DIGITAL SIGNATURE

A digital signature is an authentication mechanism that enables the creator of a message to attach a code that acts as a signature The signature is formed by taking the hash of the message and encrypting the message with the creator's private key In situations where there is not complete trust between sender and receiver, something more than authentication is needed. The most attractive solution to this problem is the digital signature

PROPERTIES OF DS It must verify the author and the date and time of the signature. It must to authenticate the contents at the time of the signature. It must be verifiable by third parties, to resolve disputes.

REQUIREMENTS OF DS The signature must be a bit pattern that depends on the message being signed. The signature must use some information unique to the sender, to prevent both forgery and denial. It must be relatively easy to produce the digital signature. It must be relatively easy to recognize and verify the digital signature. It must be computationally infeasible to forge a digital signature, either by constructing a new message for an existing digital signature or by constructing a fraudulent digital signature for a given message. It must be practical to retain a copy of the digital signature in storage.

EXAMPLE SCENARIO

DS TYPES Direct Digital Signature It involves only the communicating parties (source, destination). It is assumed that the destination knows the public key of the source. A digital signature may be formed by encrypting the entire message with the sender's private key or by encrypting a hash code of the message with the sender's private key

DS TYPES Arbitrated Digital Signature Every signed message from a sender X to a receiver Y goes first to an arbiter A, who subjects the message and its signature to a number of tests to check its origin and content. The message is then dated and sent to Y with an indication that it has been verified to the satisfaction of the arbiter.

ARBITER EXAMPLE (1) X  A: M||E(Kxa, [IDX||H(M)]) (2) A  Y: E(Kay, [IDX||M||E(Kxa, [IDX||H(M)])||T]) (a) Conventional Encryption, Arbiter Sees Message (1) X  A: IDX ||E( Kxy, M )||E( Kxa, [ IDX ||H(E( Kxy, M ))]) (2) A  Y: E( Kay,[ IDX ||E( Kxy, M )])||E( Kxa, [ IDX ||H(E( Kxy, M ))|| T ]) (b) Conventional Encryption, Arbiter Does Not See Message (1) X  A: IDX ||E( PRx, [ IDX ||E( PUy, E( PRx, M ))]) (2) A  Y: E( PRa, [ IDX ||E( PUy, E( PRx, M ))|| T ]) (c) Public-Key Encryption, Arbiter Does Not See Message

ELGAMAL DIGITAL SIGNATURE Choose Prime number q and α, which is a primitive root of q. User Generates Private/Public key pair by, 1. Generate a random integer X A, such that 1< X A < q Compute. Y A = α X A mod q 3. A’s private key is X A ; A’s pubic key is {α,q,Y A }

ELGAMAL DIGITAL SIGNATURE To sign a message M, user A first computes the hash m=H(M) i.e. m is integer value in the range 0≤m≤q-1 A Computes DS as follows, 1.Choose a random integer K such that 1 ≤ K ≤ q -1 And K is relatively prime to q-1 2. Compute S 1 =α K mod q. Note that this is the same as the computation of C1. 3. Compute K -1 mod q-1.That is, compute the inverse of K modulo q-1 4.Compute S 2 = K -1 (m - X A S1)mod (q - 1) 5. The signature consists of the pair.(S 1,S 2 )

ELGAMAL DIGITAL SIGNATURE Any user B can verify the signature as follows. 1. Compute V 1 =α m mod q 2.Compute V 2 =(YA) S1 (S 1 ) S2 mod q Signature is valid if V1=V2 Example Choose q=19, it’s primitive roots are {2,3,10,13,14,15} Choose prime integer α=10

EXAMPLE q=19 and α=10 Alice chooses X A =16 Y A = α XA mod q = mod 19 = 4 Alice’s private key is 16 ; Alice’s pubic key is {19,10,4} Suppose Alice wants to sign a message with hash value m= Alice chooses K=5, which is relatively prime to S1 = α K mod q = 10 5 mod 19 = 3 3. K -1 mod q-1 = 5 -1 mod 18 = S 2 = K -1 ( m - X A S 1 )mod ( q - 1) = 11 (14 - (16)(3))mod 18 = mod 18 = 4

Bob can verify the signature as follows. V 1 = α m mod q = mod 19 = 16 V2 = (Y A ) S1 (S1) S2 mod q = (4 3 )(3 4 )mod mod 19 = 16 V1=V2 is a valid signature

RSA DS RSA encryption and decryption are commutative, hence it may be used directly as a digital signature scheme given an RSA scheme {(e,R), (d,p,q)} to sign a message, compute: S= M d (mod R) to verify a signature, compute: M = S e (mod R) = M e.d (mod R) = M(mod R) thus know the message was signed by the owner of the public key

RSA would seem obvious that a message may be encrypted, then signed using RSA without increasing it size but have blocking problem, since it is encrypted using the receivers modulus, but signed using the senders modulus (which may be smaller) several approaches possible to overcome this more commonly use a hash function to create separate MDC which is then signed