Professional Documents
Culture Documents
General Model
Properties of Digital Signature
Attack Possibilities in DS
Digital Signature Standard Algorithm
EIGamal
Schnorr.
DSS
Digital Signature Properties
It must
It must verify the It must be
authenticate the
author and the verifiable by third
contents at the
date and time of parties, to
time of the
the signature resolve disputes
signature
Attacks
• C chooses a list
Known of messages Directed chosen • C may
message before message attack request
attack attempting to from A
break A’s signatures
• C only • Similar to the
• C is given signature of
knows A’s generic attack,
access to a scheme, messages
public key except that the
set of independent of that
list of messages
messages A’s public key; C depend on
to be signed is
and their then obtains previously
chosen after C
Key-only signatures from A valid obtained
knows A’s public
attack signatures for message-
key but before
the chosen signature
any signatures
messages pairs
are seen
Adaptive
chosen
Generic chosen
message
message attack
attack
Forgeries
Universal
forgery Selective Existential
forgery forgery
Total break
• C finds an
•C efficient • C forges a • C forges a
determines signing signature for signature for
A’s private algorithm that a particular at least one
key provides an message message; C
equivalent chosen by C has no control
way of over the
constructing message
signatures on
arbitrary
messages
Digital Signature Requirements
• The signature must be a bit pattern that depends on
the message being signed
• The signature must use some information unique to
the sender to prevent both forgery and denial
• It must be relatively easy to produce the digital
signature
• It must be relatively easy to recognize and verify the
digital signature
• It must be computationally infeasible to forge a digital
signature, either by constructing a new message for
an existing digital signature or by constructing a
fraudulent digital signature for a given message
• It must be practical to retain a copy of the digital
signature in storage
Direct Digital Signature
• Refers to a digital signature scheme that involves only the
communicating parties
– It is assumed that the destination knows the public key of the source
– The validity of the scheme depends on the security of the sender’s private
key
– If a sender later wishes to deny sending a particular message, the sender can
claim that the private key was lost or stolen and that someone else forged his or
her signature
– One way to thwart or at least weaken this ploy is to require every signed message
to include a timestamp and to require prompt reporting of compromised keys to a
central authority
ElGamal Digital Signature
• Scheme involves the use of the private key for
encryption and the public key for decryption
• Global elements are a prime number q and a,
which is a primitive root of q
• Use private key for encryption (signing)
• Uses public key for decryption (verification)
Elgamal digital signature
Select a prime number q and a, where a is
primitive root of q.
.
Verification at Receiver Side
Example: Choose q = 19 & a = 10.
Schnorr Digital Signature
Schnorr Digital Signature