The Digital Signature Standard is a Federal Information Processing Standard specifying a suite of algorithms that can be used to generate digital signatures established by the U.S. National Institute of Standards and Technology in 1994

1. Information and Network Security:45
Digital Signature Standard
Prof Neeraj Bhargava
Vaibhav Khanna
Department of Computer Science
School of Engineering and Systems Sciences
Maharshi Dayanand Saraswati University Ajmer

2. Schnorr Digital Signatures
• also uses exponentiation in a finite (Galois)
• security based on discrete logarithms, as in D-H
• minimizes message dependent computation
• multiplying a 2n-bit integer with an n-bit integer
• main work can be done in idle time
• have using a prime modulus p
• p–1 has a prime factor q of appropriate size
• typically p 1024-bit and q 160-bit numbers

3. Schnorr Digital Signatures
• As with the ElGamal digital signature scheme, the Schnorr signature
scheme is based on discrete logarithms [SCHN89, SCHN91].
• The Schnorr scheme minimizes the message dependent amount of
computation required to generate a signature.
• The main work for signature generation does not depend on the message
and can be done during the idle time of the processor.
• The message dependent part of the signature generation requires
multiplying a 2n-bit integer with an n-bit integer.
• The scheme is based on using a prime modulus p, with p – 1 having a prime
factor q of appropriate size; that is p – 1 = 1 (mod q). Typically, we use p
approx 21024 and q approx 2160. Thus, p is a 1024-bit number and q is a
160-bit number, which is also the length of the SHA-1 hash value.

4. Schnorr Key Setup
• choose suitable primes p , q
• choose a such that a
q
= 1 mod p
• (a,p,q) are global parameters for all
• each user (eg. A) generates a key
• chooses a secret key (number): 0 < sA < q
• compute their public key: vA = a
-sA
mod q

5. Schnorr Key Setup
• The first part of this scheme is the generation of a private/public key
pair, which consists of the following steps:
• Choose primes p and q, such that q is a prime factor of p – 1.
• Choose an integer a such that aq = 1 mod p. The values a, p, and q
comprise a global public key that can be common to a group of users.
• Choose a random integer s with 0 < s < q. This is the user's private
key.
• Calculate v = a–s mod p. This is the user's public key.

6. Schnorr Signature
• user signs message by
• choosing random r with 0<r<q and computing x = ar
mod p
• concatenate message with x and hash result to computing: e
= H(M || x)
• computing: y = (r + se) mod q
• signature is pair (e, y)
• any other user can verify the signature as follows:
• computing: x' = ayve mod p
• verifying that: e = H(M || x’)

7. Schnorr Signature
• A user with public key s and private key v generates a signature as
follows:
• Choose a random integer r with 0 < r < q and compute x = ar mod p.
This is independent of any message M, hence can be pre-computed.
• Concatenate message with x and hash result to compute: e = H(M ||
x)
• Compute y = (r + se) mod q. The signature consists of the pair (e, y).
• Any other user can verify the signature as follows:
• Compute x' = ayve mod p.
• Verify that e = H(M || x').

8. Digital Signature Standard (DSS)
• US Govt approved signature scheme
• designed by NIST & NSA in early 90's
• published as FIPS-186 in 1991
• revised in 1993, 1996 & then 2000
• uses the SHA hash algorithm
• DSS is the standard, DSA is the algorithm
• FIPS 186-2 (2000) includes alternative RSA & elliptic
curve signature variants
• DSA is digital signature only unlike RSA
• is a public-key technique

9. Digital Signature Standard (DSS)
• DSA is the US Govt approved signature scheme, which is designed to
provide strong signatures without allowing easy use for encryption.
• The National Institute of Standards and Technology (NIST) published
Federal Information Processing Standard FIPS 186, known as the Digital
Signature Standard (DSS).
• The DSS was originally proposed in 1991 and revised in 1993 in response to
public feedback concerning the security of the scheme. There was a further
minor revision in 1996.
• In 2000, an expanded version of the standard was issued as FIPS 186-2.
• This latest version also incorporates digital signature algorithms based on
RSA and on elliptic curve cryptography.

10. DSS vs RSA Signatures

11. DSS vs RSA Signatures
• In the RSA approach, the message to be signed is input to a hash function
that produces a secure hash code of fixed length.
• This hash code is then encrypted using the sender's private key to form the
signature.
• Both the message and the signature are then transmitted. The recipient
takes the message and produces a hash code.
• The recipient also decrypts the signature using the sender's public key.
• If the calculated hash code matches the decrypted signature, the signature
is accepted as valid.
• Because only the sender knows the private key, only the sender could have
produced a valid signature.

12. DSS vs RSA Signatures
• The DSS approach also makes use of a hash function.
• The hash code is provided as input to a signature function along with a
random number k generated for this particular signature.
• The signature function also depends on the sender's private key (PR a) and
a set of parameters known to a group of communicating principals.
• We can consider this set to constitute a global public key (PUG).
• The result is a signature consisting of two components, labeled s and r.
• At the receiving end, the hash code of the incoming message is generated.

13. DSS vs RSA Signatures
• This plus the signature is input to a verification function. The
verification function also depends on the global public key as well as
the sender's public key (PUa), which is paired with the sender's
private key.
• The output of the verification function is a value that is equal to the
signature component r if the signature is valid. The signature function
is such that only the sender, with knowledge of the private key, could
have produced the valid signature.

14. Assignment
• Explain Digital Signature Standard (DSS)