CRYPTOGRAPHY

UNIT V
Q1. Digital Signature
Digital signatures are the public-key primitives of message authentication. In the physical
world, it is common to use handwritten signatures on handwritten or typed messages. They are
used to bind signatory to the message.

Similarly, a digital signature is a technique that binds a person/entity to the digital data.

Digital signature is a cryptographic value that is calculated from the data and a secret key
known only by the signer.

The digital signature is analogous to the handwritten signature. It must have the following
properties:

 It must verify the author and the date and time of the signature.

 It must to authenticate the contents at the time of the signature.

 It must be verifiable by third parties, to resolve disputes.

Model of Digital Signature

1
 Encryption/decryption and signing/verifying are different. The private key used for
signing is referred to as the signature key and the public key as the verification key.

 Signer feeds data to the hash function and generates hash of data.

 Hash value and signature key are then fed to the signature algorithm which produces the
digital signature on given hash. Signature is appended to the data and then both are sent to
the verifier.

 Verifier feeds the digital signature and the verification key into the verification algorithm.
The verification algorithm gives some value as output.

 Verifier also runs same hash function on received data to generate hash value.

 For verification, this hash value and output of verification algorithm are compared. Based on
the comparison result, verifier decides whether the digital signature is valid.

 Since digital signature is created by ‘private’ key of signer and no one else can have this key;
the signer cannot repudiate signing the data in future.

Q2. Authentication protocol

Mutual Authentication

An important application area is that of mutual authentication protocols. Such protocols

enable communicating parties to satisfy themselves mutually about each other's identity and to
exchange session keys.

Central to the problem of authenticated key exchange are two issues: confidentiality and
timeliness. To prevent masquerade and to prevent compromise of session keys, essential
identification and session key information must be communicated in encrypted form. The second
issue, timeliness, is important because of the threat of message replays.

The following examples of replay attacks:

● Simple replay: The opponent simply copies a message and replays it later.
● Repetition that can be logged: An opponent can replay a timestamped message within the
valid time window.
● Repetition that cannot be detected: This situation could arise because the original message
could have been suppressed and thus did not arrive at its destination; only the replay message
arrives.
One approach to coping with replay attacks is to attach a sequence number to each message
used in an authentication exchange. Instead, one of the following two general approaches is used:

2
1.Timestamps: Party A accepts a message as fresh only if the message contains a timestamp that,
in A's judgment, is close enough to A's knowledge of current time. This approach requires that
clocks among the various participants be synchronized.

2. Challenge/response: Party A, expecting a fresh message from B, first sends B a nonce

(challenge) and requires that the subsequent message (response) received from B contain the
correct nonce value.

One-Way Authentication

One application for which encryption is growing in popularity is electronic mail (e-mail).
The very nature of electronic mail, and its chief benefit, is that it is not necessary for the sender
and receiver to be online at the same time. Instead, the e-mail message is forwarded to the
receiver's electronic mailbox, where it is buffered until the receiver is available to read it.

The "envelope" or header of the e-mail message must be in the clear, so that the message
can be handled by the store-and-forward e-mail protocol, such as the Simple Mail Transfer
Protocol (SMTP) orX.400. However, it is often desirable that the mail-handling protocol not
require access to the plaintext form of the message, because that would require trusting the mail-
handling mechanism. Accordingly,
the e-mail message should be encrypted such that the mail-handling system is not in possession
of the decryption key.
A second requirement is that of authentication. Typically, the recipient wants some
assurance that the message is from the alleged sender.

Q3 .Secure Hash Algorithm

Hash Algorithm (SHA) was developed in 1993 by the National Institute of Standards and
Technology (NIST) and National Security Agency (NSA).

Security Hash Algorithm (SHA) was developed in 1993 by the National Institute of
Standards and Technology (NIST) and National Security Agency (NSA).It was designed as the
algorithm to be used for secure hashing in the US Digital Signature Standard.

• Hashing function is one of the most commonly used encryption methods. A hash is a special
mathematical function that performs one-way encryption.

• SHA-l is a revised version of SHA designed by NIST and was published as a Federal
Information Processing Standard (FIPS).

3
• Like MD5, SHA-l processes input data in 512-bit blocks.

• SHA-l generates a 160-bit message digest. Whereas MD5 generated message digest of 128 bits.

• The procedure is used to send a non secret but signed message from sender to receiver. In such
a case following steps are followed:

1. Sender feeds a plaintext message into SHA-l algorithm and obtains a 160-bit SHA-l hash.

2. Sender then signs the hash with his RSA private key and sends both the plaintext message and
the signed hash to the receiver.

3. After receiving the message, the receiver computes the SHA-l hash himself and also applies
the sender's public key to the signed hash to obtain the original hash H.

Fig Working Model Secure Hash Algorithm-l (SHA-1)

Q4 .Digital Signature Standard

The National Institute of Standards and Technology (NIST) has published Federal
Information Processing Standard FIPS 186, known as the Digital Signature Standard (DSS). The
DSS makes use of the Secure Hash Algorithm (SHA) described in Chapter 12 and presents a new
digital signature technique, the Digital Signature Algorithm (DSA).

The DSS Approach

The DSS uses an algorithm that is designed to provide only the digital signature function.
Unlike RSA, it cannot be used for encryption or key exchange. Nevertheless, it is a public-key
technique. Figure 13.1 contrasts the DSS approach for generating digital signatures to that used
with RSA.
In the RSA approach, the message to be signed is input to a hash function that produces
a secure hash code of fixed length. This hash code is then encrypted using the sender's private
key to form the signature. Both the message and the signature are then transmitted. The recipient

4
takes the message and produces a hash code. The recipient also decrypts the signature using the
sender's public key. If the calculated hash code matches the decrypted signature, the signature is
accepted as valid. Because only the sender knows the private key, only the sender could have
produced a valid signature.

The Digital Signature Algorithm (DSA)

Global Public-Key Components

P prime number where 2L- 1 < p < 2L for 512 <= L <= 1024 and L a multiple of 64;
i.e., bit length of between 512 and 1024 bits in increments of 64 bits
q prime divisor of (p 1), where 2159 < q < 2160; i.e., bit length of 160 bits
(p- 1)/q
g=h mod p, where h is any integer with 1 < h < (p - 1) such that h(p- 1)/q
mod p > 1
User's Private Key
x random or pseudorandom integer with 0 < x < q
User's Public Key
y = gx mod p
User's Per-Message Secret Number
k =random integer with 0 < k < q
Signing
r = (gk mod p) mod q
s = [k-1 (H(M) + xr)] mod q
Signature = (r, s)
Verifying
w = (s')-1 mod q
u1 = [H(M')w] mod q
u2 =(r')w mod q
v = [(gu1 yu 2) mod p] mod q
TEST: v = r'
M = message to be signed
H(M) = hash of M using SHA-1
M', r', s' = received versions of M, r, s

5
 Unit III
Principles of Public-Key Cryptosystems (or) Public Key Cryptography
A public-key encryption scheme has six ingredients
● Plaintext: This is the readable message or data that is fed into the algorithm as input.
● Encryption algorithm: The encryption algorithm performs various transformations on the
plaintext.
● Public and private keys: This is a pair of keys that have been selected so that if one is used
for encryption, the other is used for decryption. The exact transformations performed by the
algorithm depend on the public or private key that is provided as input.
● Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and
the key. For a given message, two different keys will produce two different ciphertexts.
● Decryption algorithm: This algorithm accepts the ciphertext and the matching key and
produces the original plaintext.

6
The essential steps are the following:
1. Each user generates a pair of keys to be used for the encryption and decryption of messages.
2. Each user places one of the two keys in a public register or other accessible file. This is the
public key. The companion key is kept private. As Figure 9.1a suggests, each user maintains a
collection of public keys obtained from others.
3. If Bob wishes to send a confidential message to Alice, Bob encrypts the message using Alice's
public key.
4. When Alice receives the message, she decrypts it using her private key. No other recipient can
decrypt the message because only Alice knows Alice's private key.
With this approach, all participants have access to public keys, and private keys are generated
locally by each participant and therefore need never be distributed.
As long as a user's private key remains protected and secret, incoming communication is
secure. At any time, a system can change its private key and publish the companion public key to
replace its old public key.

Requirements for Public-Key Cryptography

The following figure shows the Public Key Cryptography Authentication

1.It is computationally easy for a party B to generate a pair (public key PUb, private key PRb).

7
2.It is computationally easy for a sender A, knowing the public key and the message to be
encrypted, M, to generate the corresponding ciphertext:
C = E(PUb, M)
3.It is computationally easy for the receiver B to decrypt the resulting ciphertext using the private
key to recover the original message:
M = D(PRb, C) = D[PRb, E(PUb, M)]
4. It is computationally infeasible for an adversary, knowing the public key, PUb, to determine
the private key, PRb.
5. It is computationally infeasible for an adversary, knowing the public key, PUb, and a
ciphertext, C, to recover the original message, M.
6.The two keys can be applied in either order:
M = D[PUb, E(PRb, M)] = D[PRb, E(PUb, M)]