introduction to digital signatures
DESCRIPTION
Talk given at Benedictine University on digital signatures and the Digital Signature Algorithm by Robert Talbert, 2 April 2008.TRANSCRIPT
![Page 1: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/1.jpg)
Introduction to digital signaturesBenedictine UniversityMATH 390: Cryptography2 April 2008
Robert Talbert, PhDAssociate Professor of Mathematics and Computing ScienceFranklin College, Franklin, IN
1
![Page 2: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/2.jpg)
Menu
2
![Page 3: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/3.jpg)
MenuThe problem of authentication
2
![Page 4: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/4.jpg)
MenuThe problem of authentication
Non-solutions to the authentication problem; the concept of the digital signature and required parameters
2
![Page 5: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/5.jpg)
MenuThe problem of authentication
Non-solutions to the authentication problem; the concept of the digital signature and required parameters
Digital signatures using public-key encryption algorithms
2
![Page 6: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/6.jpg)
MenuThe problem of authentication
Non-solutions to the authentication problem; the concept of the digital signature and required parameters
Digital signatures using public-key encryption algorithms
The Digital Signature Algorithm (DSA)
2
![Page 7: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/7.jpg)
MenuThe problem of authentication
Non-solutions to the authentication problem; the concept of the digital signature and required parameters
Digital signatures using public-key encryption algorithms
The Digital Signature Algorithm (DSA)
Further applications and issues
2
![Page 8: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/8.jpg)
PROBLEM: AUTHENTICATION
3
![Page 9: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/9.jpg)
PROBLEM: AUTHENTICATION
HOW DO WE DO THIS IF THE DOCUMENT IS DIGITAL AND
NOT PAPER?
3
![Page 10: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/10.jpg)
4
![Page 11: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/11.jpg)
HAS THIS EMAIL BEEN SIGNED?
4
![Page 12: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/12.jpg)
HAS THIS EMAIL BEEN SIGNED?
4
![Page 13: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/13.jpg)
HAS THIS EMAIL BEEN SIGNED?
4
![Page 14: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/14.jpg)
5
![Page 15: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/15.jpg)
HOW ABOUT NOW?
5
![Page 16: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/16.jpg)
6
![Page 17: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/17.jpg)
6
![Page 18: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/18.jpg)
6
![Page 19: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/19.jpg)
7
![Page 20: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/20.jpg)
7
![Page 21: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/21.jpg)
7
![Page 22: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/22.jpg)
A TRUE SIGNATURE: • IS AUTHENTIC• CANNOT BE FORGED• CANNOT BE REUSED• PROVES DOCUMENT HAS NOT BEEN ALTERED • CANNOT BE REPUDIATED
7
![Page 23: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/23.jpg)
A TRUE SIGNATURE: • IS AUTHENTIC• CANNOT BE FORGED• CANNOT BE REUSED• PROVES DOCUMENT HAS NOT BEEN ALTERED • CANNOT BE REPUDIATED
GOAL: DIGITAL SIGNATURES WHICH DO THIS FOR ELECTRONIC DOCUMENTS.
7
![Page 24: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/24.jpg)
Implementation
8
![Page 25: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/25.jpg)
Implementation
Public-key encryption “in reverse”
8
![Page 26: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/26.jpg)
Implementation
Public-key encryption “in reverse”
Specialized signature-only algorithms: the Digital Signature Algorithm
8
![Page 27: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/27.jpg)
9
![Page 28: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/28.jpg)
PUBLIC-KEY CRYPTOGRAPHY
9
![Page 29: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/29.jpg)
Alice
PUBLIC-KEY CRYPTOGRAPHY
9
![Page 30: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/30.jpg)
Alice Bob
PUBLIC-KEY CRYPTOGRAPHY
9
![Page 31: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/31.jpg)
Alice Bob
Public(e,n)
Privated
PUBLIC-KEY CRYPTOGRAPHY
9
![Page 32: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/32.jpg)
Plaintext
Dear Bob - The meeting will be at
the embassy.
Alice Bob
Public(e,n)
Privated
PUBLIC-KEY CRYPTOGRAPHY
9
![Page 33: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/33.jpg)
Plaintext
Dear Bob - The meeting will be at
the embassy.
Alice Bob
Public(e,n)
Privated
PUBLIC-KEY CRYPTOGRAPHY
9
![Page 34: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/34.jpg)
Plaintext
Dear Bob - The meeting will be at
the embassy.
Alice Bob
Enc
rypt
ion
func
tion
Public(e,n)
Privated
PUBLIC-KEY CRYPTOGRAPHY
9
![Page 35: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/35.jpg)
Plaintext
Dear Bob - The meeting will be at
the embassy.
Ciphertext
Qrne Obo - Gur zrrgvat jvyy or ng
gur rzonffl.
Alice Bob
Enc
rypt
ion
func
tion
Public(e,n)
Privated
PUBLIC-KEY CRYPTOGRAPHY
9
![Page 36: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/36.jpg)
Plaintext
Dear Bob - The meeting will be at
the embassy.
Ciphertext
Qrne Obo - Gur zrrgvat jvyy or ng
gur rzonffl.
Alice Bob
Enc
rypt
ion
func
tion
Public(e,n)
Privated
PUBLIC-KEY CRYPTOGRAPHY
9
![Page 37: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/37.jpg)
Plaintext
Dear Bob - The meeting will be at
the embassy.
Ciphertext
Qrne Obo - Gur zrrgvat jvyy or ng
gur rzonffl.
Alice Bob
Enc
rypt
ion
func
tion
Dec
rypt
ion
func
tion
Public(e,n)
Privated
PUBLIC-KEY CRYPTOGRAPHY
9
![Page 38: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/38.jpg)
Plaintext
Dear Bob - The meeting will be at
the embassy.
Ciphertext
Qrne Obo - Gur zrrgvat jvyy or ng
gur rzonffl.
Original plaintext
Dear Bob - The meeting will be at the embassy.
Alice Bob
Enc
rypt
ion
func
tion
Dec
rypt
ion
func
tion
Public(e,n)
Privated
PUBLIC-KEY CRYPTOGRAPHY
9
![Page 39: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/39.jpg)
Plaintext
Dear Bob - The meeting will be at
the embassy.
Ciphertext
Qrne Obo - Gur zrrgvat jvyy or ng
gur rzonffl.
Original plaintext
Dear Bob - The meeting will be at the embassy.
Alice Bob
Enc
rypt
ion
func
tion
Dec
rypt
ion
func
tion
Public(e,n)
Privated
No secret key is ever exchanged
Alice does not need her own key to use the system
PUBLIC-KEY CRYPTOGRAPHY
9
![Page 40: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/40.jpg)
Plaintext
Dear Bob - The meeting will be at
the embassy.
Ciphertext
Qrne Obo - Gur zrrgvat jvyy or ng
gur rzonffl.
Original plaintext
Dear Bob - The meeting will be at the embassy.
Alice Bob
Enc
rypt
ion
func
tion
Dec
rypt
ion
func
tion
Public(e,n)
Privated
PUBLIC-KEY CRYPTOGRAPHY
9
![Page 41: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/41.jpg)
Plaintext
Dear Bob - The meeting will be at
the embassy.
Ciphertext
Qrne Obo - Gur zrrgvat jvyy or ng
gur rzonffl.
Original plaintext
Dear Bob - The meeting will be at the embassy.
Alice Bob
Enc
rypt
ion
func
tion
Dec
rypt
ion
func
tion
Eve
Public(e,n)
Privated
PUBLIC-KEY CRYPTOGRAPHY
9
![Page 42: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/42.jpg)
M = ab! 1e = AM + a
d = BM + b
n =ed! 1
M
KID CRYPTOChoose positive integers A, B, a, and b.
Public key: (e, n)Private key: d
10
![Page 43: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/43.jpg)
H E L P 07 04 11 15TALBERT’S PUBLIC KEY: (E = 3242, N = 19723)
11
![Page 44: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/44.jpg)
H E L P 07 04 11 15TALBERT’S PUBLIC KEY: (E = 3242, N = 19723)
Encryption: Compute y = (ex) mod n for each number.
11
![Page 45: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/45.jpg)
H E L P 07 04 11 15TALBERT’S PUBLIC KEY: (E = 3242, N = 19723)
Plaintext Numerical (ex) mod n = Cipher “text”
H 7 (3242 × 7) mod 19723 = 2971
E 4 12698
L 11 15939
P 15 9184
Encryption: Compute y = (ex) mod n for each number.
11
![Page 46: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/46.jpg)
2971 12698 15939 9184
TALBERT’S PRIVATE KEY: D = 1965
12
![Page 47: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/47.jpg)
2971 12698 15939 9184
TALBERT’S PRIVATE KEY: D = 1965
Decryption: Compute z = (dy) mod n for each number.
12
![Page 48: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/48.jpg)
2971 12698 15939 9184
TALBERT’S PRIVATE KEY: D = 1965
Decryption: Compute z = (dy) mod n for each number.
Ciphertext (dy) mod n Alpha
2971 7 H
12698 4 E
15939 11 L
9184 15 P
12
![Page 49: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/49.jpg)
WHY KID CRYPTO WORKS
X = PLAINTEXT “CHARACTER”
13
![Page 50: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/50.jpg)
WHY KID CRYPTO WORKS
X = PLAINTEXT “CHARACTER”
y = (ex) modn
13
![Page 51: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/51.jpg)
WHY KID CRYPTO WORKS
X = PLAINTEXT “CHARACTER”
y = (ex) modn z = d(ex) modn = (ed)xmodn
13
![Page 52: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/52.jpg)
WHY KID CRYPTO WORKS
X = PLAINTEXT “CHARACTER”
y = (ex) modn z = d(ex) modn = (ed)xmodn
n =ed! 1
M
13
![Page 53: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/53.jpg)
WHY KID CRYPTO WORKS
X = PLAINTEXT “CHARACTER”
y = (ex) modn z = d(ex) modn = (ed)xmodn
n =ed! 1
M
ed = (Mn + 1)modn
= Mn modn + 1 modn
= 0mod n + 1 modn
= 1mod n
13
![Page 54: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/54.jpg)
WHY KID CRYPTO WORKS
X = PLAINTEXT “CHARACTER”
y = (ex) modn z = d(ex) modn = (ed)xmodn
n =ed! 1
M
ed = (Mn + 1)modn
= Mn modn + 1 modn
= 0mod n + 1 modn
= 1mod n
z = (ed)xmodn
= xmodn
= x.
13
![Page 55: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/55.jpg)
14
![Page 56: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/56.jpg)
BOB
14
![Page 57: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/57.jpg)
BOB ALICE
14
![Page 58: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/58.jpg)
BOB ALICE
PUBLIC(E,N)
14
![Page 59: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/59.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
14
![Page 60: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/60.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
I HEREBY GIVE YOU A RAISE.
14
![Page 61: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/61.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
I HEREBY GIVE YOU A RAISE.
14
![Page 62: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/62.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
I HEREBY GIVE YOU A RAISE.
14
![Page 63: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/63.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
192 2343 9102 ...
ENCRYPT WITH THE PRIVATE KEYATTACH TO END OF ORIGINAL
MESSAGE
14
![Page 64: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/64.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
192 2343 9102 ...
ENCRYPT WITH THE PRIVATE KEYATTACH TO END OF ORIGINAL
MESSAGE
DIGITAL SIGNATURE = MESSAGE ENCRYPTED WITH PRIVATE KEY
14
![Page 65: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/65.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
192 2343 9102 ...
ENCRYPT WITH THE PRIVATE KEYATTACH TO END OF ORIGINAL
MESSAGE
DIGITAL SIGNATURE = MESSAGE ENCRYPTED WITH PRIVATE KEY
14
![Page 66: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/66.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
192 2343 9102 ...
ENCRYPT WITH THE PRIVATE KEYATTACH TO END OF ORIGINAL
MESSAGE
DECRYPT WITH THE PUBLIC KEYAUTHENTICATE BY COMPARING
TO PLAINTEXT MESSAGE
DIGITAL SIGNATURE = MESSAGE ENCRYPTED WITH PRIVATE KEY
14
![Page 67: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/67.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
192 2343 9102 ...
ENCRYPT WITH THE PRIVATE KEYATTACH TO END OF ORIGINAL
MESSAGE
DECRYPT WITH THE PUBLIC KEYAUTHENTICATE BY COMPARING
TO PLAINTEXT MESSAGE
DIGITAL SIGNATURE = MESSAGE ENCRYPTED WITH PRIVATE KEY
14
![Page 68: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/68.jpg)
WHY KID CRYPTO WORKS FOR SIGNATURES
X = PLAINTEXT “CHARACTER”
15
![Page 69: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/69.jpg)
WHY KID CRYPTO WORKS FOR SIGNATURES
X = PLAINTEXT “CHARACTER”
s = dxmodnBOB
15
![Page 70: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/70.jpg)
WHY KID CRYPTO WORKS FOR SIGNATURES
X = PLAINTEXT “CHARACTER”
s = dxmodnBOB
s! = edxmodn = xmodn = x.ALICE
15
![Page 71: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/71.jpg)
16
![Page 72: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/72.jpg)
BOB
16
![Page 73: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/73.jpg)
BOB ALICE
16
![Page 74: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/74.jpg)
BOB ALICE
PUBLIC(E,N)
16
![Page 75: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/75.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
16
![Page 76: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/76.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
16
![Page 77: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/77.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
EVIL FAKE D
16
![Page 78: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/78.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
I HEREBY GIVE YOU A RAISE.
EVIL FAKE D
16
![Page 79: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/79.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
I HEREBY GIVE YOU A RAISE.
EVIL FAKE D
16
![Page 80: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/80.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
I HEREBY GIVE YOU A RAISE.
EVIL FAKE D
16
![Page 81: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/81.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
228 1893 189 ...
EVIL FAKE D
16
![Page 82: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/82.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
228 1893 189 ...
EVIL FAKE D
16
![Page 83: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/83.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
X FLBRUG YTEX BIP Q XETIA.
I HEREBY GIVE YOU A RAISE.
228 1893 189 ...
EVIL FAKE D
16
![Page 84: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/84.jpg)
BOB ALICE
PUBLIC(E,N)
PRIVATED
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
X FLBRUG YTEX BIP Q XETIA.
I HEREBY GIVE YOU A RAISE.
228 1893 189 ...
SIGNATURE DOES NOT MATCH MESSAGE ⇒
MESSAGE NOT AUTHENTICATED
EVIL FAKE D
16
![Page 85: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/85.jpg)
A TRUE SIGNATURE: • IS AUTHENTIC• CANNOT BE FORGED• CANNOT BE REUSED• PROVES DOCUMENT HAS NOT BEEN ALTERED • CANNOT BE REPUDIATED
17
![Page 86: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/86.jpg)
Public-key system as signature system
Sender encrypts the message with his private key, attaches “ciphertext” to the plaintext message.
Recipient decrypts the ciphertext with the sender’s public key; compares to plaintext message. Equality ⇒ authentication.
Example using RSA
18
![Page 87: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/87.jpg)
A national standard?
19
![Page 88: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/88.jpg)
1977: RSA INVENTED
A national standard?
19
![Page 89: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/89.jpg)
1977: RSA INVENTED
1982: NIST SOLICITS CANDIDATES FOR FEDERAL DIGITAL
SIGNATURE STANDARD (DSS)
A national standard?
19
![Page 90: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/90.jpg)
1977: RSA INVENTED
1982: NIST SOLICITS CANDIDATES FOR FEDERAL DIGITAL
SIGNATURE STANDARD (DSS)
1991: NIST PROPOSES DIGITAL
SIGNATURE ALGORITHM (DSA) TO
BE USED IN DSS
A national standard?
19
![Page 91: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/91.jpg)
1977: RSA INVENTED
1982: NIST SOLICITS CANDIDATES FOR FEDERAL DIGITAL
SIGNATURE STANDARD (DSS)
1991: NIST PROPOSES DIGITAL
SIGNATURE ALGORITHM (DSA) TO
BE USED IN DSS
1992: PUBLIC COMMENTS ON DSA;
CRITICISM FROM RSA, INC. AND
CLIENT COMPANIES
A national standard?
19
![Page 92: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/92.jpg)
1977: RSA INVENTED 1994: DSA APPROVED
1982: NIST SOLICITS CANDIDATES FOR FEDERAL DIGITAL
SIGNATURE STANDARD (DSS)
1991: NIST PROPOSES DIGITAL
SIGNATURE ALGORITHM (DSA) TO
BE USED IN DSS
1992: PUBLIC COMMENTS ON DSA;
CRITICISM FROM RSA, INC. AND
CLIENT COMPANIES
A national standard?
19
![Page 93: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/93.jpg)
20
![Page 94: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/94.jpg)
227 = 2! 102 + 2! 101 + 7! 100
20
![Page 95: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/95.jpg)
227 = 2! 102 + 2! 101 + 7! 100
227 = 1! 27 + 1! 26 + 1! 25 + 0! 24
+0! 23 + 0! 22 + 1! 21 + 1! 20
20
![Page 96: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/96.jpg)
227 = 2! 102 + 2! 101 + 7! 100
227 = 1! 27 + 1! 26 + 1! 25 + 0! 24
+0! 23 + 0! 22 + 1! 21 + 1! 20
= 11100011
20
![Page 97: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/97.jpg)
227 = 2! 102 + 2! 101 + 7! 100
227 = 1! 27 + 1! 26 + 1! 25 + 0! 24
+0! 23 + 0! 22 + 1! 21 + 1! 20
= 11100011BINARY FORM OF 227
227 IS AN 8-BIT INTEGER
20
![Page 98: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/98.jpg)
227 = 2! 102 + 2! 101 + 7! 100
227 = 1! 27 + 1! 26 + 1! 25 + 0! 24
+0! 23 + 0! 22 + 1! 21 + 1! 20
= 11100011BINARY FORM OF 227
227 IS AN 8-BIT INTEGER5 = 101
1967 =11110101111
20
![Page 99: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/99.jpg)
227 = 2! 102 + 2! 101 + 7! 100
227 = 1! 27 + 1! 26 + 1! 25 + 0! 24
+0! 23 + 0! 22 + 1! 21 + 1! 20
= 11100011BINARY FORM OF 227
227 IS AN 8-BIT INTEGER5 = 101
1967 =11110101111
Bit length of N =!
lnN
ln 2
"+ 1
20
![Page 100: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/100.jpg)
227 = 2! 102 + 2! 101 + 7! 100
227 = 1! 27 + 1! 26 + 1! 25 + 0! 24
+0! 23 + 0! 22 + 1! 21 + 1! 20
= 11100011BINARY FORM OF 227
227 IS AN 8-BIT INTEGER5 = 101
1967 =11110101111
Bit length of N =!
lnN
ln 2
"+ 1
Decimal length of k-bit integer = !(k " 1) log10 2# + 1
20
![Page 101: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/101.jpg)
21
![Page 102: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/102.jpg)
Alice
21
![Page 103: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/103.jpg)
Alice Bob
21
![Page 104: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/104.jpg)
Alice Bob
HI, BOB. HOW’S IT GOING?(SIGNATURE ATTACHED)
21
![Page 105: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/105.jpg)
Alice BobHI, BOB. HOW’S IT GOING?
(SIGNATURE ATTACHED)
21
![Page 106: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/106.jpg)
Alice BobHI, BOB. HOW’S IT GOING?
(SIGNATURE ATTACHED)
AUTHENTICATED
21
![Page 107: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/107.jpg)
Alice BobHI, BOB. HOW’S IT GOING?
(SIGNATURE ATTACHED)
AUTHENTICATED
STAGE 1: SYSTEM-WIDE PARAMETER GENERATION.
21
![Page 108: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/108.jpg)
Alice BobHI, BOB. HOW’S IT GOING?
(SIGNATURE ATTACHED)
AUTHENTICATED
STAGE 1: SYSTEM-WIDE PARAMETER GENERATION.STAGE 2: KEY GENERATION (ALICE; ONE-TIME ONLY).
21
![Page 109: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/109.jpg)
Alice BobHI, BOB. HOW’S IT GOING?
(SIGNATURE ATTACHED)
AUTHENTICATED
STAGE 1: SYSTEM-WIDE PARAMETER GENERATION.STAGE 2: KEY GENERATION (ALICE; ONE-TIME ONLY).
STAGE 3: SIGNING (ALICE).
21
![Page 110: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/110.jpg)
Alice BobHI, BOB. HOW’S IT GOING?
(SIGNATURE ATTACHED)
AUTHENTICATED
STAGE 1: SYSTEM-WIDE PARAMETER GENERATION.STAGE 2: KEY GENERATION (ALICE; ONE-TIME ONLY).
STAGE 3: SIGNING (ALICE).STAGE 4: AUTHENTICATING (BOB).
21
![Page 111: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/111.jpg)
1: SYSTEM-WIDE PARAMETERS
Name Description
pPrime number, bit length
between 512 and 1024 and a multiple of 64.
q 160-bit prime factor of p.
αα = h(p-1)/q mod p
Where h is any number ≤ p-1 such that h(p-1)/q is > 1
22
![Page 112: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/112.jpg)
2: KEY GENERATION
23
![Page 113: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/113.jpg)
2: KEY GENERATION
Alice
23
![Page 114: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/114.jpg)
2: KEY GENERATION
Alice
PRIVATE KEYRandom integer x such that
1 ≤ x ≤ q-1
23
![Page 115: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/115.jpg)
2: KEY GENERATION
Alice
PRIVATE KEYRandom integer x such that
1 ≤ x ≤ q-1
PUBLIC KEYy = αx mod p
23
![Page 116: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/116.jpg)
3: SIGNING
Alice
Has: Message m
Public key y, Private key xSystem parameters p, q, α
24
![Page 117: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/117.jpg)
3: SIGNING
Alice
Has: Message m
Public key y, Private key xSystem parameters p, q, α
Choose random (secret) integer k with 0 < k < q.
24
![Page 118: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/118.jpg)
3: SIGNING
Alice
Has: Message m
Public key y, Private key xSystem parameters p, q, α
Choose random (secret) integer k with 0 < k < q.
Compute r = (!k mod p) mod q.
24
![Page 119: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/119.jpg)
3: SIGNING
Alice
Has: Message m
Public key y, Private key xSystem parameters p, q, α
Choose random (secret) integer k with 0 < k < q.
Compute r = (!k mod p) mod q.
Compute k!1 mod q.
24
![Page 120: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/120.jpg)
3: SIGNING
Alice
Has: Message m
Public key y, Private key xSystem parameters p, q, α
Choose random (secret) integer k with 0 < k < q.
Compute r = (!k mod p) mod q.
Compute k!1 mod q.
Compute s = k!1(H(m) + xr)mod q.
24
![Page 121: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/121.jpg)
3: SIGNING
Alice
Has: Message m
Public key y, Private key xSystem parameters p, q, α
Choose random (secret) integer k with 0 < k < q.
Compute r = (!k mod p) mod q.
Compute k!1 mod q.
Compute s = k!1(H(m) + xr)mod q.
SIGNATURE: (R,S).
24
![Page 122: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/122.jpg)
4: AUTHENTICATING
BOB
Receives: Message m
Signature (r,s)Has:
Public key y; System parameters p, q, α
25
![Page 123: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/123.jpg)
4: AUTHENTICATING
BOB
Receives: Message m
Signature (r,s)Has:
Public key y; System parameters p, q, α
Verify 0 < r, s < q. Reject if not.
25
![Page 124: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/124.jpg)
4: AUTHENTICATING
BOB
Receives: Message m
Signature (r,s)Has:
Public key y; System parameters p, q, α
Verify 0 < r, s < q. Reject if not.
Compute H(m) and w = s!1 mod q.
25
![Page 125: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/125.jpg)
4: AUTHENTICATING
BOB
Receives: Message m
Signature (r,s)Has:
Public key y; System parameters p, q, α
Verify 0 < r, s < q. Reject if not.
Compute H(m) and w = s!1 mod q.
u1 = (w · H(m))mod q
25
![Page 126: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/126.jpg)
4: AUTHENTICATING
BOB
Receives: Message m
Signature (r,s)Has:
Public key y; System parameters p, q, α
Verify 0 < r, s < q. Reject if not.
Compute H(m) and w = s!1 mod q.
u1 = (w · H(m))mod q u2 = (rw) mod q
25
![Page 127: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/127.jpg)
4: AUTHENTICATING
BOB
Receives: Message m
Signature (r,s)Has:
Public key y; System parameters p, q, α
Verify 0 < r, s < q. Reject if not.
Compute H(m) and w = s!1 mod q.
u1 = (w · H(m))mod q u2 = (rw) mod q
v = (!u1yu2 mod p) mod q
25
![Page 128: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/128.jpg)
4: AUTHENTICATING
BOB
Receives: Message m
Signature (r,s)Has:
Public key y; System parameters p, q, α
Verify 0 < r, s < q. Reject if not.
Compute H(m) and w = s!1 mod q.
u1 = (w · H(m))mod q u2 = (rw) mod q
v = (!u1yu2 mod p) mod q
IF V = R ⇒ AUTHENTICATED.
25
![Page 129: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/129.jpg)
v = (!u1yu2 mod p) mod q
26
![Page 130: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/130.jpg)
v = (!u1yu2 mod p) mod q
s = k!1 (H(m) + xr)mod q
s!1 = k!H(m) + xr)!1 mod q
26
![Page 131: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/131.jpg)
v = (!u1yu2 mod p) mod q
s = k!1 (H(m) + xr)mod q
s!1 = k!H(m) + xr)!1 mod q
!u1 = !wH(m) mod q
26
![Page 132: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/132.jpg)
v = (!u1yu2 mod p) mod q
s = k!1 (H(m) + xr)mod q
s!1 = k!H(m) + xr)!1 mod q
!u1 = !wH(m) mod q yu2 = (!x)u2 mod p
= !xrw mod q mod p
26
![Page 133: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/133.jpg)
v = (!u1yu2 mod p) mod q
s = k!1 (H(m) + xr)mod q
s!1 = k!H(m) + xr)!1 mod q
!u1 = !wH(m) mod q yu2 = (!x)u2 mod p
= !xrw mod q mod p
!u1yu2 = !wH(m)!xrw mod p
= !w(H(m)+xr) mod q mod p
= !s!1(H(m)+xr) mod q mod p
= !k(H(m)+xr)!1(H(m)+xr) mod q mod p
= !k mod p
26
![Page 134: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/134.jpg)
27
![Page 135: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/135.jpg)
v = (!u1yu2 mod p) mod q
=!!k mod p) mod q
27
![Page 136: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/136.jpg)
v = (!u1yu2 mod p) mod q
=!!k mod p) mod q
r = (!k mod p) mod q
27
![Page 137: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/137.jpg)
v = (!u1yu2 mod p) mod q
=!!k mod p) mod q
r = (!k mod p) mod q
IF V = R ⇒ AUTHENTICATED.
IF V ≠ R ⇒ NO AUTHENTICATION.
27
![Page 138: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/138.jpg)
28
![Page 139: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/139.jpg)
Alice
28
![Page 140: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/140.jpg)
Alice Bob
28
![Page 141: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/141.jpg)
Alice Bob
PUBLICy=αx
mod p
28
![Page 142: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/142.jpg)
Alice Bob
PUBLICy=αx
mod p
SYSTEM: P, Q
28
![Page 143: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/143.jpg)
Alice Bob
I HEREBY GIVE YOU A RAISE.
PUBLICy=αx
mod p
SYSTEM: P, Q
28
![Page 144: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/144.jpg)
Alice Bob
I HEREBY GIVE YOU A RAISE.
PUBLICy=αx
mod p
SYSTEM: P, Q
28
![Page 145: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/145.jpg)
Alice Bob
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
(R,S)
PUBLICy=αx
mod p
SYSTEM: P, Q
28
![Page 146: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/146.jpg)
Alice Bob
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
(R,S)
PUBLICy=αx
mod p
SYSTEM: P, Q
28
![Page 147: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/147.jpg)
Alice Bob
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
(R,S)
PUBLICy=αx
mod p
SYSTEM: P, Q
28
![Page 148: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/148.jpg)
Alice Bob
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
(R,S)
PUBLICy=αx
mod p
SYSTEM: P, Q
28
![Page 149: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/149.jpg)
Alice Bob
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
I HEREBY GIVE YOU A RAISE.
(R,S)
PUBLICy=αx
mod p
SYSTEM: P, Q
HOW TO PRODUCE A FORGED (R,S) ON A NEW MESSAGE?
28
![Page 150: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/150.jpg)
FORGERY METHOD 1: RECOVER ALICE’S PRIVATE KEY FROM AVAILABLE
INFORMATION.
29
![Page 151: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/151.jpg)
FORGERY METHOD 1: RECOVER ALICE’S PRIVATE KEY FROM AVAILABLE
INFORMATION.
y = !x mod pSOLVE FOR X
29
![Page 152: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/152.jpg)
FORGERY METHOD 1: RECOVER ALICE’S PRIVATE KEY FROM AVAILABLE
INFORMATION.
y = !x mod pSOLVE FOR X
DISCRETE LOGARITHM PROBLEM
29
![Page 153: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/153.jpg)
FORGERY METHOD 1: RECOVER ALICE’S PRIVATE KEY FROM AVAILABLE
INFORMATION.
y = !x mod pSOLVE FOR X
DISCRETE LOGARITHM PROBLEM
29
![Page 154: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/154.jpg)
FORGERY METHOD 1: RECOVER ALICE’S PRIVATE KEY FROM AVAILABLE
INFORMATION.
y = !x mod pSOLVE FOR X
DISCRETE LOGARITHM PROBLEM
O(√p)! Too expensive!
29
![Page 155: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/155.jpg)
FORGERY METHOD 2: USE R TO RECOVER K.
30
![Page 156: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/156.jpg)
FORGERY METHOD 2: USE R TO RECOVER K.
r = (!k mod p) mod q
30
![Page 157: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/157.jpg)
FORGERY METHOD 2: USE R TO RECOVER K.
r = (!k mod p) mod q
DISCRETE LOGARITHM PROBLEM
30
![Page 158: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/158.jpg)
FORGERY METHOD 2: USE R TO RECOVER K.
r = (!k mod p) mod q
DISCRETE LOGARITHM PROBLEM
s = k!1(H(m) + xr) mod q
x = r!1(sk !H(m))mod q
30
![Page 159: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/159.jpg)
FORGERY METHOD 2: USE R TO RECOVER K.
r = (!k mod p) mod q
DISCRETE LOGARITHM PROBLEM
s = k!1(H(m) + xr) mod q
x = r!1(sk !H(m))mod q
30
![Page 160: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/160.jpg)
FORGERY METHOD 2: USE R TO RECOVER K.
r = (!k mod p) mod q
DISCRETE LOGARITHM PROBLEM
s = k!1(H(m) + xr) mod q
x = r!1(sk !H(m))mod q
Everything on the RHS except k is public info or easy to
compute... but I still have to solve DLP! Curses!
30
![Page 161: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/161.jpg)
FORGERY METHOD 3: HOPE FOR LAZINESS.
31
![Page 162: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/162.jpg)
FORGERY METHOD 3: HOPE FOR LAZINESS.
Alice
31
![Page 163: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/163.jpg)
FORGERY METHOD 3: HOPE FOR LAZINESS.
Alice
I don’t feel like generating a new value for k.
31
![Page 164: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/164.jpg)
FORGERY METHOD 3: HOPE FOR LAZINESS.
Alice
I don’t feel like generating a new value for k.
s1 = k!1(H(m1) + xr) mod q
s2 = k!1(H(m2) + xr) mod q
31
![Page 165: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/165.jpg)
FORGERY METHOD 3: HOPE FOR LAZINESS.
Alice
I don’t feel like generating a new value for k.
s1 = k!1(H(m1) + xr) mod q
s2 = k!1(H(m2) + xr) mod q
s1k !H(m1) = xr mod q
s2k !H(m2) = xr mod q
31
![Page 166: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/166.jpg)
FORGERY METHOD 3: HOPE FOR LAZINESS.
Alice
I don’t feel like generating a new value for k.
s1 = k!1(H(m1) + xr) mod q
s2 = k!1(H(m2) + xr) mod q
s1k !H(m1) = xr mod q
s2k !H(m2) = xr mod q
k(s1 ! s2) = H(m1)!H(m2) mod q
31
![Page 167: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/167.jpg)
FORGERY METHOD 3: HOPE FOR LAZINESS.
Alice
I don’t feel like generating a new value for k.
s1 = k!1(H(m1) + xr) mod q
s2 = k!1(H(m2) + xr) mod q
s1k !H(m1) = xr mod q
s2k !H(m2) = xr mod q
k(s1 ! s2) = H(m1)!H(m2) mod q
k = (s1 ! s2)!1(H(m1)!H(m2))mod q
31
![Page 168: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/168.jpg)
FORGERY METHOD 3: HOPE FOR LAZINESS.
Alice
I don’t feel like generating a new value for k.
s1 = k!1(H(m1) + xr) mod q
s2 = k!1(H(m2) + xr) mod q
s1k !H(m1) = xr mod q
s2k !H(m2) = xr mod q
k(s1 ! s2) = H(m1)!H(m2) mod q
k = (s1 ! s2)!1(H(m1)!H(m2))mod q
Gotcha!
31
![Page 169: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/169.jpg)
Further issues
32
![Page 170: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/170.jpg)
Further issuesOne-way hash functions and their security (SHA-1, MD5)
32
![Page 171: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/171.jpg)
Further issuesOne-way hash functions and their security (SHA-1, MD5)
Faster/less expensive algorithms for solving DLP
32
![Page 172: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/172.jpg)
Further issuesOne-way hash functions and their security (SHA-1, MD5)
Faster/less expensive algorithms for solving DLP
Uses of secure authentication
32
![Page 173: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/173.jpg)
Further issuesOne-way hash functions and their security (SHA-1, MD5)
Faster/less expensive algorithms for solving DLP
Uses of secure authentication
Electronic currency
32
![Page 174: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/174.jpg)
Further issuesOne-way hash functions and their security (SHA-1, MD5)
Faster/less expensive algorithms for solving DLP
Uses of secure authentication
Electronic currency
Electronic notarization
32
![Page 175: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/175.jpg)
Further issuesOne-way hash functions and their security (SHA-1, MD5)
Faster/less expensive algorithms for solving DLP
Uses of secure authentication
Electronic currency
Electronic notarization
Identification in social networking/blogging
32
![Page 176: Introduction To Digital Signatures](https://reader037.vdocument.in/reader037/viewer/2022102922/5467d1b4af7959f9288b459a/html5/thumbnails/176.jpg)
Contact
Robert Talbert, PhDDepartment of Mathematics and Computing
Franklin College101 Branigin Blvd.Franklin, IN 46131
33