Digital Signature

(Book: Cryptography and Network

Security by Forouzan)

1 3/18/2024
Introduction
 Differences between conventional signatures
and digital signatures.
 Signature Generation
 A conventional signature is included in the
document; it is part of the document.
 But when we sign a document digitally, we send
the signature as a separate document.

2 3/18/2024
Introduction…
 Signature Verification
 For a conventional signature, when the recipient
receives a document, she compares the signature
on the document with the signature on file.
 For a digital signature, the recipient receives the
message and the signature. The recipient needs to
apply a verification technique to the combination
of the message and the signature to verify the
authenticity.

3 3/18/2024
Introduction…
 Relationship
 For a conventional signature, there is normally a one-
to-many relationship between a signature and
documents.
 For a digital signature, there is a one-to-one
relationship between a signature and a message.
 Duplicity
 In conventional signature, a copy of the signed
document can be distinguished from the original one
on file.
 In digital signature, there is no such distinction unless
there is a factor of time on the document.

4 3/18/2024
Digital Signature: Process

5 3/18/2024
Need for Keys

A digital signature needs a public-key system.

The signer signs with her private key; the verifier
verifies with the signer’s public key.

6 3/18/2024
Need for Keys…

A cryptosystem uses the private and public keys of the

receiver: a digital signature uses
the private and public keys of the sender.

7 3/18/2024
Signing the digest

8 3/18/2024
Security Services offered by digital
signature
 Message confidentiality
 Message authentication,
 Message integrity
 Nonrepudiation
 A digital signature can directly provide the last
three;
 for message confidentiality we still need
encryption/decryption.

9 3/18/2024
Message Authentication
 A secure digital signature scheme, like a secure
conventional signature can provide message
authentication.

A digital signature provides message authentication.

10 3/18/2024
Message Integrity
 The integrity of the message is preserved even
if we sign the whole message because we
cannot get the same signature if the message is
changed.

A digital signature provides message integrity.

11 3/18/2024
Nonrepudiation

Nonrepudiation can be provided using a trusted party.

12 3/18/2024
Confidentiality

A digital signature does not provide confidentiality.

If there is a need for confidentiality, another layer of
encryption/decryption must be applied.
13 3/18/2024
Attack types
 Key-Only Attack
 the attacker is only given the public verification key.
 Known-Message Attack
 the attacker is given valid signatures for a variety of
messages known by the attacker but not chosen by
the attacker.
 Chosen-Message Attack
 the attacker first learns signatures on arbitrary
messages of the attacker's choice.

14 3/18/2024
Forgery Types
 Existential Forgery
 Existential forgery is the creation (by an adversary)
of any message/signature pair (m,σ), where σ was
not produced by the legitimate signer.
 Selective Forgery
 Selective forgery is the creation (by an adversary)
of a message/signature pair (m,σ) where m has been
chosen by the adversary prior to the attack.

15 3/18/2024
 Digital Signature Schemes

16 3/18/2024
Digital Signature Schemes
 RSA Digital Signature Scheme
 Digital Signature Standard (DSS)
 Elliptic Curve Digital Signature Scheme

17 3/18/2024
RSA Digital Signature Scheme
 Key Generation
 Key generation in the RSA digital signature scheme
is exactly the same as key generation in the RSA

In the RSA digital signature scheme, d is private;

e and n are public.

18 3/18/2024
RSA Digital Signature Scheme…

19 3/18/2024
 RSA Digital Signature Scheme…
As a trivial example, suppose that Alice chooses p = 823 and q =
953, and calculates n = 784319. The value of f (n) is 782544.
Now she chooses e = 313 and calculates d = 160009. At this
point key generation is complete. Now imagine that Alice wants
to send a message with the value of M = 19070 to Bob. She uses
her private exponent, 160009, to sign the message:

Alice sends the message and the signature to Bob. Bob receives the
message and the signature. He calculates

Bob accepts the message because he has verified Alice’s signature.

20 3/18/2024
RSA Digital Signature Scheme…
 Key only attack:
 Eve has access only to Alice’s public key. Eve intercepts
the pair (M,S) and tries to create another message M’
such that it generates the same S
 Known-message attack:
 Eve intercepts two message signature pairs (M1, S1) and
(M2, S2) that have been created using same private key.
Can Eve find Signature on the message M1xM2?
 Chosen-message attack:
 What if Eve convince Alice to sign M1 and M2 chosen by
her? Is this selective forgery or existential ?

21 3/18/2024
 RSA Digital Signature Scheme…

RSA Signature on the Message Digest

22 3/18/2024
 RSA Digital Signature Scheme…

When the digest is signed instead of the message itself,

the susceptibility of the RSA digital signature scheme
depends on the strength of the hash algorithm.

Can you justify the above statement?

23 3/18/2024
RSA Digital Signature Scheme…
 Key only attack:
 Eve intercepts the pair (M,S) and tries to create another
message M’ such that it creates the same digest !!!
 Eve finds two messages M1 and M2 such that they hash to
same value !!!
 Known-message attack:
 Eve intercepts two message signature pairs (M1, S1) and (M2,
S2) that have been created using same private key. Can Eve
find Signature on the message M1xM2?
 Can Eve calculate the message M = M1xM2 and its signature
?
 Chosen-message attack:
 What if Eve convince Alice to sign M1 and M2 chosen by her?
 Can Eve calculate the message M = M1xM2 and its signature ?

24 3/18/2024
Digital Signature Standard (DSS)

31 3/18/2024
Digital Signature Standard (DSS)…
Key Generation.
1) Alice chooses primes p and q.

2) Alice uses <Zp*, × > and <Zq*, ×>.

3) Alice creates e1 to be the qth root of 1 modulo p.

4) Alice chooses d and calculates e2 = e1d.

5) Alice’s public key is (e1, e2, p, q); her private key is

(d).
32 3/18/2024
Digital Signature Standard (DSS)…

33 3/18/2024
Elliptic Curve Digital Signature
Scheme

34 3/18/2024
 Elliptic Curve Digital Signature
Scheme…
Key Generation
Key generation follows these steps:

1) Alice chooses an elliptic curve Ep(a, b).

2) Alice chooses another prime q the private key d.

3) Alice chooses e1(…, …), a point on the curve.

4) Alice calculates e2(…, …) = d × e1(…, …).

5) Alice’s public key is (a, b, p, q, e1, e2); her private key

is d.
35 3/18/2024
Elliptic Curve Digital Signature
Scheme…

36 3/18/2024
Variations
 Time Stamped Signatures
 Sometimes a signed document needs to be time
stamped to prevent it from being replayed by an
adversary. This is called time-stamped digital
signature scheme.
 Blind Signatures
 Sometimes we have a document that we want to
get signed without revealing the contents of the
document to the signer.

37 3/18/2024