Bishop: Chapter 10 Key Management: Digital Signature
Topics <ul><li>Key exchange </li></ul><ul><ul><li>Session vs interchange keys </li></ul></ul><ul><ul><li>Classical vs publ...
Digital Signature <ul><li>Construct that authenticated origin and contents of message in a manner provable to a disinteres...
Common Error <ul><li>Classical: Alice, Bob share key  k </li></ul><ul><ul><li>Alice sends  m  || {  m  } k  to Bob </li></...
Classical Digital Signatures <ul><li>Require trusted third party </li></ul><ul><ul><li>Alice, Bob each share keys with tru...
Public Key Digital Signatures <ul><li>Alice’s keys are  d Alice ,  e Alice </li></ul><ul><li>Alice sends Bob </li></ul><ul...
RSA Digital Signatures <ul><li>Use private key to encipher message </li></ul><ul><ul><li>Protocol for use is  critical </l...
Attack #1 <ul><li>Example: Alice, Bob communicating </li></ul><ul><ul><li>n A  = 95,  e A  = 59,  d A  = 11 </li></ul></ul...
Attack #2: Bob’s Revenge <ul><li>Bob, Alice agree to sign contract 06 </li></ul><ul><li>Alice enciphers, then signs: </li>...
El Gamal Digital Signature <ul><li>Relies on discrete log problem </li></ul><ul><li>Choose  p  prime,  g ,  d  <  p ; comp...
Example <ul><li>Alice chooses  p  = 29,  g  = 3,  d  = 6 </li></ul><ul><ul><li>y  = 3 6  mod 29 = 4 </li></ul></ul><ul><li...
Attack <ul><li>Eve learns  k , corresponding message  m , and signature ( a ,  b ) </li></ul><ul><ul><li>Extended Euclidea...
Key Points of Ch. 10 (Bishop) <ul><li>Key  management  critical to effective use of cryptosystems </li></ul><ul><ul><li>Di...
Next <ul><li>Bishop, Chapter 11:  </li></ul><ul><ul><li>Cipher techniques </li></ul></ul>
Upcoming SlideShare
Loading in...5
×

Key Digital Signatures

483

Published on

1 Comment
0 Likes
Statistics
Notes
  • SAI DIGITAL SIGNATURES, BANGALORE will offers you Digital Signature Certificate (DSC) as Licensed Registration Authority (LRA), of (n) code solutions, MTNL and Safe Script for distribution of Digital Signature Certificate. The (n) code solutions, ( Certifying Authority Services being provided by GNFC, a Government of India Undertaking ) is licensed Certified Authority authorized by Controller of Certifying Authority (CCA), Government of India, to issue various types of Digital Signature Certificates (DSC).
    We process:
    Class 2, Class 3A,Class 3B, Class 3C type of digital signature
    If you have class 2 digital signature you needn’t have to submit hard copy of tax return and using class 2 digital signature one can use it for forming Limited liability partnership, private limited company and for MCA purpose…..
    More details check the url http://www.bangaloredigitalsignature.com/
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total Views
483
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
16
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

Key Digital Signatures

  1. 1. Bishop: Chapter 10 Key Management: Digital Signature
  2. 2. Topics <ul><li>Key exchange </li></ul><ul><ul><li>Session vs interchange keys </li></ul></ul><ul><ul><li>Classical vs public key methods </li></ul></ul><ul><ul><li>Key generation </li></ul></ul><ul><li>Cryptographic key infrastructure </li></ul><ul><ul><li>Certificates </li></ul></ul><ul><li>Key storage </li></ul><ul><ul><li>Key escrow </li></ul></ul><ul><ul><li>Key revocation </li></ul></ul><ul><li>Digital signatures </li></ul>
  3. 3. Digital Signature <ul><li>Construct that authenticated origin and contents of message in a manner provable to a disinterested third party (“judge”) </li></ul><ul><li>Sender cannot deny having sent message (service is “ nonrepudiation ”) </li></ul><ul><ul><li>Limited to technical proofs </li></ul></ul><ul><ul><ul><li>Inability to deny one’s cryptographic key was used to sign </li></ul></ul></ul><ul><ul><li>One could claim the cryptographic key was stolen or compromised </li></ul></ul><ul><ul><ul><li>Legal proofs, etc., probably required; not dealt with here </li></ul></ul></ul>
  4. 4. Common Error <ul><li>Classical: Alice, Bob share key k </li></ul><ul><ul><li>Alice sends m || { m } k to Bob </li></ul></ul><ul><li>This is a digital signature. (?) </li></ul><ul><li>WRONG!! </li></ul><ul><li>This is not a digital signature. </li></ul><ul><ul><li>Why? Third party cannot determine whether Alice or Bob generated the message. </li></ul></ul>
  5. 5. Classical Digital Signatures <ul><li>Require trusted third party </li></ul><ul><ul><li>Alice, Bob each share keys with trusted party Cathy </li></ul></ul><ul><li>To resolve dispute, judge gets { m } k Alice , { m } k Bob , and has Cathy decipher them; if messages matched, contract was signed. </li></ul><ul><li>Question: Otherwise, who had cheated? </li></ul>Alice Bob Bob Cathy Cathy Bob { m } k Alice { m } k Alice { m } k Bob
  6. 6. Public Key Digital Signatures <ul><li>Alice’s keys are d Alice , e Alice </li></ul><ul><li>Alice sends Bob </li></ul><ul><ul><li>m || { m } d Alice </li></ul></ul><ul><li>In case of dispute, judge computes </li></ul><ul><ul><li>{ { m } d Alice } e Alice </li></ul></ul><ul><li>and if it is m , Alice signed message </li></ul><ul><ul><li>She’s the only one who knows d Alice ! </li></ul></ul>
  7. 7. RSA Digital Signatures <ul><li>Use private key to encipher message </li></ul><ul><ul><li>Protocol for use is critical </li></ul></ul><ul><li>Key points: </li></ul><ul><ul><li>Never sign random documents, and when signing, always sign hash and never document </li></ul></ul><ul><ul><ul><li>Mathematical properties can be turned against signer </li></ul></ul></ul><ul><ul><li>Sign message first, then encipher </li></ul></ul><ul><ul><ul><li>Changing public keys causes forgery </li></ul></ul></ul>
  8. 8. Attack #1 <ul><li>Example: Alice, Bob communicating </li></ul><ul><ul><li>n A = 95, e A = 59, d A = 11 </li></ul></ul><ul><ul><li>n B = 77, e B = 53, d B = 17 </li></ul></ul><ul><li>26 contracts, numbered 00 to 25 </li></ul><ul><ul><li>Alice has Bob sign 05 and 17: </li></ul></ul><ul><ul><ul><li>c = m d B mod n B = 05 17 mod 77 = 3 </li></ul></ul></ul><ul><ul><ul><li>c = m d B mod n B = 17 17 mod 77 = 19 </li></ul></ul></ul><ul><ul><li>Alice computes 05  17 mod 77 = 08; corresponding signature is 03  19 mod 77 = 57; claims Bob signed 08 </li></ul></ul><ul><ul><li>Judge computes c e B mod n B = 57 53 mod 77 = 08 </li></ul></ul><ul><ul><ul><li>Signature validated; Bob is toast </li></ul></ul></ul>
  9. 9. Attack #2: Bob’s Revenge <ul><li>Bob, Alice agree to sign contract 06 </li></ul><ul><li>Alice enciphers, then signs: </li></ul><ul><ul><li>( m e B mod 77) d A mod n A = (06 53 mod 77) 11 mod 95 = 63 </li></ul></ul><ul><li>Bob now changes his public key </li></ul><ul><ul><li>Computes r such that 13 r mod 77 = 6; say, r = 59 </li></ul></ul><ul><ul><li>Computes r e B mod  ( n B ) = 59  53 mod 60 = 7 </li></ul></ul><ul><ul><li>Replace public key e B with 7, private key d B = 43 </li></ul></ul><ul><li>Bob claims contract was 13. Judge computes: </li></ul><ul><ul><li>(63 59 mod 95) 43 mod 77 = 13 </li></ul></ul><ul><ul><li>Verified; now Alice is toast </li></ul></ul>
  10. 10. El Gamal Digital Signature <ul><li>Relies on discrete log problem </li></ul><ul><li>Choose p prime, g , d < p ; compute y = g d mod p </li></ul><ul><li>Public key: ( y , g , p ); private key: d </li></ul><ul><li>To sign contract m: </li></ul><ul><ul><li>Choose k relatively prime to p –1, and not yet used (Note: 0 < k < p-1) </li></ul></ul><ul><ul><li>Compute a = g k mod p </li></ul></ul><ul><ul><li>Find b such that m = ( da + kb ) mod p –1 </li></ul></ul><ul><ul><li>Signature is ( a , b ) </li></ul></ul><ul><li>To validate, check that </li></ul><ul><ul><li>y a a b mod p = g m mod p </li></ul></ul>
  11. 11. Example <ul><li>Alice chooses p = 29, g = 3, d = 6 </li></ul><ul><ul><li>y = 3 6 mod 29 = 4 </li></ul></ul><ul><li>Alice wants to send Bob signed contract 23 </li></ul><ul><ul><li>Chooses k = 5 (relatively prime to 28 and 0<k<28) </li></ul></ul><ul><ul><li>This gives a = g k mod p = 3 5 mod 29 = 11 </li></ul></ul><ul><ul><li>Then solving 23 = (6  11 + 5 b ) mod 28 gives b = 25 </li></ul></ul><ul><ul><li>Alice sends message 23 and signature (11, 25) </li></ul></ul><ul><li>Bob verifies signature: g m mod p = 3 23 mod 29 = 8 and y a a b mod p = 4 11 11 25 mod 29 = 8 </li></ul><ul><ul><li>They match, so Alice signed </li></ul></ul>
  12. 12. Attack <ul><li>Eve learns k , corresponding message m , and signature ( a , b ) </li></ul><ul><ul><li>Extended Euclidean Algorithm gives d , the private key </li></ul></ul><ul><li>Example from above: Eve learned Alice signed last message with k = 5 </li></ul><ul><ul><li>m = ( da + kb ) mod p –1 = (11 d + 5  25) mod 28 </li></ul></ul><ul><ul><li>so Alice’s private key is d = 6 </li></ul></ul>
  13. 13. Key Points of Ch. 10 (Bishop) <ul><li>Key management critical to effective use of cryptosystems </li></ul><ul><ul><li>Different levels of keys (session vs . interchange) </li></ul></ul><ul><li>Keys need infrastructure to identify holders, allow revoking </li></ul><ul><ul><li>Digital certificates </li></ul></ul><ul><ul><li>Key escrowing complicates infrastructure </li></ul></ul><ul><li>Digital signatures provide integrity of origin and content </li></ul><ul><ul><li>Much easier with public key cryptosystems than with classical cryptosystems </li></ul></ul>
  14. 14. Next <ul><li>Bishop, Chapter 11: </li></ul><ul><ul><li>Cipher techniques </li></ul></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×