Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.

Slides:



Advertisements
Similar presentations
The Diffie-Hellman Algorithm
Advertisements

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Cryptography and Network Security
Digital Signatures and Hash Functions. Digital Signatures.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Chapter 7-1 Signature Schemes.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
ASYMMETRIC CIPHERS.
Cryptography and Network Security Chapter 13
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
Chapter 13 Digital Signature
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
Digital Signatures Applied Handbook of Cryptography: Chapt 11
11 Digital Signature.  Efficiency  Unforgeability : only signer can generate  Not reusable : not to use for other message  Unalterable : No modification.
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Bob can sign a message using a digital signature generation algorithm
DSA (Digital Signature Algorithm) Tahani Aljehani.
1 Lect. 15 : Digital Signatures RSA, ElGamal, DSA, KCDSA, Schnorr.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Lecture 3.2: Public Key Cryptography II CS 436/636/736 Spring 2014 Nitesh Saxena.
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
Topic 22: Digital Schemes (2)
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Lecture 3.4: Public Key Cryptography IV CS 436/636/736 Spring 2013 Nitesh Saxena.
EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.
Cryptography and Network Security (CS435) Part Eight (Key Management)
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013
11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.
Prepared by Dr. Lamiaa Elshenawy
DIGITAL SIGNATURE. A digital signature is an authentication mechanism that enables the creator of a message to attach a code that acts as a signature.
Digital Signature Standard (DSS) US Govt approved signature scheme designed by NIST & NSA in early 90's published as FIPS-186 in 1991 revised in 1993,
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
DIGITAL SIGNATURE ALGORITHM. The National Institute of Standards and Technology (NIST) has published Federal Information Processing Standard FIPS 186,
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
COM 5336 Lecture 8 Digital Signatures
Security. Security Needs Computers and data are used by the authorized persons Computers and their accessories, data, and information are available to.
Cryptography and Network Security Chapter 13
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
@Yuan Xue 285: Network Security CS 285 Network Security Digital Signature Yuan Xue Fall 2012.
Overview Modern public-key cryptosystems: RSA
B. R. Chandavarkar CSE Dept., NITK Surathkal
Digital Signatures…!.
Lecture 6: Digital Signature
Chapter 13 Digital Signature
Cryptography and Network Security Chapter 13
LAB 3: Digital Signature
Presentation transcript:

Lecture 8 Digital Signatures

This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature of a message is a number dependent on some secret known only to the signer, and, additionally, on the content of the message being signed. Signatures must be verifiable: if a dispute arises as to whether a party signed a document (caused by either a lying signer trying to repudiate a signature it did create, or a fraudulent claimant), an unbiased third party should be able to resolve the matter equitably, without requiring access to the signer ’ s secret information (private key).

Digital signatures have many applications in information security, including authentication, data integrity, and non-repudiation. One of the most significant applications of digital signatures is the certification of public keys in large networks. Certification is a means for a trusted third party (TTP) to bind the identity of a user to a public key, so that at some later time, other entities can authenticate a public key without assistance from a trusted third party.

The concept and utility of a digital signature was recognized several years before any practical realization was available. The first method discovered was the RSA signature scheme, which remains today one of the most practical and versatile techniques available. Subsequent research has resulted in many alternative digital signature techniques. Some offer significant advantages in terms of functionality and implementation.

Outline  The RSA Signature Scheme  The ElGamal Family Signature Schemes  Birthday Attacks

1 The RSA Signature Scheme 1.1 Description

1.1 Description (Continued)

1.2 Example

1.3 Possible Attacks on RSA Signatures Integer Factorization

1.3.2 Multiplicative Property of RSA

1.3.2 Multiplicative Property of RSA (Continued)

1.4 Implementation of RSA Signatures Reblocking Problem

1.4.1 Reblocking Problem (Continued)

1.4.2 Short vs. Long Messages The signature is at least as long as the message. This is a disadvantage when the message is long. To remedy the situation, a hash function is used. The signature scheme is the applied to the hash of the message, rather than to the message itself. The redundancy function R is no longer critical to the security of the signature scheme.

1.4.2 Short vs. Long Messages (Continued)

1.4.3 Performance Characteristics of Signature Generation and Verification

1.4.4 Parameter Selection A modulus of at least 1024 bits is recommended for signatures which require much longer lifetimes or which are critical to the overall security of a large network. It is prudent to remain aware of progress in integer factorization, and to be prepared to adjust parameters accordingly. No weaknesses in the RSA signature scheme have been reported when the public exponent e is chosen to be a small number such as 3 or It is not recommended to restrict the size of the private exponent d in order to improve the efficiency of signature generation.

1.4.5 System-Wide Parameters Each entity must have a distinct RSA modulus; it is insecure to use a system-wide modulus. The public exponent e can be a system-wide parameter, and is in many applications.

2 The ElGamal Family Signature Schemes Most of signature schemes are presented over (mod p) for some large prime p, but all of these mechanisms can be generalized to any finite cyclic group. All of the methods discussed in this part are randomized digital signature schemes. A necessary condition for the security of all of the signature schemes is that computing logarithms in (mod p) should be computationally infeasible. This condition, however, is not necessarily sufficient for the security of these schemes.

2.1 The Digital Signature Algorithm In August of 1991, the U.S. National Institute of Standards and Technology (NIST) proposed a digital signature algorithm (DSA). The DSA has become a U.S. Federal Information Processing Standard (FIPS 186) called the Digital Signature Standard (DSS), and is the first digital signature scheme recognized by any government. The algorithm is a variant of the ElGamal scheme.

2.1.1 Description

2.1.1 Description (Continued)

2.1.2 Security and Implementations of DSA

2.1.2 Security and Implementations of DSA (Continued)

2.2 The ElGamal Signature Scheme Description

2.2.1 Description (Continued)

2.2.2 Example

2.2.3 Security of ElGamal Signatures

2.2.3 Security of ElGamal Signatures (Continued)

2.2.4 Performance Issues of ElGamal Signatures

2.2.4 Performance issues of ElGamal Signatures (Continued)

2.2.5 Variations of the ElGamal Scheme

2.3 The Schnorr Signature Scheme Description

2.3.1 Description (Continued)

2.3.2 Example

2.3.3 Performance Issues

2.4 Message Recovery Vs Appendix

3 Birthday Attacks 3.1 Birthday Problems

3.1 Birthday Problems (Continued)

3.2 Birthday Attacks on Signature Schemes

3.3 Birthday Attacks on Discrete Logarithms

3.4 Meet-in-the-Middle Attacks on Double Encryption

3.4 Meet-in-the-Middle Attacks on Double Encryption (Continued)

Thank You!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.