Digital signature schemes
8,342 views
22 slides
Mar 02, 2017
Slide 1 of 22
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
About This Presentation
ravik09783
Slide Content
CSE 597E Fall 2001 PennState University 1
Digital Signature Schemes
Presented By:
Munaiza Matin
Digital Signature Schemes
Presented By:
Munaiza Matin
CSE 597E Fall 2001 PennState University2
Introduction
Cryptography – art & science of
preventing users from unauthorized or
illegal actions towards information,
networking resources and services.
Cryptographic transformation –
conversion of input data into output data
using a cryptographic key.
Cryptosystem – forward and inverse
cryptographic transformation pair
Introduction
Cryptography – art & science of
preventing users from unauthorized or
illegal actions towards information,
networking resources and services.
Cryptographic transformation –
conversion of input data into output data
using a cryptographic key.
Cryptosystem – forward and inverse
cryptographic transformation pair
CSE 597E Fall 2001 PennState University3
A Cryptosystem
Input
data
Forward
Cryptographic
Transformation
Inverse
Cryptographic
Transformation
Key Key
Output
data
Input
data
Sender Receiver
A Cryptosystem
Input
data
Forward
Cryptographic
Transformation
Inverse
Cryptographic
Transformation
Key Key
Output
data
Input
data
Sender Receiver
CSE 597E Fall 2001 PennState University4
Types of Cryptosystems
Private key cryptosystem – a private
key is shared between the two
communicating parties which must
be kept secret between themselves.
Public key cryptosystem – the
sender and receiver do not share the
same key and one key can be public
and the other can be private
Types of Cryptosystems
Private key cryptosystem – a private
key is shared between the two
communicating parties which must
be kept secret between themselves.
Public key cryptosystem – the
sender and receiver do not share the
same key and one key can be public
and the other can be private
CSE 597E Fall 2001 PennState University5
Types of Cryptosystems
Forward
Cryptographic
Transformation
Inverse
Cryptographic
Transformation
Key Key
Output
data
Input
data
Sender Receiver
Input
data
Share private key
A Private Key Cryptosystem
Types of Cryptosystems
Forward
Cryptographic
Transformation
Inverse
Cryptographic
Transformation
Key Key
Output
data
Input
data
Sender Receiver
Input
data
Share private key
A Private Key Cryptosystem
CSE 597E Fall 2001 PennState University6
Types of Cryptosystems
Forward
Cryptographic
Transformation
Inverse
Cryptographic
Transformation
1
st
Key 2
nd
Key
Output
data
Input
data
Sender Receiver
Input
data
Do not share the same key information and one key may be public
A Public Key Cryptosystem
Types of Cryptosystems
Forward
Cryptographic
Transformation
Inverse
Cryptographic
Transformation
1
st
Key 2
nd
Key
Output
data
Input
data
Sender Receiver
Input
data
Do not share the same key information and one key may be public
A Public Key Cryptosystem
CSE 597E Fall 2001 PennState University7
Digital Signatures
Encryption, message authentication and
digital signatures are all tools of modern
cryptography.
A signature is a technique for non-
repudiation based on the public key
cryptography.
The creator of a message can attach a
code, the signature, which guarantees the
source and integrity of the message.
Digital Signatures
Encryption, message authentication and
digital signatures are all tools of modern
cryptography.
A signature is a technique for non-
repudiation based on the public key
cryptography.
The creator of a message can attach a
code, the signature, which guarantees the
source and integrity of the message.
CSE 597E Fall 2001 PennState University8
Properties of Signatures
Similar to handwritten signatures, digital
signatures must fulfill the following:
Must not be forgeable
Recipients must be able to verify them
Signers must not be able to repudiate them
later
In addition, digital signatures cannot be
constant and must be a function of the
entire document it signs
Properties of Signatures
Similar to handwritten signatures, digital
signatures must fulfill the following:
Must not be forgeable
Recipients must be able to verify them
Signers must not be able to repudiate them
later
In addition, digital signatures cannot be
constant and must be a function of the
entire document it signs
CSE 597E Fall 2001 PennState University9
Types of Signatures
Direct digital signature – involves only the
communicating parties
Assumed that receiver knows public key of
sender.
Signature may be formed by (1) encrypting
entire message with sender’s private key or
(2) encrypting hash code of message with
sender’s private key.
Further encryption of entire message +
signature with receiver’s public key or shared
private key ensures confidentiality.
Types of Signatures
Direct digital signature – involves only the
communicating parties
Assumed that receiver knows public key of
sender.
Signature may be formed by (1) encrypting
entire message with sender’s private key or
(2) encrypting hash code of message with
sender’s private key.
Further encryption of entire message +
signature with receiver’s public key or shared
private key ensures confidentiality.
CSE 597E Fall 2001 PennState University10
Types of Signatures
Problems with direct signatures:
Validity of scheme depends on the
security of the sender’s private key Þ
sender may later deny sending a
certain message.
Private key may actually be stolen from
X at time T, so timestamp may not
help.
Types of Signatures
Problems with direct signatures:
Validity of scheme depends on the
security of the sender’s private key Þ
sender may later deny sending a
certain message.
Private key may actually be stolen from
X at time T, so timestamp may not
help.
CSE 597E Fall 2001 PennState University11
Types of Signatures
Arbitrated digital signature – involves a
trusted third party or arbiter
Every signed message from sender, X, to
receiver, Y, goes to an arbiter, A, first.
A subjects message + signature to number of
tests to check origin & content
A dates the message and sends it to Y with
indication that it has been verified to its
satisfaction
Types of Signatures
Arbitrated digital signature – involves a
trusted third party or arbiter
Every signed message from sender, X, to
receiver, Y, goes to an arbiter, A, first.
A subjects message + signature to number of
tests to check origin & content
A dates the message and sends it to Y with
indication that it has been verified to its
satisfaction
CSE 597E Fall 2001 PennState University12
Basic Mechanism of
Signature Schemes
A key generation algorithm to randomly
select a public key pair.
A signature algorithm that takes message
+ private key as input and generates a
signature for the message as output
A signature verification algorithm that
takes signature + public key as input and
generates information bit according to
whether signature is consistent as output.
Basic Mechanism of
Signature Schemes
A key generation algorithm to randomly
select a public key pair.
A signature algorithm that takes message
+ private key as input and generates a
signature for the message as output
A signature verification algorithm that
takes signature + public key as input and
generates information bit according to
whether signature is consistent as output.
CSE 597E Fall 2001 PennState University13
Digital Signature Standards
NIST FIPS 186 Digital Signature Standard
(DSS)
El Gamal
RSA Digital Signature
- ISO 9796
- ANSI X9.31
- CCITT X.509
Digital Signature Standards
NIST FIPS 186 Digital Signature Standard
(DSS)
El Gamal
RSA Digital Signature
- ISO 9796
- ANSI X9.31
- CCITT X.509
CSE 597E Fall 2001 PennState University14
DSS
Public-key technique.
User applies the Secure Hash
Algorithm (SHA) to the message to
produce message digest.
User’s private key is applied to
message digest using DSA to
generate signature.
DSS
Public-key technique.
User applies the Secure Hash
Algorithm (SHA) to the message to
produce message digest.
User’s private key is applied to
message digest using DSA to
generate signature.
CSE 597E Fall 2001 PennState University15
Global Public-Key Components
p A prime number of L bits where L is a multiple of 64 and 512 £ L £ 1024
q A 160-bit prime factor of p-1
g = h
(p-1)/q
mod p, where h is any integer with 1<h< p-1, such that (h
(p-1)/q
mod
p)>1
User’s Private Key
x A random or pseudorandom integer with 0< x<q
User’s Public Key
y = g
x
mod p
User’s Per-Message Secret Number
k A random or pseudorandom integer with 0< k<q
Signing
r = (g
k
mod p) mod q s = [k
-1
(H(M) = xr)] mod q
Signature = (r, s)
Verifying
w = (s’)
-1
mod q
u
1
= [H(M’)w] mod q u
2
= (r’)w mod q v = [(g
u1
y
u2
) mod p] mod q
Test: v = r’
The Digital Signature Algorithm (DSA)
Global Public-Key Components
p A prime number of L bits where L is a multiple of 64 and 512 £ L £ 1024
q A 160-bit prime factor of p-1
g = h
(p-1)/q
mod p, where h is any integer with 1<h< p-1, such that (h
(p-1)/q
mod
p)>1
User’s Private Key
x A random or pseudorandom integer with 0< x<q
User’s Public Key
y = g
x
mod p
User’s Per-Message Secret Number
k A random or pseudorandom integer with 0< k<q
Signing
r = (g
k
mod p) mod q s = [k
-1
(H(M) = xr)] mod q
Signature = (r, s)
Verifying
w = (s’)
-1
mod q
u
1
= [H(M’)w] mod q u
2
= (r’)w mod q v = [(g
u1
y
u2
) mod p] mod q
Test: v = r’
The Digital Signature Algorithm (DSA)
CSE 597E Fall 2001 PennState University16
DSS
DSA
- M = message to be signed
- H(M) = hash of M using SHA
- M’, r’, s’ = received versions of M,
r, s
DSS
DSA
- M = message to be signed
- H(M) = hash of M using SHA
- M’, r’, s’ = received versions of M,
r, s
CSE 597E Fall 2001 PennState University17
El Gamal Signature Scheme
A variant of the DSA.
Based on the assumption that computing
discrete logarithms over a finite field with
a large prime is difficult.
Assumes that it is computationally
infeasible for anyone other than signer to
find a message M and an integer pair (r,
s) such that a
M
= y
r
r
s
(mod p).
El Gamal Signature Scheme
A variant of the DSA.
Based on the assumption that computing
discrete logarithms over a finite field with
a large prime is difficult.
Assumes that it is computationally
infeasible for anyone other than signer to
find a message M and an integer pair (r,
s) such that a
M
= y
r
r
s
(mod p).
18
El Gamal Signature Scheme
Parameters of El Gamal
p A large prime number such that p-1 has a large
prime factor
x The private key information of a user where x<p
a A primitive element of the finite field for the prime p
y = a
x
mod p
(p,a,y) The public key information
El Gamal Signature Scheme
Parameters of El Gamal
p A large prime number such that p-1 has a large
prime factor
x The private key information of a user where x<p
a A primitive element of the finite field for the prime p
y = a
x
mod p
(p,a,y) The public key information
19
El Gamal Signature Scheme
Step 1 Randomly choose an integer k such that (k, p-1) = 1,
1<k<p-1, and k has not been used to sign a previous
message
Step 2 Calculate r = a
k
(mod p)
Step 3 Find s such that M = xr + ks (mod (p-1))
Step 4 Collect the pair (r, s) as the digital signature on the
message M
Since, M = xr + ks (mod (p-1))
Þ a
M
= a
(xr+ks)
= a
xr
a
ks
= y
r
r
s
(mod p)
Þ Given M and (r, s), the receiver or 3
rd
party can
verify the signature by checking whether
a
M
= y
r
r
s
(mod p) holds or not.
El Gamal Signature Scheme
Step 1 Randomly choose an integer k such that (k, p-1) = 1,
1<k<p-1, and k has not been used to sign a previous
message
Step 2 Calculate r = a
k
(mod p)
Step 3 Find s such that M = xr + ks (mod (p-1))
Step 4 Collect the pair (r, s) as the digital signature on the
message M
Since, M = xr + ks (mod (p-1))
Þ a
M
= a
(xr+ks)
= a
xr
a
ks
= y
r
r
s
(mod p)
Þ Given M and (r, s), the receiver or 3
rd
party can
verify the signature by checking whether
a
M
= y
r
r
s
(mod p) holds or not.
CSE 597E Fall 2001 PennState University20
RSA Digital Signature Scheme
Based on the difficulty of factoring large
numbers.
Given M, RSA digital signature can be
produced by encrypting either M itself or
a digest of M using the private signature
key s.
Signature, S = w
s
mod n, where w is
message to be signed or message digest
and n = pq (p and q are large primes).
Verification: w = S
v
mod n, where (v, n) is
the public verification key.
RSA Digital Signature Scheme
Based on the difficulty of factoring large
numbers.
Given M, RSA digital signature can be
produced by encrypting either M itself or
a digest of M using the private signature
key s.
Signature, S = w
s
mod n, where w is
message to be signed or message digest
and n = pq (p and q are large primes).
Verification: w = S
v
mod n, where (v, n) is
the public verification key.
CSE 597E Fall 2001 PennState University21
Conclusions
Digital signatures are an effective
mechanism used for authenticity and non-
repudiation of messages.
Several signature schemes exist, but DSS
is probably the most popular.
Digital signatures may be expanded to be
used as digital pseudonyms which would
prevent authorities from figuring out a
sender’s identity, for example by cross-
matching
Conclusions
Digital signatures are an effective
mechanism used for authenticity and non-
repudiation of messages.
Several signature schemes exist, but DSS
is probably the most popular.
Digital signatures may be expanded to be
used as digital pseudonyms which would
prevent authorities from figuring out a
sender’s identity, for example by cross-
matching
CSE 597E Fall 2001 PennState University 22
Thank you!
Thank you!
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 8,342
- Slides 22
- Favorites 2
- Age 3196 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views