Imam Mohammad Ibn Saud Islamic University

Applied College
Computer Sciences Program

CYB104
Lecture 6: Digital Signatures

1
Outline

• Cryptographic goals
• Digital signatures
• RSA digital signature
• Applications of Digital signatures

2
Cryptographic Goals

Cryptographic goals

Confidentiality Data integrity Authentication Non-repudiation

Symmetric-key Arbitrary length Entity authentication Digital signatures

ciphers: hash functions
Authentication
Block ciphers
primitives
Stream ciphers Message
Authentication
Message authentication
Public-key codes (MACs)
ciphers MACs
Digital signatures
Digital
signatures
Non-repudiation

m is a signed message
s is a valid signature for m

m, s
Alice Bob

Alice denies her signature if she finds:

m’ ≠ m : s is valid signature for m’

4
Why Digital
Signatures?
• To provide Authenticity,
Integrity and Non-repudiation
to electronic documents
• To use the Internet as the
safe and secure medium for e-
Commerce and e-Governance
What is Digital
Signature?
• Digital signatures are one of the most
important inventions of modern
cryptography.
• Digital signature, a fundamental
primitive of cryptography, offers non-
repudiation, integrity, public
verifiability and authenticity of
transmitted messages.
• Verifiability: As the public key of the
signer is known, anybody can verify
the message and the digital signature.
Digital Signatures

•Each individual generates his own key pair

•[Public key known to everyone & Private key
only to the owner]
•Private Key – Used for making digital signature
•Public Key – Used to verify the digital signature
 Parameter Paper Electronic

Authenticity May be forged Can not be copied

Paper signatures Integrity Signature

independent of the
Signature depends on
the contents of the
document document
vs. Digital
Signatures Non-repudiation a. Handwriting
expert
a. Any computer
user
needed b. Error free
b. Error prone
How digital signature works

9
 Message Authentication Codes
• MAC f(x, key):{0,1}*  {0,1}n
• knowing x and key f is easy to compute
• it is infeasible to calculate f(x, key)
without the key

• MAC are often block cipher based

• message m, secret key k
• specification of block cipher E
• MAC (m) = E( m, key )
• MAC (m) = E(hash(m), key )

10
 Message Authentication Code

07/22/2024 11
 Difference between MAC and digital
signature
• To prove the validity of a MAC to a third
party, you need to reveal the key
• If you can verify a MAC, you can also
create it
• MAC does not allow a distinction to be
made between the parties sharing the key
• Computing a MAC is (usually) much faster
than computing a digital signature
• Important for devices with low
computing power

12
RSA signature algorithm

13
RSA signature generation and verification
RSA signature Example
1. Select primes: p=11 & q=17
2. Compute n = pq =11×17=187
3. Compute ø(n)=(p–1)(q-1)=16 × 10 =160
4. Select e : gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160 Value is d=23
6. Publish public key PK={7,187}
7. Keep secret private key SK={23}
RSA Example cont- Sign

• Amal want to send message AEC (65 69 67), so that Bandar wants to ensure it is
from Amal and has not been modified in transit.
• Sign:
S1 = 6523 mod 187 = 142
S2 = 6923 mod 187 = 137
S3 = 6723 mod 187 = 67
Amal then send 142 137 67
RSA Example cont- Verify

To verify, Bandar does the following

• compute 1427 mod 187 = 65
• compute 1377 mod 187 = 69
• compute 677 mod 187 = 67
Decimal-Binary-Hex-ASCII Conversion
Chart

18
RSA Key pair
RSA Key pair (including Algorithm identifier) [2048 bit]
Private Key
3082 010a 0282 0101 00b1 d311 e079 5543 0708 4ccb 0542 00e2 0d83 463d e493
bab6 06d3 0d59 bd3e c1ce 4367 018a 21a8 efbc ccd0 a2cc b055 9653 8466 0500 da44
4980 d854 0aa5 2586 94ed 6356 ff70 6ca3 a119 d278 be68 2a44 5e2f cfcc 185e 47bc
3ab1 463d 1ef0 b92c 345f 8c7c 4c08 299d 4055 eb3c 7d83 deb5 f0f7 8a83 0ea1 4cb4
3aa5 b35f 5a22 97ec 199b c105 68fd e6b7 a991 942c e478 4824 1a25 193a eb95 9c39
0a8a cf42 b2f0 1cd5 5ffb 6bed 6856 7b39 2c72 38b0 ee93 a9d3 7b77 3ceb 7103
a938 4a16 6c89 2aca da33 1379 c255 8ced 9cbb f2cb 5b10 f82e 6135 c629 4c2a d02a
63d1 6559 b4f8 cdf9 f400 84b6 5742 859d 32a8 f92a 54fb ff78 41bc bd71 28f4
bb90 bcff 9634 04e3 459e a146 2840 8102 0301 0001
Public Key
3082 01e4 f267 0142 0f61 dd12 e089 5547 0f08 4ccb 0542 00e2 0d83 463d e493
bab6 0673 0d59 bf3e c1ce 4367 012a 11a8 efbc ccd0 a2cc b055 9653 8466 0500 da44
4980 d8b4 0aa5 2586 94ed 6356 ff70 6ca3 a119 d278 be68 2a44 5e2f cfcc 185e 47bc
3ab1 463d 1df0 b92c 345f 8c7c 4c08 299d 4055 eb3c 7d83 deb5 f0f7 8a83 0ea1 4cb4
3aa5 b35f 5a22 97ec 199b c105 68fd e6b7 a991 942c e478 4824 1a25 193a eb95 9c39
0a8a cf42 b250 1cd5 5ffb 6bed 6856 7b39 2c72 38b0 ee93 a9d3 7b77 3ceb 7103
a938 4a16 6c89 2aca da33 1379 c255 8ced 9cbb f2cb 5b10 f82e 6135 c629 4c2a d02a
63d1 6559 b4f8 cdf9 f400 84b6 5742 859d 32a8 f92a 54fb ff78 41bc bd71 28f4
bb90 bcff 9634 04de 45de af46 2240 8410 02f1 0001

19
Private key protection

The Private key generated is to be

protected and kept secret. The
responsibility of the secrecy of the key
lies with the owner.

The key is secured using

PIN Protected soft token
Smart Cards
Hardware Tokens
PIN protected soft
tokens
The Private key is encrypted and kept on
the Hard Disk in a file, this file is
password protected.
This forms the lowest level of security in
protecting the key, as
The key is highly reachable.
PIN can be easily known or cracked.
Soft tokens are also not preferred because
The key becomes static and machine
dependent.
The key is in known file format.
Smart Cards

The Private key is generated in the crypto

module residing in the smart card.
The key is kept in the memory of the
smart card.
The key is highly secured as it doesn’t
leave the card, the message digest is
sent inside the card for signing, and the
signatures leave the card.
The card gives mobility to the key and
signing can be done on any system.
(Having smart card reader)
Hardware Tokens
They are similar to smart cards in
functionality as
Key is generated inside the token.
Key is highly secured as it doesn’t leave the
token.
Highly portable.
Machine Independent.

iKEY is one of the most commonly used token

as it doesn’t need a special reader and can
be connected to the system using USB
port.
Applications in Judiciary
Instant posting of judgment on the web.
Secured electronic communications within judiciary
Authentic archiving of Judicial records
Submission of affidavits
Giving certified copies of the Judgment

24
 Applications in Telecommunications
A. Subscribers
 Subscriber’s services management
• STD/ISD, Opening, Closing, Initializing Password
 Shifting of telephones, Accessories (Clip, Cordless)
 Small Payments through telephones bills
• Books, gifts, Internet purchases
 Mobile Authentication of SMS
• Share market trading, Intra/Inter office instructions
 Mobile Phones as Credit cards
• Mobile operator can venture into credit card business