Professional Documents
Culture Documents
Module 3
Process
HASH FUNCTIONS
• Inclusion
• Verification Method
• Relationship
• Duplicity
ATTACKS ON DIGITAL SIGNATURE
•Key-Only Attack
•Known Message Attack
•Chosen Message Attack
PUBLIC KEY INFRASTRUCTURE
• In public key cryptography, everyone has access to everyone's public key; Public
keys are available to the public.
• PKI is a model for creating, distributing, and revoking certificates based on the
X.509.
• The Internet Engineering Task Force has created the Public Key Infrastructure
X.509(PKIX).
• The duties of a PKI include certificate issuing, private key storage, service to
other protocols, and access control.
COMPONENTS
CA
RA VA
A B
CERTIFICATION
• This is the process that ensures that the certificate information is still
valid, as it can change over time.
• Either the user can ask the CA directly about the validity-every time
its used or the CA may include a validity period in the certificate.
KEY MANAGEMENT
• RSA idea is also used for signing and verifying a message it is called RSA digital signature
scheme.
• Digital signature scheme changes the role of the private and public keys
• Private and public keys of only the sender are used not the receiver
• Sender uses her own private key to sign the document and the receiver uses the sender’s public
key to verify it.
CONTINUE…
• Step1: The sender A uses the message digest algorithm to calculate the message
digest MD1 over the original message M.
• Step 2: The sender A now encrypts the message digest with her
private key. The output of this process is called the digital signature.
RSA DSS
• Step 3: Now the sender A sends the original message M along with digital signature
DS to receiver B
• Step 4: After the receiver B receives the original message M and the sender A’s
digital signature, B uses the same message digest algorithm which was used by A
and calculate its own message digest MD2 as shown below.
• Step 5: The receiver B now uses the sender’s A’s public key to decrypt the
digital signature. Note that A had used his private key to decrypt the message
digest MD1 to form the digital signature. Therefore only A’s public key can be
used to decrypt it. The output of this process is the original message digest which
was calculated by A (MD1) in step 1.
• Step 6: B now compare the following two message digests.
1. MD2, which it had calculated in step 4
2. MD1, which is retrieved from A’s digital signature in step 5
3. If MD1 = MD2 the following facts are established:
(a) B accepts the original message (M) as the correct, unaltered message from A.
(B) B is also assured that the message came from A and not from someone else attached, posing as
A.
ELGAMAL DIGITAL SIGNATURE
• Key generation:
• Select a prime number p (1024 bit)
• Select another large prime number q ( q dividesnp-1)
• Select e1(public key) (e1=e0^(p-1)q mod p)
• Select d –private key’
• E2=e1^d mod p
CONTINUE….
• Signing:
• Choose a random number r
• Calculate S1=h(M|e1^r mod p)
• Calculate S2= r + d*S1 mod p
• Verifying Message:
• Calculate V=h(M|e1^S2 e2^-S1 mod p)
• P=2267 q=103 e0=2
• E1=e0^(p-1)/q mod p
• =2^(2267-1)/103 mod 2267
• =2^22 mod 2267=e1=354//
• D=30
• E2=e1^d mod p
• =354^30 mod 2267=e2=1206//
• Choose a random number(r)= 11
• S1=h(M|e1^r mod p)
• E1=354 e2=1206 d=30 p=2267 q=103 M=1000
• =h(1000|354^11 mod 2267)
• E1^r mod p=354^11 mod 2267=630//
• =h(1000|630)=h(1000630)
• SHA-1 =hash function
• =200=s1//
• S2= r+d*s1 mod p
• =11+(30*200) mod 2267
• =35//
• Verification:
• V=h(M|e1^s2 e2^-s1 mod p)
• V=200//
• V=S1//
PRIVATE KEY MANAGEMENT