SlideShare a Scribd company logo

chap13-digitalsignature.pdf

S
Shilpachaudhari10

The document provides an overview of digital signatures and several digital signature schemes, including Elgamal, Schnorr, NIST DSA, and RSA-PSS. It describes the key properties and requirements of digital signatures. It then explains the technical details and signature generation/verification processes for each scheme. For Elgamal, it covers key generation, signature formation, and verification. For Schnorr, it outlines the key generation, signature generation steps, and verification step. It also discusses the design and processes of NIST DSA and RSA-PSS digital signature algorithms in multiple sections.

Education
1 of 32
Download to read offline
CH 13 DIGITAL SIGNATURE Cryptography and Network Security HanJung Mason Yun 1
Index 13.1 Digital Signatures 13.2 Elgamal Digital Signature Scheme 13.3 Schnorr Digital Signature Scheme 13.4 NIST Digital Signature Algorithm 13.6 RSA-PSS Digital Signature Algorithm 2
13.1 Digital Signature - Properties • It must verify the author and the date and time of the signature. • It must authenticate the contents at the time of the signature. • It must be verifiable by third parties, to resolve disputes. • The digital signature function includes authentication. 3
4
5
Attacks and Forgeries • Key-Only attack • Known message attack • Generic chosen message attack • Directed chosen message attack • Adaptive chosen message attack 6
Attacks and Forgeries • Total break • Universal forgery • Selective forgery • Existential forgery 7
Digital Signature Requirements • It must be a bit pattern that depends on the message. • It must use some information unique to the sender to prevent both forgery and denial. • It must be relatively easy to produce the digital signature. • It must be relatively easy to recognize and verify the digital signature. • It must be computationally infeasible to forge a digital signature, either by constructing a new message for an existing digital signature or by constructing a fraudulent digital signature for a given message. • It must be practical to retain a copy of the digital signature in storage. 8
Direct Digital Signature • Digital signature scheme that involves only the communication parties. • It must authenticate the contents at the time of the signature. • It must be verifiable by third parties, to resolve disputes. • Thus, the digital signature function includes the authentication function. 9
13.2 Elgamal Digital Signature Scheme(1) • Elgamal signature is designed to enable encryption by user`s private key, and decryption by the user`s public key. • First, there are prime number q and its primitive root 𝑎. • Key generation • Generate a random integer 𝑋𝐴, such that 1< 𝑋𝐴 < q - 1. • Compute 𝑌 𝐴= 𝑎𝑋𝐴 mod q. • A’s private key is 𝑋𝐴; A’s pubic key is {q, 𝑎, 𝑌𝐴}. 10
Elgamal Digital Signature Scheme(2) • Digital signature forms • m = H(M), • Choose a random integer K such that 1 ≤ K ≤ q - 1 and gcd(K, q - 1) = 1.That is, K is relatively prime to q - 1. • Compute S1 = 𝑎𝐾 mod q. Note that this is the same as the computation of C1 for Elgamal encryption. • Compute 𝐾−1 𝑚𝑜𝑑(𝑞 − 1). That is, compute the inverse of K modulo q - 1. • Compute S2 = 𝐾−1 𝑚 − 𝑋𝐴𝑆1 𝑚𝑜𝑑 (𝑞 − 1). • The signature consists of the pair (𝑆1, 𝑆2). • Any user B can verify the signature as • Compute 𝑉1 = 𝑎𝑚 mod q. • Compute 𝑉2 = 𝑌 𝐴 𝑆1 𝑆1 𝑆2 𝑚𝑜𝑑 𝑞. • The signature is valid if V1 = V2 11
Elgamal Digital Signature Scheme(3) • If the equality is true • 𝑎𝑚 𝑚𝑜𝑑 𝑞 = 𝑌 𝐴 𝑆1 𝑆1 𝑆2 𝑚𝑜𝑑 𝑞 assume V1= 𝑉2 • 𝑎𝑚 𝑚𝑜𝑑 𝑞 = 𝑎𝑋𝐴𝑆1𝑎𝐾𝑆2 𝑚𝑜𝑑 𝑞 substituting for 𝑌 𝐴and 𝑆1 • 𝑎𝑚−𝑋𝐴𝑆1 𝑚𝑜𝑑 𝑞 = 𝑎𝐾𝑆2 𝑚𝑜𝑑 𝑞 rearranging terms • 𝑚 − 𝑋𝐴𝑆1 = 𝐾𝑆2 𝑚𝑜𝑑 (𝑞 − 1) property of primitive roots • 𝑚 − 𝑋𝐴𝑆1 = 𝐾𝐾−1 𝑚 − 𝑋𝐴𝑆1 𝑚𝑜𝑑 (𝑞 − 1) substituting for 𝑆2 12
13.3 Schnorr Digital Signature Scheme • Minimize the message-dependent computation. • Key generation steps • Choose primes p and q, such as q is a prime factor of p-1 • p is 1024 bit , q is 160bit num(as SHA-1) • Choose an integer a, such that 𝑎𝑞 = 1 𝑚𝑜𝑑 𝑝. the values 𝑎, 𝑝 𝑎𝑛𝑑 𝑞 comprise a global public key that can be common to a group of user • Choose a random integer s with 0 < s < q. this is the user`s private key • Calculate 𝑣 = 𝑎−𝑠 𝑚𝑜𝑑 𝑝. this is the user public key. • a,p,q : global public key • s: user`s private key • v: user`s public key 13
Schnorr Digital Signature Scheme(2) • Signature generation steps • Choose a random integer r with 0<r<q and compute x = 𝑎𝑟𝑚𝑜𝑑 𝑝. this computation is a preprocessing state independent of the message M to be signed • Concatenate the message with x and hash the result to compute the value e: e = H(M||x) • Compute 𝑦 = 𝑟 + 𝑠𝑒 𝑚𝑜𝑑𝑞 the signature consists of the pair (e.y). • Signature verification step • Compute 𝑥` = 𝑎𝑦𝑣𝑒 𝑚𝑜𝑑 𝑝. • Verify that e = H(M||x`) • To see the verification works, observe that • 𝑥` ≡ 𝑎𝑦𝑣𝑒 = 𝑎𝑦𝑎−𝑠𝑒 = 𝑎𝑦−𝑠𝑒 = 𝑎𝑟 = 𝑥 𝑚𝑜𝑑 𝑝 • Hence, H(M||x`) = H(M||x). 14
13.4 NIST Digital Signature Algorithm(DSA) • DSA is designed to provide only the digital signature by the National Institute of Standards and Technology. • DSA is a public key technique. • It is FIPS 186 proposed in 1991 and revised in 1993 • In 2000, an expended version was issued as FIPS 186-2 • In 2009, FIPS 186-3 is proposed based on RSA and elliptic curve cryptography. 15
NIST Digital Signature Algorithm(2) 16
NIST Digital Signature Algorithm(3) • DSA is based on the difficulty of computing DLP • Also it is based on the Elgamal and Schnorr scheme. • It`s main processes are independent on Message. 17
NIST Digital Signature Algorithm(3) 18
NIST Digital Signature Algorithm(5) 19
13.6 RSA-PSS Digital Signature Algorithm • RSA Probabilistic Signature Scheme (RSA-PSS), which is the latest of the RSA schemes and the one that RSA Laboratories recommends as the most secure of the RSA schemes. • RSA-based schemes differ mainly in the padding format, and in how the verification operation determines that the hash and message representative are consistent • Before PSS, there was not been possible to develop mathematical proof that scheme is secure as RSA encryption/decryption. 20
RSA-PSS Digital Signature Algorithm(2) • Mask Generation Function (MGF) is used as a building fixed length output. • MGF(X,maskLen): bit string X in any length, desired length L in octets of the ouput. • Typically based on hash function as SHA-1 • In RSA-PSS, MGF 1 is used with the parameters: Option Hash: hash function with output hLen octets Input X: octet string to be masked maskLen: length in octets of mask Output mask: an octet string of length maskLen 21
RSA-PSS Digital Signature Algorithm(3) • MGF1 is defined as follows: • Initialize variables T = empty string K = [maskLen / hLen ] -1 • Calculate intermediate values For counter = 0 to k Represent counter as a 32-bit string C T = T || Hash(X || C) • Output results Mask = the leading maskLen octets of T 22
RSA-PSS Digital Signature Algorithm(4) • If maskLen = hLen, the output is the hash of the X concatenated with 32-bit counter value of 0. • If maskLen is bigger than hLen, MGF1 iterate by hashing X concatenated with the counter and appeding that to the current string T. • output : Hash(X||0)||Hash(X||1)||…||Hash(X||K) • This is repeated until T is greater or equal with maskLen, at which point the output is the first maskLen octets of T 23
RSA-PSS Digital Signature Algorithm(5) The Signing Operation • Message Encoding: generating encoded message(EM) • Options Hash: hash function with output hLen octets. the SHA-1 produces a 20-octet hash value. MGF: mask generation function, MGF1 sLen: length in octests of the salt. Typycally sLen = hLen, now its 20 octets. • Input M: message to be encoded for signing emBits: this value is one less than the length in bits of the RSA modulus n • Output EM: encoded message, 24
RSA-PSS Digital Signature Algorithm(6) Parameters • emLen • length of EM in octets = [emBits/8] • Padding1 • hexadecimal string 00 * 8; that is a string of 64 zero bits. • Padding2 • hexadecimal string of 00 octets with a length(emLen – sLen – hLen -2) octets, followed by hexadecimal octet with value 01 • Salt • A pseudorandom number • bc • The hexadecimal value BC 25
RSA-PSS Digital Signature Algorithm(7) The encoding process 1. Generate the hash value of M: mHash = Hash(M’) 2. Generate a pseudorandom octet string salt and form block M’ padding1 || mHash || salt 3. Generate the hash value of M’: H = Hash(M’) 4. Form data block DB=padding2||salt 5. Calculate the MGF value of H: dbMask=MGF(H,emLen- hLen-1) 6. Calculate maskedDB = DB 𝑑𝑏𝑀𝑎𝑠𝑘 7. Set the leftmost 8emLen-emBits bits of the leftmost octet in masked DB to 0 8. EM = masked DB || H || bc 26
RSA-PSS Digital Signature Algorithm(8) • Forming the Signature • Private key {d, n}, public key {e, n} • Treat the octet string EM as an unsigned, nonnegative binary integer m. the signature s is formed by encrypting octet string S of length k octets. • 𝑠 = 𝑚𝑑 𝑚𝑜𝑑 𝑛 • Let k be the length in octets of the RSA modulus n. • If key size is 2048bits, then k = 2048/8=256. • Then convert the signature value s into the octet string S of length k octets. 27
28
RSA-PSS Digital Signature Algorithm(9) Signature verification • Decryption • The message digest m is recovered by decrypting s m = 𝑠𝑒 𝑚𝑜𝑑 𝑛 • Then, convert m to EM of length emLen = [modBits - 1)/8]octets, where modBits is the length in bits of the modulus n. 29
RSA-PSS Digital Signature Algorithm(9) EM Verification 1. Geneerate the hash value of M: mHash = Hash(M) 2. If emLen < hLen + sLen + 2, output “inconsistent” and stop 3. If the rightmost octet of EM does not have hexadecimal value BC, output “inconsistent” and stop 4. Let maskedDB be the leftmost emLen - hLen - 1 octets of EM, and let H be the next hLen octets 5. If the leftmost 8emLen - emBits bits of the leftmost octet in maskedDB are not all equal to zero, output “inconsistent” and stop 6. Calculate dbMask = MGF (H, emLen - hLen - 1) 30
RSA-PSS Digital Signature Algorithm(9) 7. Calculate DB = maskedDB dbMsk 8. Set the leftmost 8emLen − emBits bits of the leftmost octet in DB to zero 9. If the leftmost (emLen - hLen - sLen - 1) octets of DB are not equal to padding2,output “inconsistent” and stop 10. Let salt be the last sLen octets of DB 11. Form block M’ = padding1 || mHash ||salt 12. Generate the hash value of M’: H’ = Hash(M’) 13. If H = H’, output “consistent.” Otherwise, output “inconsistent” 31
32

Recommended

Information and network security 46 digital signature algorithm
Information and network security 46 digital signature algorithmInformation and network security 46 digital signature algorithm
Information and network security 46 digital signature algorithm
Vaibhav Khanna
 
RSA
RSARSA
RSA
bansidhar11
 
3 Basics of Cryptography Basics of Cryptography
3 Basics of Cryptography Basics of Cryptography3 Basics of Cryptography Basics of Cryptography
3 Basics of Cryptography Basics of Cryptography
MohammedMorhafJaely
 
Digital Communication: Channel Coding
Digital Communication: Channel CodingDigital Communication: Channel Coding
Digital Communication: Channel Coding
Dr. Sanjay M. Gulhane
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101
n|u - The Open Security Community
 
Cryptography-101
Cryptography-101Cryptography-101
Cryptography-101Vishal Punjabi
 
Cryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSACryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSA
aritraranjan
 
Final ss2-digital-signature-group5
Final ss2-digital-signature-group5Final ss2-digital-signature-group5
Final ss2-digital-signature-group5
Phan Minh
 

Recommended

Information and network security 46 digital signature algorithm
Information and network security 46 digital signature algorithmInformation and network security 46 digital signature algorithm
Information and network security 46 digital signature algorithm
Vaibhav Khanna
 
RSA
RSARSA
RSA
bansidhar11
 
3 Basics of Cryptography Basics of Cryptography
3 Basics of Cryptography Basics of Cryptography3 Basics of Cryptography Basics of Cryptography
3 Basics of Cryptography Basics of Cryptography
MohammedMorhafJaely
 
Digital Communication: Channel Coding
Digital Communication: Channel CodingDigital Communication: Channel Coding
Digital Communication: Channel Coding
Dr. Sanjay M. Gulhane
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101
n|u - The Open Security Community
 
Cryptography-101
Cryptography-101Cryptography-101
Cryptography-101Vishal Punjabi
 
Cryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSACryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSA
aritraranjan
 
Final ss2-digital-signature-group5
Final ss2-digital-signature-group5Final ss2-digital-signature-group5
Final ss2-digital-signature-group5
Phan Minh
 
Information and network security 45 digital signature standard
Information and network security 45 digital signature standardInformation and network security 45 digital signature standard
Information and network security 45 digital signature standard
Vaibhav Khanna
 
Post quantum cryptography - thesis
Post quantum cryptography - thesisPost quantum cryptography - thesis
Post quantum cryptography - thesis
Samy Shehata
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
DefCamp
 
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxUnit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
VishwanathMahalle
 
project ppt on anti counterfeiting technique for credit card transaction system
project ppt on anti counterfeiting technique for credit card transaction systemproject ppt on anti counterfeiting technique for credit card transaction system
project ppt on anti counterfeiting technique for credit card transaction system
Rekha dudiya
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
SurendraBasnet6
 
Cryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptxCryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptx
RobertCarreonBula
 
6.hash mac
6.hash mac6.hash mac
6.hash mac
Virendrakumar Dhotre
 
New ppt.ppt
New ppt.pptNew ppt.ppt
New ppt.ppt
ssuser4030a8
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptographySuresh Thammishetty
 
Cryptography using rsa cryptosystem
Cryptography using rsa cryptosystemCryptography using rsa cryptosystem
Cryptography using rsa cryptosystem
Samdish Arora
 
Ch9
Ch9Ch9
Ch9
Mahender Kumar
 
Information and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipherInformation and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipher
Mazin Alwaaly
 
Rsa
RsaRsa
Rsamagentie
 
Cryptography101
Cryptography101Cryptography101
Cryptography101NCC Group
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmac
anuragjagetiya
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
LDPC Encoding
LDPC EncodingLDPC Encoding
LDPC Encoding
Bhagwat Singh Rathore
 
Digital signature
Digital signatureDigital signature
Digital signature
Nisha Menon K
 
Keccak
KeccakKeccak
Keccak
Rajeev Verma
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 

More Related Content

Similar to chap13-digitalsignature.pdf

Information and network security 45 digital signature standard
Information and network security 45 digital signature standardInformation and network security 45 digital signature standard
Information and network security 45 digital signature standard
Vaibhav Khanna
 
Post quantum cryptography - thesis
Post quantum cryptography - thesisPost quantum cryptography - thesis
Post quantum cryptography - thesis
Samy Shehata
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
DefCamp
 
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxUnit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
VishwanathMahalle
 
project ppt on anti counterfeiting technique for credit card transaction system
project ppt on anti counterfeiting technique for credit card transaction systemproject ppt on anti counterfeiting technique for credit card transaction system
project ppt on anti counterfeiting technique for credit card transaction system
Rekha dudiya
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
SurendraBasnet6
 
Cryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptxCryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptx
RobertCarreonBula
 
6.hash mac
6.hash mac6.hash mac
6.hash mac
Virendrakumar Dhotre
 
New ppt.ppt
New ppt.pptNew ppt.ppt
New ppt.ppt
ssuser4030a8
 
Cryptography using rsa cryptosystem
Cryptography using rsa cryptosystemCryptography using rsa cryptosystem
Cryptography using rsa cryptosystem
Samdish Arora
 
Ch9
Ch9Ch9
Ch9
Mahender Kumar
 
Information and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipherInformation and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipher
Mazin Alwaaly
 
Cryptography101
Cryptography101Cryptography101
Cryptography101NCC Group
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmac
anuragjagetiya
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
LDPC Encoding
LDPC EncodingLDPC Encoding
LDPC Encoding
Bhagwat Singh Rathore
 
Digital signature
Digital signatureDigital signature
Digital signature
Nisha Menon K
 
Keccak
KeccakKeccak
Keccak
Rajeev Verma
 

Similar to chap13-digitalsignature.pdf (20)

Information and network security 45 digital signature standard
Information and network security 45 digital signature standardInformation and network security 45 digital signature standard
Information and network security 45 digital signature standard
 
Post quantum cryptography - thesis
Post quantum cryptography - thesisPost quantum cryptography - thesis
Post quantum cryptography - thesis
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
 
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxUnit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
 
project ppt on anti counterfeiting technique for credit card transaction system
project ppt on anti counterfeiting technique for credit card transaction systemproject ppt on anti counterfeiting technique for credit card transaction system
project ppt on anti counterfeiting technique for credit card transaction system
 
Cryptography Key Management.pptx
Cryptography Key Management.pptxCryptography Key Management.pptx
Cryptography Key Management.pptx
 
Cryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptxCryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptx
 
6.hash mac
6.hash mac6.hash mac
6.hash mac
 
New ppt.ppt
New ppt.pptNew ppt.ppt
New ppt.ppt
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
 
Cryptography using rsa cryptosystem
Cryptography using rsa cryptosystemCryptography using rsa cryptosystem
Cryptography using rsa cryptosystem
 
Ch9
Ch9Ch9
Ch9
 
Information and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipherInformation and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipher
 
Rsa
RsaRsa
Rsa
 
Cryptography101
Cryptography101Cryptography101
Cryptography101
 
Distribution of public keys and hmac
Distribution of public keys and hmacDistribution of public keys and hmac
Distribution of public keys and hmac
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
LDPC Encoding
LDPC EncodingLDPC Encoding
LDPC Encoding
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Keccak
KeccakKeccak
Keccak
 

Recently uploaded

Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
Steve Thomason
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
joachimlavalley1
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
PedroFerreira53928
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
kaushalkr1407
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
Atul Kumar Singh
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
GeoBlogs
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
Jheel Barad
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
Vivekanand Anglo Vedic Academy
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
RaedMohamed3
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
Fish and Chips - have they had their chips
Fish and Chips - have they had their chipsFish and Chips - have they had their chips
Fish and Chips - have they had their chips
GeoBlogs
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
beazzy04
 

Recently uploaded (20)

Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
PART A. Introduction to Costumer Service
PART A. Introduction to Costumer ServicePART A. Introduction to Costumer Service
PART A. Introduction to Costumer Service
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......Ethnobotany and Ethnopharmacology ......
Ethnobotany and Ethnopharmacology ......
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Fish and Chips - have they had their chips
Fish and Chips - have they had their chipsFish and Chips - have they had their chips
Fish and Chips - have they had their chips
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
 

chap13-digitalsignature.pdf

  • 1. CH 13 DIGITAL SIGNATURE Cryptography and Network Security HanJung Mason Yun 1
  • 2. Index 13.1 Digital Signatures 13.2 Elgamal Digital Signature Scheme 13.3 Schnorr Digital Signature Scheme 13.4 NIST Digital Signature Algorithm 13.6 RSA-PSS Digital Signature Algorithm 2
  • 3. 13.1 Digital Signature - Properties • It must verify the author and the date and time of the signature. • It must authenticate the contents at the time of the signature. • It must be verifiable by third parties, to resolve disputes. • The digital signature function includes authentication. 3
  • 4. 4
  • 5. 5
  • 6. Attacks and Forgeries • Key-Only attack • Known message attack • Generic chosen message attack • Directed chosen message attack • Adaptive chosen message attack 6
  • 7. Attacks and Forgeries • Total break • Universal forgery • Selective forgery • Existential forgery 7
  • 8. Digital Signature Requirements • It must be a bit pattern that depends on the message. • It must use some information unique to the sender to prevent both forgery and denial. • It must be relatively easy to produce the digital signature. • It must be relatively easy to recognize and verify the digital signature. • It must be computationally infeasible to forge a digital signature, either by constructing a new message for an existing digital signature or by constructing a fraudulent digital signature for a given message. • It must be practical to retain a copy of the digital signature in storage. 8
  • 9. Direct Digital Signature • Digital signature scheme that involves only the communication parties. • It must authenticate the contents at the time of the signature. • It must be verifiable by third parties, to resolve disputes. • Thus, the digital signature function includes the authentication function. 9
  • 10. 13.2 Elgamal Digital Signature Scheme(1) • Elgamal signature is designed to enable encryption by user`s private key, and decryption by the user`s public key. • First, there are prime number q and its primitive root 𝑎. • Key generation • Generate a random integer 𝑋𝐴, such that 1< 𝑋𝐴 < q - 1. • Compute 𝑌 𝐴= 𝑎𝑋𝐴 mod q. • A’s private key is 𝑋𝐴; A’s pubic key is {q, 𝑎, 𝑌𝐴}. 10
  • 11. Elgamal Digital Signature Scheme(2) • Digital signature forms • m = H(M), • Choose a random integer K such that 1 ≤ K ≤ q - 1 and gcd(K, q - 1) = 1.That is, K is relatively prime to q - 1. • Compute S1 = 𝑎𝐾 mod q. Note that this is the same as the computation of C1 for Elgamal encryption. • Compute 𝐾−1 𝑚𝑜𝑑(𝑞 − 1). That is, compute the inverse of K modulo q - 1. • Compute S2 = 𝐾−1 𝑚 − 𝑋𝐴𝑆1 𝑚𝑜𝑑 (𝑞 − 1). • The signature consists of the pair (𝑆1, 𝑆2). • Any user B can verify the signature as • Compute 𝑉1 = 𝑎𝑚 mod q. • Compute 𝑉2 = 𝑌 𝐴 𝑆1 𝑆1 𝑆2 𝑚𝑜𝑑 𝑞. • The signature is valid if V1 = V2 11
  • 12. Elgamal Digital Signature Scheme(3) • If the equality is true • 𝑎𝑚 𝑚𝑜𝑑 𝑞 = 𝑌 𝐴 𝑆1 𝑆1 𝑆2 𝑚𝑜𝑑 𝑞 assume V1= 𝑉2 • 𝑎𝑚 𝑚𝑜𝑑 𝑞 = 𝑎𝑋𝐴𝑆1𝑎𝐾𝑆2 𝑚𝑜𝑑 𝑞 substituting for 𝑌 𝐴and 𝑆1 • 𝑎𝑚−𝑋𝐴𝑆1 𝑚𝑜𝑑 𝑞 = 𝑎𝐾𝑆2 𝑚𝑜𝑑 𝑞 rearranging terms • 𝑚 − 𝑋𝐴𝑆1 = 𝐾𝑆2 𝑚𝑜𝑑 (𝑞 − 1) property of primitive roots • 𝑚 − 𝑋𝐴𝑆1 = 𝐾𝐾−1 𝑚 − 𝑋𝐴𝑆1 𝑚𝑜𝑑 (𝑞 − 1) substituting for 𝑆2 12
  • 13. 13.3 Schnorr Digital Signature Scheme • Minimize the message-dependent computation. • Key generation steps • Choose primes p and q, such as q is a prime factor of p-1 • p is 1024 bit , q is 160bit num(as SHA-1) • Choose an integer a, such that 𝑎𝑞 = 1 𝑚𝑜𝑑 𝑝. the values 𝑎, 𝑝 𝑎𝑛𝑑 𝑞 comprise a global public key that can be common to a group of user • Choose a random integer s with 0 < s < q. this is the user`s private key • Calculate 𝑣 = 𝑎−𝑠 𝑚𝑜𝑑 𝑝. this is the user public key. • a,p,q : global public key • s: user`s private key • v: user`s public key 13
  • 14. Schnorr Digital Signature Scheme(2) • Signature generation steps • Choose a random integer r with 0<r<q and compute x = 𝑎𝑟𝑚𝑜𝑑 𝑝. this computation is a preprocessing state independent of the message M to be signed • Concatenate the message with x and hash the result to compute the value e: e = H(M||x) • Compute 𝑦 = 𝑟 + 𝑠𝑒 𝑚𝑜𝑑𝑞 the signature consists of the pair (e.y). • Signature verification step • Compute 𝑥` = 𝑎𝑦𝑣𝑒 𝑚𝑜𝑑 𝑝. • Verify that e = H(M||x`) • To see the verification works, observe that • 𝑥` ≡ 𝑎𝑦𝑣𝑒 = 𝑎𝑦𝑎−𝑠𝑒 = 𝑎𝑦−𝑠𝑒 = 𝑎𝑟 = 𝑥 𝑚𝑜𝑑 𝑝 • Hence, H(M||x`) = H(M||x). 14
  • 15. 13.4 NIST Digital Signature Algorithm(DSA) • DSA is designed to provide only the digital signature by the National Institute of Standards and Technology. • DSA is a public key technique. • It is FIPS 186 proposed in 1991 and revised in 1993 • In 2000, an expended version was issued as FIPS 186-2 • In 2009, FIPS 186-3 is proposed based on RSA and elliptic curve cryptography. 15
  • 16. NIST Digital Signature Algorithm(2) 16
  • 17. NIST Digital Signature Algorithm(3) • DSA is based on the difficulty of computing DLP • Also it is based on the Elgamal and Schnorr scheme. • It`s main processes are independent on Message. 17
  • 18. NIST Digital Signature Algorithm(3) 18
  • 19. NIST Digital Signature Algorithm(5) 19
  • 20. 13.6 RSA-PSS Digital Signature Algorithm • RSA Probabilistic Signature Scheme (RSA-PSS), which is the latest of the RSA schemes and the one that RSA Laboratories recommends as the most secure of the RSA schemes. • RSA-based schemes differ mainly in the padding format, and in how the verification operation determines that the hash and message representative are consistent • Before PSS, there was not been possible to develop mathematical proof that scheme is secure as RSA encryption/decryption. 20
  • 21. RSA-PSS Digital Signature Algorithm(2) • Mask Generation Function (MGF) is used as a building fixed length output. • MGF(X,maskLen): bit string X in any length, desired length L in octets of the ouput. • Typically based on hash function as SHA-1 • In RSA-PSS, MGF 1 is used with the parameters: Option Hash: hash function with output hLen octets Input X: octet string to be masked maskLen: length in octets of mask Output mask: an octet string of length maskLen 21
  • 22. RSA-PSS Digital Signature Algorithm(3) • MGF1 is defined as follows: • Initialize variables T = empty string K = [maskLen / hLen ] -1 • Calculate intermediate values For counter = 0 to k Represent counter as a 32-bit string C T = T || Hash(X || C) • Output results Mask = the leading maskLen octets of T 22
  • 23. RSA-PSS Digital Signature Algorithm(4) • If maskLen = hLen, the output is the hash of the X concatenated with 32-bit counter value of 0. • If maskLen is bigger than hLen, MGF1 iterate by hashing X concatenated with the counter and appeding that to the current string T. • output : Hash(X||0)||Hash(X||1)||…||Hash(X||K) • This is repeated until T is greater or equal with maskLen, at which point the output is the first maskLen octets of T 23
  • 24. RSA-PSS Digital Signature Algorithm(5) The Signing Operation • Message Encoding: generating encoded message(EM) • Options Hash: hash function with output hLen octets. the SHA-1 produces a 20-octet hash value. MGF: mask generation function, MGF1 sLen: length in octests of the salt. Typycally sLen = hLen, now its 20 octets. • Input M: message to be encoded for signing emBits: this value is one less than the length in bits of the RSA modulus n • Output EM: encoded message, 24
  • 25. RSA-PSS Digital Signature Algorithm(6) Parameters • emLen • length of EM in octets = [emBits/8] • Padding1 • hexadecimal string 00 * 8; that is a string of 64 zero bits. • Padding2 • hexadecimal string of 00 octets with a length(emLen – sLen – hLen -2) octets, followed by hexadecimal octet with value 01 • Salt • A pseudorandom number • bc • The hexadecimal value BC 25
  • 26. RSA-PSS Digital Signature Algorithm(7) The encoding process 1. Generate the hash value of M: mHash = Hash(M’) 2. Generate a pseudorandom octet string salt and form block M’ padding1 || mHash || salt 3. Generate the hash value of M’: H = Hash(M’) 4. Form data block DB=padding2||salt 5. Calculate the MGF value of H: dbMask=MGF(H,emLen- hLen-1) 6. Calculate maskedDB = DB 𝑑𝑏𝑀𝑎𝑠𝑘 7. Set the leftmost 8emLen-emBits bits of the leftmost octet in masked DB to 0 8. EM = masked DB || H || bc 26
  • 27. RSA-PSS Digital Signature Algorithm(8) • Forming the Signature • Private key {d, n}, public key {e, n} • Treat the octet string EM as an unsigned, nonnegative binary integer m. the signature s is formed by encrypting octet string S of length k octets. • 𝑠 = 𝑚𝑑 𝑚𝑜𝑑 𝑛 • Let k be the length in octets of the RSA modulus n. • If key size is 2048bits, then k = 2048/8=256. • Then convert the signature value s into the octet string S of length k octets. 27
  • 28. 28
  • 29. RSA-PSS Digital Signature Algorithm(9) Signature verification • Decryption • The message digest m is recovered by decrypting s m = 𝑠𝑒 𝑚𝑜𝑑 𝑛 • Then, convert m to EM of length emLen = [modBits - 1)/8]octets, where modBits is the length in bits of the modulus n. 29
  • 30. RSA-PSS Digital Signature Algorithm(9) EM Verification 1. Geneerate the hash value of M: mHash = Hash(M) 2. If emLen < hLen + sLen + 2, output “inconsistent” and stop 3. If the rightmost octet of EM does not have hexadecimal value BC, output “inconsistent” and stop 4. Let maskedDB be the leftmost emLen - hLen - 1 octets of EM, and let H be the next hLen octets 5. If the leftmost 8emLen - emBits bits of the leftmost octet in maskedDB are not all equal to zero, output “inconsistent” and stop 6. Calculate dbMask = MGF (H, emLen - hLen - 1) 30
  • 31. RSA-PSS Digital Signature Algorithm(9) 7. Calculate DB = maskedDB dbMsk 8. Set the leftmost 8emLen − emBits bits of the leftmost octet in DB to zero 9. If the leftmost (emLen - hLen - sLen - 1) octets of DB are not equal to padding2,output “inconsistent” and stop 10. Let salt be the last sLen octets of DB 11. Form block M’ = padding1 || mHash ||salt 12. Generate the hash value of M’: H’ = Hash(M’) 13. If H = H’, output “consistent.” Otherwise, output “inconsistent” 31
  • 32. 32