA Signature Scheme Security:

o The same constrains as RSA encryption: n needs to be at least

1024 bits to provide a security level of 80 bit.

o The signature, consisting of s, needs to be at least 1024 bits long

Performance
o The signing process is an exponentiation with the private key and
the verification process an exponentiation with the public key e.

o Signature verification is very efficient as a small number can be

chosen for the public key.
Existential Forgery and Padding

o An attacker can generate valid message-signature pairs (x,s)

o But an attack can only choose the signature s and NOT the message
x

o Attacker cannot generate messages like „Transfer $1000 into

Oscar‘s account“ Formatting the message x according to a padding
scheme can be used to make sure that an attacker cannot generate
valid (x,s) pairs
Facts about the Digital Signature Algorithm (DSA)

o Federal US Government standard for digital signatures (DSS)

o Proposed by the National Institute of Standards and Technology (NIST)
o Signature is only 320 bits long
o Signature verification is slower compared to RS