UNIT-III

WHAT IS CRYPTOGRAPHY

• Cryptography is technique of securing information and communications

through use of codes so that only those person for whom the information is
intended can understand it and process it. Thus preventing unauthorized
access to information. The prefix “crypt” means “hidden” and suffix “graphy”
means “writing”.
 CRYPTOGRAPHY TERMINOLOGY

• Plaintext : The original intelligible message

• Cipher text : The transformed message Cipher
An algorithm for transforming an intelligible
message into one that is unintelligible by
transposition and/or substitution methods
• Key : Some critical information used by the
cipher, known only to the sender& receiver
• Encipher (encode) :The process of converting
plaintext to cipher text using a Plain and a key
• Decipher (decode): the process of converting
cipher text back into plaintext using a cipher
and a key
 SERVICES OF CRYPTOGRAPHY

• Confidentiality: Information can only be accessed by the person for whom

it is intended and no other person except him can access it.
• Integrity: Information cannot be modified in storage or transition between
sender and intended receiver without any addition to information being
detected.
• Non-repudiation: The creator/sender of information cannot deny his
intention to send information at later stage.
• Authentication: The identities of sender and receiver are confirmed. As well
as destination/origin of information is confirmed.
 AUTHENTICATION

• Authentication provides assurance about the identity of an entity or the validity of a

message. There are two types of authentication mechanisms.
• Entity authentication
• Data origin authentication.
• Entity authentication is the assurance that an entity is currently involved and active in a
communication session. Traditionally, users are issued a username and password that is
used to gain access to the various platforms with which they are working. This practice is
known as single-factor authentication, as there is only one factor involved, namely,
something you know—that is, the password and username. This type of authentication is
not very secure for a variety of reasons, for example, password leakage; therefore,
additional factors are now commonly used to provide better security. The use of additional
techniques for user identification is known as multi-factor authentication:
• Data origin authentication is another type of authentication, which is also known as
message authentication. It is an assurance that the source of the information is indeed
verified. Data origin authentication guarantees data integrity because, if a source is
corroborated, then the data must not have been altered. Various methods are used for this
type of authentication, such as message authentication codes (MACs) and digital
signatures.
• Another important assurance provided by cryptography is non-repudiation. It is the
assurance that
• an entity cannot deny a previous commitment or action by providing incontrovertible
cryptographic
• evidence.
 APPLICATIONS OF CRYPTOGRAPHY

• Computer passwords: Cryptography is widely utilized in computer security,

particularly when creating and maintaining passwords.
• Digital Currencies: To safeguard transactions and prevent fraud, digital currencies
like Bitcoin also use cryptography.
• Secure web browsing: Online browsing security is provided by the use of
cryptography, which shields users from eavesdropping and man-in-the-middle
assaults.
• Authentication: Cryptography is used for authentication in many different
situations, such as when accessing a bank account, logging into a computer, or using
a secure network
• End-to-End Encryption: End-to-end encryption is used to protect two-way
communications like video conversations, instant messages, and email.
 TYPES OF CRYPTOGRAPHY

Cryptography

Secret-key Public-key
Cryptography(symmetric Cryptography(Asymmetri Hash Function
key) c key)
• Secret-key Cryptography(Symmetric key) :
• Single key is used for both encryption and decryption

• Public-key Cryptography(Asymmetric key) :

• Uses one key for encryption and another for decryption

• Hash function :
• It uses mathematical transformation to irreversibly “encrypt” information .
 ASYMMETRIC CRYPTOGRAPHY

• Asymmetric cryptography, also known as public-key cryptography, is a

process that uses a pair of related keys -- one public key and one private key
-- to encrypt and decrypt a message and protect it from unauthorized access
or use.
• A public key is a cryptographic key that can be used by any person to
encrypt a message so that it can only be decrypted by the intended recipient
with their private key. A private key -- also known as a secret key -- is shared
only with key's initiator.
• Examples : RSA , Elliptical Curve Digital Signature Algorithm (ECDSA)
 ADVANTAGES OF ASYMMETRIC
CRYPTOGRAPHY
• The key distribution problem is eliminated because there's no need for
exchanging keys.
• Security is increased since the private keys don't ever have to be transmitted
or revealed to anyone.
• The use of digital signatures is enabled so that a recipient can verify that a
message comes from a particular sender.
• It allows for nonrepudiation so the sender can't deny sending a message.
 DISADVANTAGES OF ASYMMETRIC
CRYPTOGRAPHY
• It's a slow process compared to symmetric cryptography. Therefore, it's not
appropriate for decrypting bulk messages.
• If an individual loses his private key, he can't decrypt the messages he
receives.
• Because public keys aren't authenticated, no one can ensure a public key
belongs to the person specified. Consequently, users must verify that their
public keys belong to them.
• If a malicious actor identifies a person's private key, the attacker can read
that individual's messages.
 SYMMETRIC VS ASYMMETRIC
Symmetric Key Encryption Asymmetric Key Encryption
• It only requires a single key for both encryption and • It requires two keys, a public key and a private key, one
decryption. to encrypt and the other one to decrypt.

• The size of cipher text is the same or smaller than the • The size of cipher text is the same or larger than the
original plain text. original plain text.

• The encryption process is very fast. • The encryption process is slow.

• It is used when a large amount of data is required to
• It is used to transfer small amounts of data.
transfer.
• It provides confidentiality, authenticity, and non-
• It only provides confidentiality.
repudiation.
• The length of key used is 128 or 256 bits • The length of key used is 2048 or higher

• In symmetric key encryption, resource utilization is low • In asymmetric key encryption, resource utilization is
as compared to asymmetric key encryption. high.

• It is efficient as it is used for handling large amount of • It is comparatively less efficient as it can handle a small
data. amount of data.

• Security is less as only one key is used for both • It is more secure as two keys are used here- one for
encryption and decryption purpose. encryption and the other for decryption.
• The Mathematical Representation is as follows-
• The Mathematical Representation is as follows-
P = D(Kd, E (Ke,P))
P = D (K, E(K, P))
where Ke –> encryption key
• where K –> encryption and decryption key
• Kd –> decryption key
P –> plain text
D –> Decryption
D –> Decryption
E(Ke, P) –> Encryption of plain text using encryption
E(K, P) –> Encryption of plain text using K
key Ke. P –> plain text
 PUBLIC AND PRIVATE KEYS

• A private key, as the name suggests, is a randomly generated number that is

kept secret and held privately by its users.
• Private keys need to be protected and no unauthorized access should be
granted to those keys; otherwise, the whole scheme of public key
cryptography is risk, as this is the key that is used to decrypt messages.
• For example, in RSA, typically, a key of 1,024 bits or 2,048 bits is used.
• The 1,024-bit key size is no longer considered secure, and at least a 2,048-bit
key size is recommended.
 PUBLIC KEY

• A public key is freely available and published by the private key owner.
Anyone who would then like to send the publisher of the public key an
encrypted message can do so, by encrypting the message using the
published public key and sending it to the holder of the private key.
• No one else can decrypt the message because the corresponding private key
is held securely by the intended recipient.
• Once the public key-encrypted message is received, the recipient can
decrypt the message using the private key
• The preceding diagram illustrates how a sender encrypts data P using the recipient’s
public key and
encryption function, and produces an output of encrypted data C, which is then
transmitted over the
network to the receiver.
• Once it reaches the receiver, it can be decrypted using the receiver’s private key by
feeding the C-encrypted data into the decryption function, which will output plaintext P.
• This way, the private key remains on the receiver’s side, and there is no need to share
 ASYMMETRIC CRYPTOGRAPHY
ALGORITHMS
• Public key algorithms are slower in terms of computation than symmetric key algorithms.
• Therefore ,they are not commonly used in the encryption of large files or the actual data that
requires encryption.
• They are usually used to exchange keys for symmetric algorithms.
• Once the keys are established securely, symmetric key algorithms can be used to encrypt
the data.
• Public key cryptography algorithms are based on various underlying mathematical functions.
• The three main categories of asymmetric algorithms are described here.
• Integer factorization
• Discrete logarithm
• Elliptic curves
 INTEGER FACTORIZATION

• Integer factorization schemes are based on the hard problem that large
integers are extremely hard to factor. RSA is a prime example of this type of
algorithm.

• Def: The prime factors of a positive integer are the prime numbers that
divide that integer exactly. The process of finding these numbers is called
integer factorization, or prime factorization
 DISCRETE LOGARITHM

• A discrete logarithm scheme is based on a problem in modular arithmetic. It

is easy to calculate the result of a modulo function, but it is computationally
impractical to find the exponent of the generator.
• In other words, it is extremely difficult to find the input from the result
(output). This is called a one-way function.
• For example, consider the following equation:
32 mod 10 = 9
 ELLIPTIC CURVES

• The elliptic curve algorithm is based on the discrete logarithm problem discussed previously,
but in the context of elliptic curves. An elliptic curve is an algebraic cubic curve over a field,
which can be defined by an equation, as shown here. The curve is non-singular, which means
that it has no self-intersections. It has two variables a and b, as well as a point of infinity:
y2 = x3 + ax + b
• Here, a and b are integers whose values are elements of the field on which the elliptic curve is
defined.
• Elliptic curves can be defined over reals, rational numbers, complex numbers, or finite fields.
• For cryptographic purposes, an elliptic curve over prime finite fields is used instead of real
numbers.
• The most prominently used cryptosystems based on elliptic curves are the Elliptic Curve Digital
Sig- Natures Algorithm (ECDSA) and the Elliptic Curve Diffie-Hellman (ECDH) key exchange.
 INTRODUCING RSA

• RSA was invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adelman,
hence the name RSA.
• This type of public key cryptography is based on the integer factorization
problem, where the multiplication of two large prime numbers is easy, but it
is difficult to factor the product (the result of the multiplication) back into the
two original numbers.
 FOLLOWING STEPS:
• 1. Modulus generation:
• Select p and q , which are very large prime numbers.
• Multiply p and q, n=p.q to generate modulus n.

• 2.Generate the co-prime:

• Assume a number called e.
• e should satisfy a certain condition; that is, it should be greater than 1 and less than
(p-1) (q-1). In other words, e must be a number such that no number other than 1 can
be divided into e and (p-1) (q-1). This is called a co-prime, that is, e is the co-prime of
(p-1)(q-1).

• 3. Generate the public key:

• The modulus generated in step 1 and co-prime e generated in step 2 is a pair that is a public
key. This part is the public part that can be shared with anyone; however, p and q need to be
kept secret.

• 4. Generate the private key:

• The private key is called d here and is calculated from p, q, and e. The private key is basically
the inverse of e modulo (p-1)(q-1). As an equation, it is as follows:
ed = 1 mod(p-1)(q-1)
• Choose two large prime numbers P and Q
• Let P = 7, Q = 17

• Calculate N = P x Q
• We have, N = 7 x 17 = 119.

• Choose the public key (i.e., the encryption key) E such that it is not an element of (P -1) x (Q – 1)
• Let us find (7 - 1) x (17 -1) = 6 x 16 = 96
• The factors of 96 are 2, 2, 2, 2, 2, and 3 (because 96 = 2 x 2 x 2 x 2 x 2 x 3).
• Therefore, it can select E such that none of the factors of E is 2 and 3. We cannot choose E as 4 (because it has 2 as a factor), 15
(because it has 3 as a factor) and 6 (because it has 2 and 3 both as factors).
• Let us choose E as 5 (it can have been any other number that does not its factors as 2 and 3).

• Choose the private key (i.e., the decryption key) D including the following equation is true: (D x E) mod (P – 1) x (Q – 1) = 1
• Let us substitute the values of E, P, and Q in the equation.
• We have (D x 5) mod (7 – 1) x (17 – 1) = 1.
• That is, (D x 5) mod (6) x (16) = 1.
• That is, (D x 5) mod (96) = 1
• After some calculations, let us take D = 77. Then the following is true: (77 x 5) mod (96) = 385 mod 96 = 1 which is what we wanted.

• For encryption, calculate the cipher text (CT) from the plain text (PT) as follows: CT = PTE mod N
• Let us assume that we want to encrypt plain text 10. Then, we have
• CT = 10^5 mod 119 = 100000 mod 119 = 40.

• Send CT as the cipher text to the receiver. Send 40 as the cipher text to the receiver.

• For decryption, calculate the plain text (PT) from the cipher text (CT) as follows:

• PT = CT^D mod N

• It perform the following:

• PT = CT^D mod N

• That is, PT = 4077mod 119 = 10, which was the original plaintext of step5.
 ELLIPTIC CURVE CRYPTOGRAPHY

• The ECC cryptography is considered a natural modern

successor of the RSA cryptosystem, because ECC
uses smaller keys and signatures than RSA for the
same level of security and provides very fast key
generation, fast key agreement and fast signatures.
• It is an asymmetric /public key cryptography
• It provides equal security with smaller key size as
compared to non ECC algorithms (i.e RSA , DSA)
• Elliptic curve are defined by some mathematical
functions
• Y 2
=X 3
+a X + b

• Elliptic curve is symmetric to x-axis

• If we draw a line it will touches maximum of 3 points
(i. e P,Q, R)
• Elliptic curve over the real numbers. (i.e finite
numbers)
 ECC ALGORITHM
• ECC key Exchanges
• Global Public Elements
• Eq(a,b)
• Where E is Elliptic Curve with two parameters a & b
• Here q is any prime number or an integer of the form 2m
• G – Point on the Elliptic Curve

• User A key generation

• Select private key nA nA < n ( where n is the point in the elliptic curve)
• Calculate public key PA PA = nA * G ( where G is the point in the elliptic curve)

• User B key generation

• Select private key nB nB < n
• Calculate public key PB PB = n B * G

• Calculation of secret key by user A

• K = nA * PB

• Calculation of Secret key by user B

• K = n B * PA
 ECC ENCRYPTION PROCESS

• Let the message be M

• First encode this message M into a point on elliptic curve .
• Let this point be P m

• For Encryption , choose a random positive integer k

• The cipher point will be Cm={ K G , Pm + K PB }
• This point will be sent to the receiver
 ECC DECRYPTION PROCESS

• For Decryption , multiply x-coordinate with receivers secret key

• KG * nB (KG is X- coordinate )

• Then subtract (KG * nB ) from y-coordinate of cipher point

• Pm + K PB - KG * nB
• We know that PB = nB * G
• After substitute the value
• Pm +K PB – K PB
• Finally it decrypt (i.e Pm)
 FINDING TOTAL POINTS IN EC
• General form is Eq(a,b) , a= 2 y Y2 mod 13 x X3+2x+3 mod
0 0 13
,b= 3, q=13
1 1 0 3
• Lets Take EC Y2 = X3 +2 X 1 6
2 4
+3 , and Generator point is 3 9 2 2
G(7,3) 4 3 3 10

• Total Pairs in EC is 5 12 4 10
6 10 5 8
• Total Points :
7 10 6 10
• (12,0), (11,2),(11,4),(7,3), 7 9
8 12
(9,3) 8 11
9 3
• (10,3),(7,10),(9,10),(10,10), 9 9
10 9
(0,4) 10 9
11 4
• (0,9),(3,6),(4,6),(6,6),(3,7), 12 1 11 4
(4,7),(6,7), 12 0
 POINT DOUBLING AND POINT ADDITION

• A) Find 2 P B) Find 3P C) Find –P

• If P== Q
• S = 3 x12 +a/ 2.Y1 Mod p

• If P != Q
• S = Y2 - Y1 / X2 - X1

• X3 =S2-x1-x2 mod p

• Y3 = S(x1-x3)-y1
 HASH FUNCTION?
• Hash functions are used to create fixed-length digests of arbitrarily long input strings. Hash
functions are keyless, and they provide a data integrity service. They are usually built using
iterated and dedicated hash function construction techniques.
• A cryptographic hash function combines the message-passing capabilities of hash functions
with security properties.
• Various families of hash functions are available, such as MD, SHA1, SHA-2, SHA-3, RIPEMD,
and Whirlpool.
• Hash functions are commonly used for digital signatures and MACs, such as HMACs
• Hash Uses
• Digital signatures.
• Digital fingerprints.
• Logging sensitive data.
• Saving passwords.
• Blockchain.
 HASH FUNCTION [CONT..]
• Hash functions are also typically used to provide data integrity services. These can
be used both as one-way functions and to construct other cryptographic primitives,
such as MACs and digital signatures.
• There are two practical properties of hash functions that must be met depending on
the level of integrity required:
• Compression of arbitrary messages into fixed-length digests
• Easy to compute

• Compression of arbitrary messages into fixed-length digests: This property

relates to the fact that a hash function must be able to take an input text of any
length and output a fixed-length compressed message. Hash functions produce a
compressed output in various bit sizes, usually between 128-bit and 512-bit.
• Easy to compute: Hash functions are efficient and fast one-way functions. It is
required that hash functions be very quick to compute regardless of the message
size. The efficiency may decrease if the message is too big, but the function should
still be fast enough for practical use.
 PROPERTIES OF HASH FUNCTION
• cryptographic hash functions exhibit these three properties
• Pre-image resistance
• Second pre-image resistance
• Collision resistance

• Pre-image resistance: This property states that if given a value y, it is computationally

infeasible (almost impossible) to find a value x such that h(x)= y. Here, h is the hash
function, x is the input, and y is the hash. The first security property requires that y cannot
be reverse computed to x. x is considered a pre-image of y, hence the name pre-image
resistance. This is also called a one-way property.
• Second pre-image resistance: The second pre-image resistance property states that
given x it is computationally infeasible to find another value x’ such that x’≠ x and h(x’) =
h(x). This property is also known as weak collision resistance.
• Collision resistance: The collision resistance property states that it is computationally
infeasible to find two distinct values x’ and x such that h(x’) = h(x). In other words, two
different input messages should not hash to the same output. This property is also known
as strong collision resistance.
 SECURE HASH ALGORITHMS

• The following list describes the most common secure hash algorithms (SHAs):
• SHA-0: This is a 160-bit function introduced by the U.S. National Institute of Standards and
Technology (NIST) in 1993.
• SHA-1: SHA-1 was introduced in 1995 by NIST as a replacement for SHA-0. This is also a 160-bit
hash function. SHA-1 is used commonly in SSL(Secure Sockets Layer) and TLS (Transport Layer
Security)implementations. It should be noted that SHA-1 is now considered insecure, and it is
being deprecated by certificate authorities. Its usage is discouraged in any new
implementations.
• SHA-2: This category includes four functions defined by the number of bits of the hash: SHA-
224, SHA-256, SHA-384, and SHA-512.
• SHA-3: This is the latest family of SHA functions. SHA3-224, SHA3-256, SHA3-384, and SHA3-512
are members of this family. SHA-3 is a NIST-standardized version of Keccak.
 SECURE HASH ALGORITHMS [CONT..]
• RIPEMD: RIPEMD is the acronym for RACE Integrity Primitives Evaluation
Message Digest. It is based on the design ideas used to build MD4. There are
multiple versions of RIPEMD, including 128-bit, 160-bit, 256-bit, and 320-bit.
• Whirlpool: This is based on a modified version of the Rijndael cipher known as
W. It uses the Miyaguchi-Preneel compression function, which is a type of one-
way function used for the compression of two fixed-length inputs into a single
fixed-length output. It is a single-block length compression function.
 SHA-256

• SHA-256 has an input message size limit of 264 - 1 bits. The block size is 512 bits, and it has a word size
of 32 bits. The output is a 256-bit digest. The compression function processes a 512-bit message block
and a 256-bit intermediate hash value. There are two main components of this function:
• the compression function
• message schedule.

• Pre-processing:
• Padding of the message is used to adjust the length of a block to 512 bits if it is smaller than the required block
size of 512 bits.
• Parsing the message into message blocks, which ensures that the message and its padding are divided into
equal blocks of 512 bits.
• Setting up the initial hash value, which consists of the eight 32-bit words obtained by taking the first 32 bits of
the fractional parts of the square roots of the first eight prime numbers. These initial values are fixed and
chosen to initialize the process. They provide a level of confidence that no backdoor exists in the algorithm.
 HASH COMPUTATION

• Each message block is then processed in a

sequence, and it requires 64 rounds to
compute the full hash output. Each round
uses slightly different constants to ensure
that no two rounds are the same.
• The message schedule is prepared.
• Eight working variables are initialized.
• The compression function runs 64 times.
• The intermediate hash value is calculated.
• Finally, after repeating steps 5 through 8
until all blocks (chunks of data) in the input
message are processed, the output hash is
produced by concatenating intermediate
hash values.
• SHA-256 is a Merkle-Damgard construction that takes the
input message and divides it into equal blocks (chunks of
data) of 512 bits. Initial values (or initial hash values) or
the initialization vector are composed of eight 32-bit
constant words (a, b, c, d, e, f, g —256 bits each) that are
fed into the compression function with the first message
block. Subsequent blocks are fed into the compression
function until all blocks are processed, and finally, the
output hash is produced.
• In the preceding diagram, a, b, c, d, e, f, g and h are the
registers for eight initial pre-determined constants and
then for intermediate hash values for the next blocks. Maj
and Ch functions are defined as the formulae shown below:
• 𝑀aj(a,b,c) = (𝑎^b) ⊕ (𝑎^c) ⊕ (𝑏^c)
• 𝐶h(𝑒,f,g) = (𝑒 ^ f) ⊕ (¬ e ^ g)
• where ∧ is bitwise AND, ⊕ is bitwise XOR, and ¬ is bitwise
NOT. XOR can be replaced with bitwise OR without any
change in the output. The functions operate on vectors of
32 bits.
• Maj is the “majority” function where the output produced is
based on the majority of the inputs. In other words, if most
of the inputs are 1 then the output is 1; otherwise, 0
 SHA-3 (KECCAK)

• The structure of SHA-3 is very different from that of SHA-1 and SHA-2. The key idea behind SHA-3
is based on unkeyed permutations, as opposed to other typical hash function constructions that
used keyed permutations. Keccak also does not make use of the Merkle-Damgard transformation
that is commonly used to handle arbitrary-length input messages in hash functions.
• A newer approach, called sponge and squeeze construction, is used in Keccak. It is a random
permutation model. Different variants of SHA-3 have been standardized, such as SHA3-224, SHA3-
256, SHA3-384, SHA3-512, SHAKE128, and SHAKE256. SHAKE128 and SHAKE256 are extendable-
output functions (XOFs), which allow the output to be extended to any desired length.
• The following diagram shows the sponge and squeeze model, which is the basis of SHA-3 or
Keccak. Analogous to a sponge, the data (m input data) is first absorbed into the sponge after
applying padding. It is then changed into a subset of the permutation state using XOR (exclusive
OR), and then the output is squeezed out of the sponge function that represents the transformed
state. The rate r is the input block size of the sponge function, while capacity c determines the
security level:
• In the preceding diagram, state size b is calculated
by adding bit rate r and capacity bits c. r and c can
be any values as long as sizes of r + c are 25, 50,
100, 200, 400, 800, or 1,600. The state is a 3-
dimensional bit matrix. The initial state is set to 0.
• The data m is entered into the absorb phase block
by block via XOR ⊕ after applying padding.
• The following table shows the value of bit rate r
(block size) and capacity c required to achieve the
desired output hash size under the most efficient
setting of r + c = 1600

The function f is a permutation function. It

• 𝜃(Theta): XOR bits in the state, used for mixing

contains five transformation operations:

• 𝜌 (Rho): Diffusion function performing rotation

• 𝜋(Pi): Diffusion function

of bits

• 𝜒 (XOR): Each bit, bitwise combine

• 𝜄 (Iota): Combination with round constants
 DIGITAL SIGNATURE

• A digital signature is a cryptographic output used to verify the authenticity of

data. A digital signature algorithm allows for two distinct operations.
• a signing operation, which uses a signing key to produce a signature over raw
data
• a verification operation, where the signature can be validated by a party who has
no knowledge of the signing key

• The main purposes of a digital signature are:

• verification of the integrity of the signed data
• non-repudiation if the signer claims the signature is not authentic
 ELLIPTIC CURVE DIGITAL SIGNATURE
ALGORITHM
• The ECDSA is a DSA based on elliptic curves. The DSA is a standard for
digital signatures. It is based on modular exponentiation and the discrete
logarithm problem. It is used on the Bitcoin and Ethereum blockchain
platforms to validate messages and provide data integrity services.
• To sign and verify using the ECDSA scheme, the first key pair needs to be
generated:
• First, define an elliptic curve E with the following:
• Modulus P
• Coefficients a and b
• Generator point A that forms a cyclic group of prime order q
• 2. An integer d is chosen randomly so that 0 < d < q.
• 3. Calculate public key B so that B = d A:
• The public key is a sextuple in the form shown here:

Kpb = (p, a, b, q, A, B)
• The private key is a randomly chosen integer d in step 2:

Kpr = d
• Now, the signature can be generated using the private and public keys.
• An ephemeral key Ke is chosen, where 0 < Ke < q. It should be ensured that Ke is truly
random and that no two signatures have the same key; otherwise, the private key can be
calculated.
• Another value R is calculated using R = Ke A—that is, by multiplying A (the generator
point) and the random ephemeral key.
• Initialize a variable r with the x coordinate value of point R so that r = xR.
• The signature can be calculated as follows:
• S = (h(m)+dr)Ke-1 mod q

• Here, m is the message for which the signature is being computed, and h(m) is the
hash of the message m.
• 4. Signature verification is carried out by following this process:
• Auxiliary value w is calculated as w = s-1mod q
• Auxiliary value u1 = w. h(m) mod q
• Auxiliary value u2 = w. r mod q
• Calculate point P, P = u1*A + u2*B

• 5. Verification is carried out as follows:

• r, s is accepted as a valid signature if the x coordinate of point P calculated in step
4 has the same value as the signature parameter r mod q—that is:
• Xp = r mod q means valid signature
• Xp ≠ r mod q means valid signature