Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept. 2012 Part I: Introduction to Number Theory Part II: Advanced Cryptography.

Published byEileen Gregory Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept. 2012 Part I: Introduction to Number Theory Part II: Advanced Cryptography."— Presentation transcript:

1 1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept. 2012 Part I: Introduction to Number Theory Part II: Advanced Cryptography

2 2 Hash Function  Definition A hash function accepts a variable-size message M as input and produces a fixed-size hash code H(M) Sometime called a message digest Hash Algorithm  MD5 RFC 1321 developed by Ron Rivist at MIT  Secure Hash Algorithm (SHA) FIPS PUB 180 in 1993 (NIST) 180-1 in 1995 FISP: Federal Information Processing Standard

3 3 Hash Function Plaintext M Message Digest Hash value H(M)

4 4 Requirements of Hash  H can be applied to a block of data of any size  H produces a fixed-length output  H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical  For any given code h, it is computationally infeasible to find x such that H(x)=h. This is sometimes referred to in the literature as the one-way property  For any given block x, it is computationally infeasible to find y  x with H(y)=H(x). This is sometimes referred to as weak collision resistance  It is computationally infeasible to find any pair (x,y) such that H(x)=H(y). This is sometimes referred to as strong collision resistance.

5 5 Requirements of Hash m1m1 m2m2 H(m 1 ) H(m 2 ) It is difficult to find m1 and m2 (m1  m2) such that H(m1)=H(m2)

6 6 Security of Hash Functions  For a code of length n One-way: 2 n Weak collision resistance: 2 n Strong collision resistance: 2 n/2

7 7 Properties of a Hash Function

8 8 Digital Signature  Dispute of message authentication Message authentication protects two parties who exchange messages from any third party. However, it does not protect the two parties against each other. Several forms of dispute between the two are possible

9 9 Properties  The digital signature is analogous to the handwritten signature. It must have the following properties: It must be able to verify the author and the date and time of the signature It must be able to authenticate the contents at the time of the signature The signature must be verifiable by third parties, to resolve dispute

10 10 Requirements (1/2)  The signature must be a bit pattern that depends on the message being signed  The signature must use some information unique to the sender, to prevent both forgery and denial  It must be relatively easy to produce the digital signature  It must be relatively easy to recognize and verify the digital signature

11 11 Requirements (2/2)  It must be computationally infeasible to forge a digital signature, either by constructing a new message for an existing digital signature or by constructing a fraudulent digital signature for a given message  It must be practical to retain a copy of the digital signature in storage

12 12 Digital Signature Concept SignerReceiver Signer’s Private Key Signed Document Signer’s Public Key Verify the signature

13 13 Dispute Concept SenderReceiver Dispute Signer ’ s Digital Signature Third Party Verify & Judge

14 14 RSA Digital Signature Signer Receiver Signer’s private key: d Signed Document Signer’s public key : (e,n) Verify h(M) ?= Sig e mod n =( h(M) d ) e mod n Sig=h(M) d mod n

15 15 Digital Signature Schemes  RSA  ElGamal  Rabin  DSA (DSS)  Schnorr  Others

16 16 RSA (Algorithm 10.1) m=M|I m=h(M)

17 17 Rabin (Algorithm 10.2)

18 18 ElGamal (Algorithm 10.3)

19 19 ElGamal (II)

20 20 Informal Security Argument for ElGamal Signature (1)  Warning 1

21 21 Informal Security Argument for ElGamal Signature (2)  Warning 2

22 22 Informal Security Argument for ElGamal Signature (3)  Warning 3

23 23 Prevention of Existential Forgery

24 24 Schnorr (Algorithm 10.4)

25 25 Schnorr (II)

26 26 Properties of Schnorr Signature  Working in the order-q subgroup of F q.  The signature size is much shorter than that of a signature in ElGamal. Schnorr: 2|q| ElGamal: 2|p|  Fewer operations in signature generation and verification.

27 27 DSA/DSS (Algorithm 10.5)

28 28 DSA/DSS (II)

29 29 About DSA (DSS)  In August 1991, NIST announced a new proposed digital signature scheme called the Digital Signature Standard (DSS)  The National Institute of Standards and Technology (NIST) has published Federal Information Processing Standard FIPS PUB 186, known as the Digital Signature Standard (DSS).  The DSS makes use of the Secure Hash Algorithm (SHA)  The DSS was originally proposed in 1991 and revised in 1993 in response to public feedback concerning the security of the scheme

30 30 Criticisms of DSS (1/2)  DSS cannot be used for encryption or key distribution  DSS was developed by the NSA, and there may be a trapdoor in the algorithm  DSS is slower than RSA  RSA is the ISO 9796, the international digital signature standard

31 31 Criticisms of DSS (2/2)  The DSS selection process was not public; sufficient time for analysis has not been provided  DSS may infringe on other pattern  The key size is too small

32 32 ECC Signatures  See papers

Download ppt "1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept. 2012 Part I: Introduction to Number Theory Part II: Advanced Cryptography."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Cryptography and Network Security

Cryptography and Network Security
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Information Security and Management 11

Information Security and Management 11
Introduction to Modern Cryptography Homework assignments.

Introduction to Modern Cryptography Homework assignments.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography and Network Security Chapter 11. Chapter 11 – Message Authentication and Hash Functions At cats' green on the Sunday he took the message.

Cryptography and Network Security Chapter 11. Chapter 11 – Message Authentication and Hash Functions At cats' green on the Sunday he took the message.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
Authentication & digital signature Jen-Chang Liu Adapted from lecture slides by Lawrie Brown.

Authentication & digital signature Jen-Chang Liu Adapted from lecture slides by Lawrie Brown.

Similar presentations

Ads by Google