DIGITAL SIGNATURE

 Message authentication protects two parties who exchange messages from any third party. However, it does not
protect the two parties against each other.
 A digital signature is analogous to the handwritten signature, and provides a set of security capabilities that
would be difficult to implement in any other way.
 Due to the problems associated with MAC as mentioned earlier, the Digital Signature Standard (DSS) was
developed for performing digital signatures.
 The National Institute of Standards and Technology (NIST) published the DSS standard as the Federal
Information Processing Standard (FIPS) PUB 186 in 1991, which was revised in 1993 and 1996.
 DSS makes use of the SHA-1 algorithm for calculating the message digest over an original message, and uses
the message digest to perform the digital signature.
 For this, DSS makes use of an algorithm, called Digital Signature Algorithm (DSA). Note that DSS is the
standard, and DSA is the actual algorithm.
 DSA is used only for performing digital signature over a message. It cannot be used for encryption.

 In situations where there is not complete trust between sender and receiver, something more than authentication is needed.
The most attractive solution to this problem is the digital signature.
 Properties of Digital signature:
 It must verify the author and the date and time of the signature
 It is must to authenticate the contents at the time of the signature.
 It must be verifiable by third parties, to resolve disputes ,Thus, the digital signature function includes
the authentication function.
 A variety of approaches has been proposed for the digital signature function.

 Requirements for a digital signature:

• The signature must be a bit pattern that depends on the message being signed.
• The signature must use some information unique to the sender, to prevent both forgery and denial.
•It must be relatively easy to produce the digital signature.
•It must be relatively easy to recognize and verify the digital signature.
• It must be computationally infeasible to forge a digital signature, either by constructing a new
message for an existing digital signature or by constructing a fraudulent digital signature for a given
message.
• It must be practical to retain a copy of the digital signature in storage.
 RSA and Digital Signatures

 Step 1 The sender (A) uses the SHA-1 message-digest algorithm

 Step 2 The sender (A) now encrypts the message digest with her
private key. The output of this process is called the digital signature
(DS) of A.
Contd..

 Step 3 Now the sender (A) sends the original message (M) along with the digital
signature (DS) to
the receiver (B).
Contd..

 Step 4:After the receiver (B) receives the original message (M) and the sender’s (A’s)
digital signature, B uses the same message-digest algorithm as was used by A, and
calculates its own message digest
(MD2)
Contd..

 Step 5 The receiver (B) now uses the sender’s (A’s) public key to decrypt (sometimes also called
de-sign) the digital signature. Note that A had used her private key to encrypt her message digest
(MD1) to form the digital signature. Therefore, only A’s public key can be used to decrypt it.
The output of this process is the original message digest as was calculated by A (MD1) in step 1
 RSA with Digital signature
 Step 6 B now compares the following two message digests:
● MD2, which it had calculated in step 4
● MD1, which it retrieved from A’s digital signature in step 5
If MD1 = MD2, the following facts are established:
● B accepts the original message (M) as the correct, unaltered, message from A.
● B is also assured that the message came from A, and not from someone posing as A.
 DSA
 The DSS approach also makes use of a hash function.
 The hash code is provided as input to a signature function along with a random number k generated for
this particular signature.
 The signature function also depends on the sender's private key (PRa) and a set of parameters known to
a group of communicating principals
 We can consider this set to constitute a global public key (PUG).The result is a signature consisting of
two components, labeled s and r.
 At the receiving end, the hash code of the incoming message is generated. This plus the signature is
input to a verification function.
 The verification function also depends on the global public key as well as the sender's public key
(PUa), which is paired with the sender's private key.
 The output of the verification function is a value that is equal to the signature component r if the
signature is valid.
 The signature function is such that only the sender, with knowledge of the private key, could have
produced the valid signature.
 DSA and Digital Signatures
 The DSA algorithm makes use of the following variables:
 DSA
 The first three variables, p, q and g are public in nature, and can be sent across an insecure
network freely. The private key is x, whereas the corresponding public key is y.
 (a) The sender generates a random number k, which is less than q.
(b) The sender now calculates:

The values r and s are the signatures of the sender. The sender sends these values
to the receiver.
 Contd…

The values r and s are the signatures of the sender. The sender sends these values to
the receiver.
ATTACKS ON DIGITAL SIGNATURES

 (a) Chosen-message Attack