Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
97 views24 pages

Module 4 Topic Digital Signature-1

This document discusses digital signatures and the Digital Signature Algorithm (DSA). It begins by explaining the differences between conventional and digital signatures. It then provides an overview of the DSA model, which uses hashing and signing a message with a private key. The document discusses various attacks against digital signatures and details the DSA key generation, signature creation, and signature verification processes. It also provides an example of applying DSA with smaller numbers to demonstrate how it works.

Uploaded by

Nishanth Megan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
97 views24 pages

Module 4 Topic Digital Signature-1

This document discusses digital signatures and the Digital Signature Algorithm (DSA). It begins by explaining the differences between conventional and digital signatures. It then provides an overview of the DSA model, which uses hashing and signing a message with a private key. The document discusses various attacks against digital signatures and details the DSA key generation, signature creation, and signature verification processes. It also provides an example of applying DSA with smaller numbers to demonstrate how it works.

Uploaded by

Nishanth Megan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

MODULE 4 : Authentication Protocols

Cryptographic Hash functions


Applications
Requirements
SHA 512
MAC requirements
Security
HMAC
Digital Signature
Digital Signature
 A person signs a document to show that it originated
from her or was approved by her. The signature is proof
to the recipient that the document comes from the
correct entity. When a customer signs a check, the bank
needs to be sure that the check is issued by that
customer and nobody else
 When Alice sends a message to Bob, Bob needs to
check the authenticity of the sender; he needs to be
sure that the message comes from Alice and not Eve.
Bob can ask Alice to sign the message electronically.
 We refer to this type of signature as a digital signature.
Conventional Signature VS Digital Signature
 A conventional signature is included in the document; it is part of the
document. When we write a check, the signature is on the check; it is not a
separate document.
 But when we sign a document digitally, we send the signature as a
separate document. The sender sends two documents: the message and
the signature. The recipient receives both documents and verifies that the
signature belongs to the supposed sender.
 For a conventional signature, when the recipient receives a document, she
compares the signature on the document with the signature on file. If they
are the same, the document is authentic.
 For a digital signature, the recipient receives the message and the
signature. A copy of the signature is not stored anywhere. The recipient
needs to apply a verification technique to the combination of the message
and the signature to verify the authenticity
Digital Signature model
Digital Signature model (using hashing tech)
Attacks
 Key only attack
 C knows A’s Public key
 Known message attack
 C is given access to a set of messages and their signatures.
 Generic chosen message attack
 C chooses a list of messages before attempting to breaks A’s
signature scheme, independent of A’s public key. C then obtains
from A valid signatures for the chosen messages. The attack is
generic, because it does not depend on A’s public key; the same
attack is used against everyone.
Attacks
 Directed chosen message attack

Directed chosen message attack: Similar to the


generic attack, except that the list of messages to be
signed is chosen after C knows A’s public key but
before any signatures are seen.
 Adaptive /Generic chosen message attack

 C may request from A signatures of messages that


depend on previously obtained message-signature
pairs.
Forgery
Total break
 C determines A’s private key.

Universal forgery
 C finds an efficient signing algorithm that provides an equivalent
way of constructing signatures on arbitrary messages.

Selective forgery
 C forges a signature for a particular message chosen by C.

Existential forgery
 C forges a signature for at least one message. C has no control
over the message.
Digital signature standard
US govt approve the signature scheme.
Designed by NIST and NSA in 1990
Published in 1991, revised in 1993, 1996, then
2000
Uses the SHA hash algorithm
DSS
DSA, RSA and Elgamal
Direct Digital Signatures
 Involve only sender & receiver
 Assumed receiver has sender’s public-key
 Digital signature made by sender signing entire message
or hash with private-key
 can encrypt using receivers public-key
 Important that sign first then encrypt message &
signature
 security depends on sender’s private-key
RSA approach
DSA approach
DSA –Digital Signature algorithm
 creates a 320 bit signature
 with 512-1024 bit security
 smaller and faster than RSA
 a digital signature scheme only
 security depends on difficulty of
computing discrete logarithms
DSA Key Generation
 shared global public key values (p,q,g):
 choose 160-bit prime number q
 choose a large prime p with 2L-1 < p < 2L
where L= 512 to 1024 bits and is a multiple of 64
such that q is a 160 bit prime divisor of (p-1)
 choose g = h(p-1)/q
where 1<h<p-1 and h(p-1)/q mod p > 1
 users choose private & compute public key:
 choose random private key: x<q
 compute public key: y = gx mod p
DSA Signature Creation

 to sign a message M the sender:


 generates a random signature key k, k<q

 k must be random, be destroyed after use,

and never be reused


 then computes signature pair:
r = (gk mod p)mod q
s = [k-1(H(M)+ xr)] mod q
 sends signature (r,s) with message M
DSA Signature Verification
 having received M & signature (r,s)
 to verify a signature, recipient computes:
w = s-1 mod q
u1= [H(M)w ]mod q
u2= (rw)mod q
v = [(gu1 yu2)mod p ]mod q
 if v=r then signature is verified
DSA OVERVIEW
EXAMPLE
 KEY Generation
 Choose a prime number q, which is called the prime divisor
 Choose another prime number p, such that p-1 mod q = 0, p
is called the prime modulus.
 Choose an integer g, such that 1 < g < p, gq mod p = 1
 g = h ((p-1)/q) mod p
 q is also called g’s multiplicative order modulo p
 choose an integer x such that 0 <x < q
 compute y as gx mod p
 public key as { p,q,g,y}
 private key as {p,q,g,x}
multiplicative order modulo p
 In number theory, given an integer A and a positive integer N with gcd( A ,
N) = 1, the multiplicative order of a modulo N is the smallest positive integer
k with A^k( mod N ) = 1. ( 0 < K < N )
 Input : A = 4 , N = 7 Output : 3 explanation :
 GCD(4, 7) = 1 A^k( mod N ) = 1 ( smallest positive integer K )
 4^1 = 4(mod 7) = 4
 4^2 = 16(mod 7) = 2
 4^3 = 64(mod 7) = 1
 4^4 = 256(mod 7) = 4
 4^5 = 1024(mod 7) = 2
 4^6 = 4096(mod 7) = 1
 smallest positive integer K = 3
Signature creation
 Generate the message digest h , using a hash algorithm
like SHA
 Generate a random number k, such that 0 < k < q
 Compute r =( gk mod p) mod q if r = 0, select a
different k
 Compute k-1 , such that k * k-1 mod q = 1, k-1 is called
the modular multiplicative inverse of k modulo q.
 Compute s = k-1 * (h +r*x) mod q , if s = 0, select a
different k.
 Therefore the digital signature as {r,s}
Signature verification
 Generate the message digest h, using the same hash
algorithm
 Compute w, such that s*w mod q = 1, w is called the
modular multiplicative inverse of s modulo q
 Compute u1 = h *w mod q
 Compute u2 = r * w mod q
 Compute v = ((( g u1) * (y u2) mod p) mod q
 If v == r , the digital signature is valid
To demonstrate the DSA digital signature
algorithm, lets try it with a smaller prime divisor q =
11 and prime modulus 23.
 The process of generating the public key and private key can be
illustrated as
 q = 11 selected prime divisor
 p = 23 computed prime modulus : (p-1) mod q = 0
 g= 4 computed 1 <g gq mod p = 1 4 11 mod 23 = 1
 and g = h ((p-1) /q mod p
 x= 7 selected 0 < x <q
 y =8 computed y = g x mod p 4 7 mod 23 = 8
 {23,11,4,8} public key {p,q,g,y}
 {23,11,4,7} private key {p,q,g,x}
With the private key {p,q,g,x}={23,11,4,7}, the process of
generating a digital signature out a message hash value of
h=3 can be illustrated as:

 h=3 the hash value of the message


 k=7 selected 0 < k < q
 r=8 computed r = (g k mod p ) mod q = (47 mod 23 ) mod 11
 k-1 = 8 computed k * k-1 mod q = 1 = 7 * k -1 mod 11 = 1
 s = 10 computed : s= k-1 * ( h + r * x) mod q = 8 * ( 3 + 8 *7 ) mod 11
 (8,10) The digital signature (r,s)
The process of verifying the digital signature {r,s} = {8,10} with the
same public key {p,q,g,y} = {23,11,4,8}

 h=3 The message digest


 w = 10 computed s * w mod q = 1 ; 10 * w mod 11 = 1
 u1 = 8 computed u1 = h * w mod q = 3 * 10 mod 11 = 8
 u2 = 3 computed us = r * w mod q = 8 * 10 mod 11 = 3
 v=8 computed v = ((( g u1) * (y u2) mod p) mod q
 v = (((48) * (83) mod 23) mod 11 = 8
 v == r verification passed.

You might also like