Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.

Published byLouise Gilbert Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature."— Presentation transcript:

1 Lecture 8 Digital Signatures

2 This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature of a message is a number dependent on some secret known only to the signer, and, additionally, on the content of the message being signed. Signatures must be verifiable: if a dispute arises as to whether a party signed a document (caused by either a lying signer trying to repudiate a signature it did create, or a fraudulent claimant), an unbiased third party should be able to resolve the matter equitably, without requiring access to the signer ’ s secret information (private key).

3 Digital signatures have many applications in information security, including authentication, data integrity, and non-repudiation. One of the most significant applications of digital signatures is the certification of public keys in large networks. Certification is a means for a trusted third party (TTP) to bind the identity of a user to a public key, so that at some later time, other entities can authenticate a public key without assistance from a trusted third party.

4 The concept and utility of a digital signature was recognized several years before any practical realization was available. The first method discovered was the RSA signature scheme, which remains today one of the most practical and versatile techniques available. Subsequent research has resulted in many alternative digital signature techniques. Some offer significant advantages in terms of functionality and implementation.

5 Outline  The RSA Signature Scheme  The ElGamal Family Signature Schemes  Birthday Attacks

6 1 The RSA Signature Scheme 1.1 Description

7 1.1 Description (Continued)

8

9 1.2 Example

10 1.3 Possible Attacks on RSA Signatures 1.3.1 Integer Factorization

11 1.3.2 Multiplicative Property of RSA

12 1.3.2 Multiplicative Property of RSA (Continued)

13

14 1.4 Implementation of RSA Signatures 1.4.1 Reblocking Problem

15 1.4.1 Reblocking Problem (Continued)

16

17

18

19

20 1.4.2 Short vs. Long Messages The signature is at least as long as the message. This is a disadvantage when the message is long. To remedy the situation, a hash function is used. The signature scheme is the applied to the hash of the message, rather than to the message itself. The redundancy function R is no longer critical to the security of the signature scheme.

21 1.4.2 Short vs. Long Messages (Continued)

22 1.4.3 Performance Characteristics of Signature Generation and Verification

23 1.4.4 Parameter Selection A modulus of at least 1024 bits is recommended for signatures which require much longer lifetimes or which are critical to the overall security of a large network. It is prudent to remain aware of progress in integer factorization, and to be prepared to adjust parameters accordingly. No weaknesses in the RSA signature scheme have been reported when the public exponent e is chosen to be a small number such as 3 or 2 16 +1. It is not recommended to restrict the size of the private exponent d in order to improve the efficiency of signature generation.

24 1.4.5 System-Wide Parameters Each entity must have a distinct RSA modulus; it is insecure to use a system-wide modulus. The public exponent e can be a system-wide parameter, and is in many applications.

25 2 The ElGamal Family Signature Schemes Most of signature schemes are presented over (mod p) for some large prime p, but all of these mechanisms can be generalized to any finite cyclic group. All of the methods discussed in this part are randomized digital signature schemes. A necessary condition for the security of all of the signature schemes is that computing logarithms in (mod p) should be computationally infeasible. This condition, however, is not necessarily sufficient for the security of these schemes.

26 2.1 The Digital Signature Algorithm In August of 1991, the U.S. National Institute of Standards and Technology (NIST) proposed a digital signature algorithm (DSA). The DSA has become a U.S. Federal Information Processing Standard (FIPS 186) called the Digital Signature Standard (DSS), and is the first digital signature scheme recognized by any government. The algorithm is a variant of the ElGamal scheme.

27 2.1.1 Description

28 2.1.1 Description (Continued)

29

30

31 2.1.2 Security and Implementations of DSA

32 2.1.2 Security and Implementations of DSA (Continued)

33

34 2.2 The ElGamal Signature Scheme 2.2.1 Description

35 2.2.1 Description (Continued)

36

37 2.2.2 Example

38 2.2.3 Security of ElGamal Signatures

39 2.2.3 Security of ElGamal Signatures (Continued)

40

41

42 2.2.4 Performance Issues of ElGamal Signatures

43 2.2.4 Performance issues of ElGamal Signatures (Continued)

44 2.2.5 Variations of the ElGamal Scheme

45 2.3 The Schnorr Signature Scheme 2.3.1 Description

46 2.3.1 Description (Continued)

47 2.3.2 Example

48 2.3.3 Performance Issues

49 2.4 Message Recovery Vs Appendix

50 3 Birthday Attacks 3.1 Birthday Problems

51 3.1 Birthday Problems (Continued)

52 3.2 Birthday Attacks on Signature Schemes

53 3.3 Birthday Attacks on Discrete Logarithms

54 3.4 Meet-in-the-Middle Attacks on Double Encryption

55 3.4 Meet-in-the-Middle Attacks on Double Encryption (Continued)

56 Thank You!

Download ppt "Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature."

Similar presentations

The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Cryptography and Network Security

Cryptography and Network Security
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,

Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Chapter 7-1 Signature Schemes.

Chapter 7-1 Signature Schemes.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Introduction to Signcryption November 22, 2004. 22/11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.

Introduction to Signcryption November 22, /11/2004 Signcryption Public Key (PK) Cryptography Discovering Public Key (PK) cryptography has made.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Similar presentations

Ads by Google