Digital Signature Algorithm (DSA)

The Digital Signature Algorithm (DSA) is a Federal Information Processing Standard that governs digital signatures. It is used to ensure the validity and integrity of a messages, software, or digital document. The National Institute of Standards and Technology (NIST) suggested DSA in August 1991 for use in the Digital Signature Standard (DSS). In this article, we will discuss about Digital Signature and Digital Signature Algorithm.

What is Digital Signature?

Digital Signature is a verification method. It does not provide confidential communication. If you want to achieve confidentiality, both the message and the signature must be encrypted using either a secret key or a public key cryptosystem. This additional layer of security can be incorporated into a basic digital signature scheme.

Suppose we have:

• Alice is the entity that sends a message or initiates communication.
• Bob represents the recipient or receiver of the message.
• Eve represents an eavesdropper or adversary who may attempt to intercept or tamper with the communication.

In Public Key cryptography (also known as Asymmetric cryptography), the communication process is as follows:

• Alice encrypts the message using Bob's public key.
• The encrypted message reaches Bob.
• Bob decrypts the message sent by Alice using his private key.

Now, suppose when Alice sends a message to Bob, then Bob will check if the sender is authentic; to ensure that it was Alice who sent the message, not Eve. For this, Bob can ask Alice to sign the message electronically. So we can say that an electronic signature can prove that Alice is authentic and is the one sending the message. We called this type of signature a digital signature.

Method of Digital Signature

These two are standard Approaches to implement the Digital Signature:

• Rivest-Shamir-Adleman (RSA)
• Digital Signature Algorithm (DSA)

Rivest-Shamir-Adleman (RSA)

In the Rivest-Shamir-Adleman approach, the message that needs to be signed is first fed into a hash function that generates a secure hash code of fixed length. The sender private key is then used to encrypt the hash code which makes it signature. The next step involves sending both the signature and the message to the intended receiver. For validation purposes, after receiving the message, the recipient first computes its hash-code. The sender public key is applied by recipient to decrypt this already encrypted signature. In case if decrypted signature corresponds to recipient-produced hashcode, that means that signature would be considered as valid. Since only the sender has access to the private key, only they could have produced a valid signature.

You can refer the below diagram for RSA, here,

• M = Message or Plaintext
• H = Hash Function
• || = Group the plantext and hash function (hash digest)
• E = Encryption Algorithm
• D = Decryption Algorithm
• PU_a = Public key of sender
• PR_a = Private key of sender

Digital Signature Algorithm (DSA)

The DSA (Digital Signature Algorithm) approach involves using of a hash function to create a hash code, same as RSA. This hash code is combined with a randomly generated number k as an input to a signature function. The signature function depends on the sender private key (PR_a) as well as a set of parameters that are known to a group of communicating principals. This set can be considered as a global public key (PU_G). The output of the signature function is a signature with two components, s and r. When an incoming message is received, a hash code is generated for the message. This hash code is then combined with the signature and input into a verification function. The verification function depends on the global public key as well as the sender's public key (PU_a) which is paired with the sender's private key. The output of the verification function returns a value equal to the signature's component r, if the signature is valid. The signature function is designed in such a way that only the sender, with knowledge of the private key, can produce a valid signature.

You can refer below diagram for DSA, where,

• M = Message or Plaintext
• H = Hash Function
• || = Group the plantext and hash function (hash digest)
• E = Encryption Algorithm
• D = Decryption Algorithm
• PU_a = Public key of sender
• PR_a = Private key of sender
• Sig = Signature function
• Ver = Verification function
• PU_G = Global public Key

Primary Termologies

• User Private Key (PR): A secret cryptographic key only possessed by the user, used to sign messages. It's used to verify digital signatures created with a corresponding private key.
• User Public Key (PU): A publicly known key that can be shared with anyone, used for signature verification. As it is, the private key must be kept secret and secure because it proves that a given user is genuine.
• Signing (Sig): Signing involves creating a digital signature with the help of a user's private key. In case of DSA, this process requires mathematical operations to be performed on the message that should be signed using a given private key in order to generate a unique signature for that message.
• Verifying (Ver): Verifying is the process of verifying whether or not a digital signature has been forged using its corresponding public key. In DSA, this involves comparing the messages hash against the verification value through mathematical operations between two binary strings – one representing an encrypted data and another one representing plain-text original message.

Steps to Perform DSA

The Digital Signature Algorithm (DSA) is a public-key technique (i.e., assymetric cryptography) and it is used to provide only the digital signature function, and it cannot be used for encryption or key exchange.

1. Global Public-Key Components

There are three parameters that are public and can be shared to a set of users.

• A prime number p is chosen with a length between 512 and 1024 bits such that q divides (p - 1). So, p is prime number where 2^L-1 < p <2^L for 512<= L<=1024 and L is a multiple of 64; i.e., bit length of between 512 and 1024 bits in increments of 64 bits.
• Next, an N-bit prime number q is selected. So, q is prime divisor of (p - 1), where 2^N-1 < q < 2^N i.e., bit length of N bits.
• Finally, g is selected to be of the form h(p-1)/q mod p, where h is an integer between 1 and (p - 1) with the limitation that g must be greater than 1. So, g is = h(p - 1)/q mod p, where h is any integer with 1 < h < (p - 1) such that h^(p-1)/q mod p > 1.

If a user has these numbers, then it can selects a private key and generates a public key.

2. User Private Key

The private key x should be chosen randomly or pseudorandomly and it must be a number from 1 to (q - 1), so x is random or pseudorandom integer with 0 < x < q.

3. User Public Key

The public key is computed from the private key as y = g^x mod p. The computation of y given x is simple. But, given the public key y, it is believed to be computationally infeasible to choose x, which is the discrete logarithm of y to the base g, mod p.

4. Signing

If a user want to develop a signature, a user needs to calculates two quantities, r and s, that are functions of the public key components (p, q, g), the hash code of the message H(M, the user’s private key (x), and an integer k that must be generated randomly or pseudorandomly and be unique for each signing. k is generated randomly or pseudorandomly integer such that 0<k < q.

5. Verification

Let M, r′, and s′ be the received versions of M, r, and s, respectively.

Verification is performed using the formulas shown in below:

• w = (s′)^-1 mod q
• u1 = [H(M′)w] mod q
• u2 = (r′)w mod q
• v = [(gu1 yu2) mod p] mod q

The receiver needs to generate a quantity v that is a function of the public key components, the sender’s public key, and the hash code of the message. If this value matches the r value of the signature, then the signature is considered as valid.

TEST: v = r′

Now, at the end it will test on the value r, and it does not depend on the message or plaintext as, r is the function of k and the three global public-key components as mentioned above. The multiplicative inverse of k (mod q) when passed to the function that also has as inputs the message hash code and the user’s private key. The structure of this function is such that the receiver can recover r using the incoming message and signature, the public key of the user, and the global public key.

It is given that there is difficulty in taking discrete logarithms, it is not feasible for an attacker to recover k from r or to recover x from s. The only computationally demanding task in signature generation is the exponential calculation g^k mod p. Because this value does not depend on the message to be signed, it can be computed ahead of time. Indeed, a user could precalculate a number of values of r to be used to sign documents as needed. The only other somewhat demanding task is the determination of a multiplicative inverse, k^-1 .

Services Provided By DSA

• Message Authentication: A secure digital signature scheme, like a secure conventional signature (one that cannot be easily copied) can provide message authentication (also referred to as data-origin authentication). Bob can easily confirm that the plaintext/message is sent by Alice as Alice’s public key is used for verification and the Alice’s public key woult not verify the signature signed by Eve’s private key. Hence, A digital signature provides message authentication.

• Message Integrity: When we sign a whole message, its integrity remains intact because if the message changes, we won't get the same signature. Nowadays, digital signature methods use a special function called a hash function in both signing and verifying to ensure the message's integrity.

• Nonrepudiation: If Alice signs a message and later claims she didn't, can Bob provide evidence that she did? For example, if Alice instructs a bank (Bob) to transfer $10,000 to Ted's account and then denies sending the message, Bob needs to keep the signed message and use Alice's public key to recreate it. However, this approach may not work if Alice changes her keys or disputes the authenticity of the file. A solution is involving a trusted third party. This trusted party can authenticate messages and prevent Alice from denying them. In this setup, Alice sends her message along with her identity, Bob's identity, and her signature to the trusted center. The center verifies the message's authenticity and timestamps it before creating its own signature. This process ensures that if Alice denies sending the message later, the center can provide evidence to settle the dispute. Encryption can also be added for confidentiality. Thus, nonrepudiation is achievable through a trusted party.

Advantages of DSA

• Authentication: At some point, digital signatures ensure strong identity authentication for the sender. The recipient can be sure that the message or document was signed by the purported signatory.
• Integrity: Digital signatures ensure the integrity of the content. If something is altered in the content after the signature is made, then it becomes invalid with respect to verifying the content.
• Non-Repudiation: A digital signature gives non-repudiation, meaning the sender cannot disclaim his creation of that document post factum. Most relevant in legal and contractual issues.
• Efficiency: Digital signatures make the process of signing electronic and automate it, giving way to fast online transactions free from the need of manual verification, paperwork, and a physical signature.
• Security: As long as the whole digital signing process is well organized, digital signatures may prove to be secure. Cryptographic public key cryptography and hashing algorithms prevent unauthorized parties from forging digital signatures.
• World Acceptance: Such a mechanism (digital signatures) to represent the conclusion of the related transaction in case of legal or contractual terms is known and widely accepted all over the world.
• Timestamping: Timestamping would also make another secure layer against replay attacks and against the freshness of the signature.
• Cost Savings: The digital signing process discontinues the need for transporting documents, thereby saving on costs to be done with printing, courier services, and manual handling.

Disadvantages of DSA

• Key Management Complexity: Cryptographic keys that are used for signing documents must be properly managed. Generating, storing, and distributing keys in a secure manner are all complicated procedures that need to be attended to, and revocation has to be handled carefully.
• Infrastructure Dependence: Digital signatures are built on a secure and reliable infrastructure of Public Key Infrastructure (PKI) and Certificate Authorities. If the infrastructure is compromised or becomes unavailable, it may compromise trust in digital signatures.
• Legal and Regulatory Challenges: Although many people are increasingly using digital signatures, there might still be legal and regulatory challenges in some places. It will be very important to observe local laws and standards.
• Initial Setup Costs: A proper setup of an extensive digital signature system may include the cost of obtaining certificates for digital certificates, putting in place safety measures, and training of the users.
• Offline Usability: In the event of not having access to the signer's private key, digital signatures are found to be challenged. Solutions of hardware tokens and secure elements add to the complexity.
• User Education: Education of the proper application and value of digital signatures is necessary in order that the users should be educated in use. The correct measures to be taken against vulnerability, as well as being aware of any possible threat, are important in successful implementation.
• Vulnerability to Key Compromise: Private keys need to be safeguarded from unauthorized access since one compromised private key can initiate fraudulent signatures.

Conclusion

The Digital Signature Algorithm (DSA) is a reliable and standardised mechanism for digital signatures that ensures message authenticity, integrity, and non-repudiation. While DSA provides various benefits such as increased security, global adoption, and cost savings, it also has drawbacks such as key management complexity and reliance on infrastructure. Understanding and overcoming these constraints is critical for effectively using DSA to secure digital communications.