computer security lecture 7 ch.13 digital signatures prepared by dr. lamiaa elshenawy
TRANSCRIPT
Computer Security
Lecture 7Ch.13
Digital SignaturesPrepared by Dr. Lamiaa Elshenawy
Digital Signatures
• Digital Signatures Properties Attacks and Forgeries Digital Signature Requirements Direct Digital Signature
• ElGamal Digital Signature Scheme• Schnorr Digital Signature Scheme• Digital Signature Standard The DSS Approach The Digital Signature Algorithm
Digital SignaturesKey Points
• Digital signature authentication mechanism that enables the creator of a message to attach a code that acts as a signature.
• Digital signature standard (DSS) NIST standard secure hash algorithm (SHA)
Encryption AlgorithmH(M)
Private Key
Digital Signature
Digital SignaturesKey Points
Most important development of public-key cryptography
Digital Signature
Digital SignaturesGeneric Model
Digital SignaturesEssential Elements
Digital SignaturesProperties
Message Authentication
Digital SignaturesProperties
Digital SignaturesAttacks and Forgeries
A C
Digital SignaturesAttacks and Forgeries
• Key-only attack: C A’s public key• Known message attack: C set of
messages and their signatures.• Generic chosen message attack: C list of
messages independent of A’s public key• Directed chosen message attack: C list
of messages dependent of A’s public key signatures seen
know
access
choose
choose
before
Digital SignaturesAttacks and Forgeries
• Total break: C A’s private key• Universal forgery: C efficient signing
algorithm that provides an equivalent way of constructing signatures on arbitrary messages
• Selective forgery: C signature for chosen message
• Existential forgery: C signature for at least one message. C control over the message
determine
find
forges
forges
no
Digital SignaturesRequirements
• Signature bit pattern signed message
• Signature information unique to the sender forgery and denial• Easy digital signature• Easy digital signature• Easy copy of digital signature in storage
• Infeasible computation digital signature
depends
use
prevent
produce
recognize & verify
forge
retain
Digital SignaturesDirect Digital Signature
Source Destination
Digital SignaturesSchemes
• ElGamal Digital Signature Scheme “Taher AlGamal (1985)”• Schnorr Digital Signature Scheme “Claus Peter Schnorr (1991-2008)”• Digital Signature Standard (DSS)
Digital SignaturesElGamal Scheme
Let q is prime number & α is a primitive root of q
Generate the private/ public keys
Sign the message
Digital SignaturesElGamal Scheme
Verify the message
If V1=V2
No
Yes
Valid
Not valid
Digital SignaturesElGamal Scheme
Let q=19; Primitive roots of q= {2, 3, 10, 13, 14, 15};
α=10
Generate the private/ public keys
Alice wants to sign a messageLet m=4
Digital SignaturesElGamal Scheme
Verify the message
Digital SignaturesElGamal Scheme
Example• We consider q = 467; α = 2; XA = 127
• Now YA is calculated: YA = αXA mod p = 2127 mod 467 = 132• So the Alice’s pair of keys is (127) , (467,2,132)• We take m= 100 and K = 213 for the signature of this message• Here we notice that (213, 466)= 1• Calculate 213-1 mod 466 = 431• Having these parameters, we can start to calculate the signature of Alice on the message
M, which is represented by the pair (S1,S2)
• S1= αK mod q = 2213 mod 467 = 29
• S2= K-1 [m−(XA S1)] mod q = 431(100-127 x 29) mod 466 = 51
• Verification step:• αm mod q = (YA ) S1
(S1) S2 mod q• 2100 ≡ 189 (mod 467)• 13229 x 2951 ≡ 189 (mod 467) • The verification confirms that the signature is valid.
Digital SignaturesSchnorr Scheme
Generate the private/ public keys
Sign the message
Digital SignaturesSchnorr Scheme
Verify the message
Digital SignaturesSchnorr Scheme
1. Choose p = 23, q = 11, where 11 is a prime factor of 22 = 23-1.2. Choose a such that a11 = 1 mod 23. Let a = 2, since 211 = 2048 = 1
mod 23.3. Choose a random integer s, 0 < s < q. Let s= 9, since 9<11.4. Generate a public key by calculating ν, where ν = 29 mod 23 =6
Generate the private/ public keys
User’s Public key: ν = 6 User’s Private key: s = 9
Digital SignaturesSchnorr Scheme
Sign the message
1. Customer chooses r = 3 < 11, and computes x = 23 mod = 8 Customer sends x = 8 to merchant
2. Merchant sends e=5 to customer3. Customer calculates y = (3+9x5) mod 11 = 48 mod 11 = 4, and
returns y = 4 to the merchant. The signature (e , y)
1. Merchant calculates x’ ν e mod p = 8 x 6 5 mod 23 = 62208 mod 23 = 16
2. Merchant also calculates a y mod p = 2 4 = 16 These are the same so the merchant accepts that the customer
knows x
Verify the message
Digital SignaturesDigital Signature Standard (DSS)
• NIST Federal Information Processing Standard (FIPS 186)-DSS
• DSS Secure Hash Algorithm (SHA) new Digital Signature Algorithm (DSA)DSS (1991) (1993,1996)DSS (2000) (FIPS 186-2)DSS (2009) (FIPS 186-3)
published
use
presented
proposed revised
expand-version
updated
presented
presented
Digital SignaturesDigital Signature Standard (DSS)
random number
verify
Digital SignaturesDigital Signature Algorithm (DSA)
Digital SignaturesDigital Signature Algorithm (DSA)
Let p, q, g are public to all• p= 18x71+1=1279 prime number• q= 71 (prime divisor of (p-1))• g= 318 mod 1279=1157• Let x= 15, k=10• y=115715 mod 71=851• User’s private key:{x=15}• User’s public key: {y=851}
Digital SignaturesDigital Signature Algorithm (DSA)
Signing• r =(1157 10 mod 1279) mod 71 = 32• s =[10 -1 (123+15x32)] mod 71=39• m=123, Signature={32,39} Verifying• W=39-1 mod 71= 51• u1=123 x 51 mod 71=25
• u2=32 x 51 mod 71=70• ν = [(115725 85170) mod 1279] mod 71=32• Test: ν=r the signature is valid
Digital SignaturesDigital Signature Algorithm (DSA)
Thank you for your attention