Scribd
Upload
28 views

Digital Signatures

Digital signatures provide authentication of digital messages in a similar way to handwritten signatures. A digital signature is generated using a signing key and attached to the message. It can be verified using the corresponding verification key. Common digital signature schemes include RSA and the Digital Signature Standard (DSS). To sign long messages efficiently, a hash function is applied first to generate a message digest before signing to obtain a shorter signature. The signature verifies the integrity and origin of the message.

Uploaded by

Lidia Corciova
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
28 views

Digital Signatures

Digital signatures provide authentication of digital messages in a similar way to handwritten signatures. A digital signature is generated using a signing key and attached to the message. It can be verified using the corresponding verification key. Common digital signature schemes include RSA and the Digital Signature Standard (DSS). To sign long messages efficiently, a hash function is applied first to generate a message digest before signing to obtain a shorter signature. The signature verifies the integrity and origin of the message.

Uploaded by

Lidia Corciova
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Digital Signatures Schemes

Digital signatures are the electronic equivalent of the handwritten signatures. A digital signature is attached to the message in order to prove its origin authentication. As opposed to the ordinary signature, the digital signature depends on the corresponding message. The digital signature also depends on a secret parameter (the signing key) known only by the signer. The digital signatures must be veriable - thus, some information (the verication key) must be broadcasted in order to make the verication process possible. The formal denition of a digital signature scheme is presented next. Denition 1 A digital signature scheme is a system Sig = (P, S, K, Ms , Mv ) of non-empty nite sets, where P denotes the set of signing atomic symbols; S denotes the set of signature atomic symbols; K denotes the set of keys; Ms denotes the set of signing methods, Ms = {sigk |sigk : P S, k K}; Mv denotes the set of verication methods, D = {verk |verk : P S {0, 1}, k K} such that (k K)(x P)(y S)(verk (x, y) = 1 sigk (x) = y). As we presented above, any key k has two components: ks , for signing, also referred to as private (sub)key and kv , for verication, also referred to as public (sub)key. 1

RSA digital signature scheme verification key: kv = (N, e), where N = p q, p and q are distinct primes, and e Z ) ; (N signing key: ks = (p, q, d), where d is a positive integer such that e d 1 mod (N); signature generation: the digital signature corresponding to a signing atomic symbol x ZN is y = xd mod N; signature verification: having a pair (x, y) ZN ZN , y is the correct signature with respect to x if and only if x = y e mod N. Digital Signature Standard (DSS) signing key: ks = a, a Z ; q verification key: kv = (p, q, , ) where p is a large prime, such that p 1 has a large prime divisor q, is an element of order q, and = a mod p; signature generation: the digital signature corresponding to a signing atomic symbol x Z is the pair (, ); where q = (r
1

mod p) mod q,

= r (x + a ) mod q, where r Z is a parameter chosen by the signer; q signature verification: having a pair (x, (, )), the correctness of (, ) with respect to x can be veried by testing = (x
?
1

mod p) mod q.
1

(all the operations from exponents are performed modulo q) 2

PUBLIC FILE kv SENDER ks x


Hashing

RECEIVER kv Signing y y x
Communication Channel

y x x

Verifying x

`Valid` / `Invalid` Signature

Hashing

Figure 1: Digital signatures and hash functions Indeed, if = (r (x


1 1

mod p) mod q and = r (x + a ) mod q then


1

mod p) mod q = = = =

(x a mod p) mod q 1 ( (x+a) mod p) mod q 1 (r mod p) mod q .


1 1

By choosing p and q such that |p| = 1024 and |q| = 160, the signatures will be only 320 bits long. Hash Functions The digital signatures presented in the previous paragraph may be as long as the corresponding messages. Moreover, in case of a long message, the signing and the verication process may be very time-consuming. The idea is to sign a smaller amount of information, without compromising the security. A hash function h maps arbitrary binary strings to strings of some xed length m. Thus, before signing a long message, a hash function is applied. The result, referred to as the message digest is then signed. The combination of a digital signature scheme and hash functions is presented in Figure 1. Depending on the intended application, a hash function h : i1 Zi Zm 2 2 must satisfy certain security requirements: 3

1. Given y Zm , the problem of nding x i1 Zi such that h(x) = y 2 2 is intractable - functions that satisfy such requirements are called oneway1 (or preimage resistant); 2. Given x i1 Zi , the problem of nding x i1 Zi , x = x, such that 2 2 h(x ) = h(x) is intractable - functions that satisfy such requirements are called weak collision resistant; 3. The problem of nding a collision of h, i.e. a pair (x, x ), x, x i1 Zi , 2 x = x, such that h(x ) = h(x), is intractable - functions that satisfy such requirements are called strong collision resistant. An implicit requirement is that h(x) is easy to compute, for any x. In order to avoid the birthday attack, the size of a message digests has to be greater than 160 (bits). There is a class of keyed hash functions (also referred to as MACs (message authentication codes)). MACs can be used for message origin authentication (as a symmetric technique) and data integrity.

In general, the appellative one-way does not assume the compression property - an one-way function is a function h : X Y , such that given y Y , the problem of nding x X such that h(x) = y is intractable.

You might also like