Professional Documents
Culture Documents
and Network
Security
Sixth Edition
by William Stallings
Chapter 13
Digital Signatures
“To guard against the baneful influence exerted by
strangers is therefore an elementary dictate of savage
prudence. Hence before strangers are allowed to enter a
district, or at least before they are permitted to mingle
freely with the inhabitants, certain ceremonies are often
performed by the natives of the country for the purpose
of disarming the strangers of their magical powers, or of
disinfecting, so to speak, the tainted atmosphere by
which they are supposed to be surrounded.”
—Talking to Strange Men,
Ruth Rendell
Digital Signature Properties
It must
It must verify the It must be
authenticate the
author and the verifiable by third
contents at the
date and time of parties, to resolve
time of the
the signature disputes
signature
Attacks
• C chooses a list
of messages • C may
Known Directed chosen
before request
message message attack
attempting to from A
attack
break A’s • Similar to the signatures
• C only signature of
• C is given generic attack,
knows A’s scheme, messages
public key access to a except that the
independent of that depend
set of list of messages to
A’s public key; C on
messages and be signed is
then obtains previously
their chosen after C
from A valid obtained
Key-only signatures knows A’s public
signatures for message-
attack key but before
the chosen signature
any signatures are
messages pairs
seen
Adaptive
Generic chosen chosen
message attack message attack
Forgeries
Universal
forgery Selective Existential
forgery forgery
Total break
• C finds an
• C efficient • C forges a • C forges a
determines signing signature for signature for
A’s private algorithm a particular at least one
key that provides message message; C
an equivalent chosen by C has no control
way of over the
constructing message
signatures on
arbitrary
messages
Digital Signature
Requirements
• The signature must be a bit pattern that depends on the message
being signed
• The signature must use some information unique to the sender to
prevent both forgery and denial
• It must be relatively easy to produce the digital signature
• Latest of the RSA schemes and the one that RSA Laboratories
recommends as the most secure of the RSA schemes
• For all schemes developed prior to PSS is has not been possible to
develop a mathematical proof that the signature scheme is as
secure as the underlying RSA encryption/decryption primitive
• The PSS approach was first proposed by Bellare and Rogaway