Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 8 Digital Signature Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li

Published byBeverly Cox Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 8 Digital Signature Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li"— Presentation transcript:

1 Chapter 8 Digital Signature Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li http://cst.hit.edu.cn/~lizhijun lizhijun_os@hit.edu.cn

2 Zhijun LiS1034040/Autumn08/HIT2 Outline Nonreputation & Digital Signature RSA Signature ElGamal Signature Digital Signature Algorithm Digital Signature with other Properties –Security Provable Signature –Blind Signature –Undeniable Signature –Fail-Stop Signature

3 Zhijun LiS1034040/Autumn08/HIT3 Confidentiality/secrecy/privacy –Encryption Integrity –MAC Nonreputation –Identity (source or destination) can not deny transmitting the message –Use ? Security Goals

4 Zhijun LiS1034040/Autumn08/HIT4 Nonreputation Nonreputation: Identity (source or destination) can not deny transmitting the message –Authentication protects two parties from third parties –Nonrepudiation protects two parties against each other Example: Alice sends IOU message to Bob –Alice can deny sending the message –Bob may forge a different message and claim that it came from Alice

5 Zhijun LiS1034040/Autumn08/HIT5 IOU Protocol Review Alice Bob {KU A, KR A } M E KR A [H(M)] Judge M E KR A [H(M)] knows KU A Digital Signature Alice Bob Judge

6 Zhijun LiS1034040/Autumn08/HIT6 Digital Signature Digital Signature: a data string which associates a message with some originating entity Digital Signature Scheme: for each key, there is a SECRET signature generation algorithm and a PUBLIC verification algorithm Digital Signature & PKI –Digital signature is difficult to implement in other ways

7 Zhijun LiS1034040/Autumn08/HIT7 Signature Signature generation Private key Document Signer Signature verification Public key Document OK / not OK Verifier Digital Signature Scheme SIG: K  M  S k  K is the secret key VER : K’  M  S  {OK, FAIL} OK iff s is a valid signature e is the public key

8 Zhijun LiS1034040/Autumn08/HIT8 Adversary of Digital Signature Adversarial goals: –Total break: adversary can forge signature on any message –Selective forgery: adversary is able to create valid signatures on a chosen message with a significant probability –Existential forgery: adversary can create a pair (message, signature), s.t. the signature of the message is valid Note: –A signature scheme can not be perfectly secure Adversary can always forge signature given enough time –Signature scheme can only be computationally secure

9 Zhijun LiS1034040/Autumn08/HIT9 Attack Model to Digital Signature Key-only attack: Adversary knows only the verification function (it is supposed to be public) Known message attack: Adversary knows a list of messages previously signed by Alice Chosen message attack: Adversary can choose what messages wants Alice to sign, and knows the messages and the corresponding signatures

10 Zhijun LiS1034040/Autumn08/HIT10 Outline Nonreputation & Digital Signature RSA Signature ElGamal Signature Digital Signature Algorithm Digital Signature with other Properties –Security Provable Signature –Blind Signature –Undeniable Signature –Fail-Stop Signature

11 Zhijun LiS1034040/Autumn08/HIT11 RSA Signature Given RSA {(e, n), (d, p, q)} SIG(d, m) s = m d (mod n) VER(e, m, s) m = ? s e (mod n) s e = m ed (mod n) = m (mod n)

12 Zhijun LiS1034040/Autumn08/HIT12 Existential Forgery Oscar can generate a valid signature by: 1. Choose signature s  Z n 2. Encrypt: m = e k pub (s) = s e mod n 3. Send (m,s) to Bob 4. Bob verifies: ver k pub (m, s): s e  m (mod n)  true Note: –m can’t be controlled, so existential forgery

13 Zhijun LiS1034040/Autumn08/HIT13 Remark for This Forgery It is a key-only attack Countermeasures: –Use some redundancy in message to detect –Example: Sig(m) = (Hash(m)) d = s s e = Hash(m) : Need find m with Hash(m) = s e Hash is preimage resistant Know Hash(m), but NOT known m

14 Zhijun LiS1034040/Autumn08/HIT14 Another Existential Forgery (m 1,s 1 ) and (m 2,s 2 ) are valid signatures (m=m 1 m 2, s=s 1 s 2 ) are valid (m,s) is valid signature (m -1, s -1 ) is valid Remark: –An existential forgery –Sig(m) = (Hash(m)) d is also useful

15 Zhijun LiS1034040/Autumn08/HIT15 Outline Nonreputation & Digital Signature RSA Signature ElGamal Signature Digital Signature Algorithm Digital Signature with other Properties –Security Provable Signature –Blind Signature –Undeniable Signature –Fail-Stop Signature

16 Zhijun LiS1034040/Autumn08/HIT16 ElGamal Signature Key generation: –Chooses a prime p, and chooses a generator g  Z p * –Selects a random integer k as the private key –Computes the public key  = g k mod p –Public key is ( , g, p) –Private key is (k)

17 Zhijun LiS1034040/Autumn08/HIT17 ElGamal Signature Signing a message m: –Select random r, 1  r  p-1, r  Z p-1 * (gcd(r,p-1)=1) –Compute x  g r (mod p) –Solves y in following congruence equation m  k·x+r·y (mod p-1) –SIG k,r (m) = (x,y)

18 Zhijun LiS1034040/Autumn08/HIT18 ElGamal Signature Verification: –Receive the m and s = (x, y) –Computes g m –Computes (  ) x ·x y –VER(m, s): g m  ? (  ) x ·x y (mod p)

19 Zhijun LiS1034040/Autumn08/HIT19 Why This Schema Can Work? If m=m, x=x, y=y (  ) x ·x y (mod p) = g kx · g ry (mod p) ry = m - kx (mod p-1) kx+ry = m (mod p-1) (  ) x ·x y = g kx + ry = g m (mod p) Why?

20 Zhijun LiS1034040/Autumn08/HIT20 ElGamal Signature Example 1.Choose p=11, g=2 and k=8 2.c = 2 8 mod 11 = 3 So: Public key (3,2,11) 3.Signing m=5 3.1 select a random integer r=9 gcd(10,9)=1 3.2 computes x = g r mod p = 2 9 mod 11 = 6 3.3 solves 5 = 8·6+9·y mod 10; because 9 -1 = 9 mod 10;so y = 9 -1 · (5-8·6) = 3 mod 10 3.4 signature s=(6,3) 4.Verification 3 6. 6 3 =21 =10 = 2 5 =10 mod 11

21 Zhijun LiS1034040/Autumn08/HIT21 Security of ElGamal Signature Based on DLP BUT weaker than DLP –Existential Forgery Find (m,x,y) s.t. (  ) x ·x y =g m –Suppose x=g i  j (mod p)  g m  x (g i  j ) y (mod p) –g m-iy  x+jy mod p –Let m-iy  0 mod p-1  x+jy  0 mod p-1 –If gcd(j, p-1)=1 –y=-xj -1 (mod p-1) –m=-xij -1 (mod p-1) (if hash?) –x=g i  j (mod p)

22 Zhijun LiS1034040/Autumn08/HIT22 Security of ElGamal Signature The random r must be keep secret –k=(m-ry)x -1 (mod p-1) The random r must be unique for each message –(  ) x ·x y 1 =g m 1 (mod p);(  ) x ·x y 2 =g m 2 (mod p) –g m 1 -m 2   y 1 -y 2  g k(y 1 -y 2 ) (mod p) –m 1 -m 2  k(y 1 -y 2 ) mod p-1 –d=gcd(y 1 -y 2, p-1); d|(m 1 -m 2 ) –m'=(m 1 -m 2 )/d; y'=(y 1 -y 2 )/d; p'=(p-1)/d –m'=ky' mod p' and gcd(y', p')=1 –k=m'y' -1 +ip' mod p-1 i<d and test them by  =g k mod p

23 Zhijun LiS1034040/Autumn08/HIT23 Lesson of ElGamal Signature Hash function h must be used –Otherwise easy for an existential forgery attack Signature length is 2 times of the length p –p=1024 bits –For some storage limited device (smart chard)

24 Zhijun LiS1034040/Autumn08/HIT24 Outline Nonreputation & Digital Signature RSA Signatures ElGamal Signatures Digital Signature Algorithm Digital Signature with other Properties –Security Provable Signature –Blind Signature –Undeniable Signature –Fail-Stop Signature

25 Zhijun LiS1034040/Autumn08/HIT25 DSA Overview Published in NIST in 1992 (FIPS PUB 186) Remark: –DSA is a variant for ElGamal signature –Using SHA hash algorithms and the digest is 320 bits –Sometimes called DSS (Digital Signature Standard)

26 Zhijun LiS1034040/Autumn08/HIT26 From ElGamal Signature Use a subgroup { ,  2,…,  q } in Z p *, the order of  is q –q is a 160-bits prime –p is a 1024-bits prime Introduce the hashing function –SHA1(m) is also 160-bits

27 Zhijun LiS1034040/Autumn08/HIT27 From ElGamal Signature y=r -1 (m+k·x) (mod p-1) –Verify  m  x =x y mod p –ord(  ) = q, so all exponents need mod q –x = (  r mod p) mod q –y=(m-k·x)r -1 (mod q) (x can be replaced by x) –  m  x =x y mod p   my -1  xy -1 =x mod p   my -1  xy -1 =x mod p  (  my -1  xy -1 mod p) mod q = x

28 Zhijun LiS1034040/Autumn08/HIT28 DSA: Key Generation Select a prime q of 160-bits Choose 0  t  8 and 2 511+64t <p<2 512+64t with q | p-1 Let g be a generator of Z p *, and  = g (p-1)/q mod p Select 1  k  q-1 Compute  =  k mod p Public key: (p, q, ,  ) Private key: k

29 Zhijun LiS1034040/Autumn08/HIT29 DSA: Signature Signing message m: 1. Compute one-way hash h = SHA-1(m) 2. Select a random signing key r, 0 < r < q 3. Compute –x = (  r mod p) mod q –y = (SHA-1(m) + xk). r -1 mod q –SIG(m)=(x, y)

30 Zhijun LiS1034040/Autumn08/HIT30 DSA: Verification Verifying m, (r, s): 1. Verify 0 < r < q and 0 < y < q, if not, invalid 2. Verifier computes –w = y -1 mod q –u1= SHA-1(m). w mod q –u2= x. w mod q –v = (  u1.  u2 mod p) mod q 3. Verifier accepts the signature iff –v = x

31 Zhijun LiS1034040/Autumn08/HIT31 DSA Remark Advantages: –Suitable to storage limited device –Hashing function is used –Based on discrete logarithm problem Disadvantages: –Unpublicized selection

32 Zhijun LiS1034040/Autumn08/HIT32 Outline Nonreputation & Digital Signature RSA Signatures ElGamal Signatures Digital Signature Algorithm Digital Signature with other Properties –Security Provable Signature –Blind Signature –Undeniable Signature –Fail-Stop Signature

33 Zhijun LiS1034040/Autumn08/HIT33 Security Provable Signature Idea: –Can reduce the forgery into the inverse of one-way Lamport One-time Signature: –P={0,1} k, f is one-way function f: Y  Z –Choose secret keys y i,j  Y, 1  i  k, j=0,1 –Let z i,j  Z, 1  i  k, j=0,1 are public keys –Sig(m 1, m 2, …, m k ) = (y 1,m 1, y 2,m 2, …,y k,m k ) –Ver((m 1, m 2, …, m k ), (a 1, a 2, …, a k )= true  f(a i )=z i,m i

34 Zhijun LiS1034040/Autumn08/HIT34 Lamport Signature Example p=7879 and 3 is a generator f(x)=3 x mod 7879 y 1,0 =5831;y 1,1 =735;y 2,0 =803;y 2,1 =2467;y 3,0 =4285;y 3,1 =6449 z 1,0 =2009;z 1,1 =3810;z 2,0 =4672;z 2,1 =4721;z 3,0 =268;z 3,1 =5731 m=(1,1,0): Sig(m)=(735,2467,4285) Verification: 3 735 mod 7879=3810; 3 2467 mod 7879=4721; 3 4285 mod 7879=268

35 Zhijun LiS1034040/Autumn08/HIT35 One-Time Digital Signature One-time digital signatures: –Using signing at most one message –Otherwise signature can be forged –In Lamport: (1, 0, 1) + (0, 1, 0) = all 2 3 –A new public key is required for each signed message Advantage: –Signature and verification can be very efficient –Can be very secure –Is useful for cards with low resources

36 Zhijun LiS1034040/Autumn08/HIT36 Lamport-Preimage(z) If we have Lamport-Forge: Lamport-Preimage(z) Select i 0  {1,…,k} and j 0  {0,1} randomly Build public key Z=(z i,j : 1  i  k, j=0,1) s.t. z=z i 0,j 0 ((m 1,…,m k ), (a 1,…,a k )) = Lamport-Forge(z) if x i 0 =j 0 then return (a i 0 ) else return (fail)

37 Zhijun LiS1034040/Autumn08/HIT37 Success of Lamport-Preimage Theorem: with Lamport-Forge, the success rate of Lamport-Preimage(z)  1/2 Proof: –Let S is the set of all public keys, s=|S| –Let S z is the set of public keys contain z, s z =|S z | –Let T z is all Z  S with Lamport-Preimage success, t z =|T z | –  z  Z t z = ks; 2ks=s z |Z| –Pr(success)=1/|Z|  z  Z p z =1/|Z|  z  Z t z /s z =  z  Z t z /s z |Z|=1/2ks  z  Z t z =ks/2ks=1/2

38 Zhijun LiS1034040/Autumn08/HIT38 Blind Signature Situation: Signing with unknowing the content Example: Anonymous electronic cash Scene Alice Bob Authority Sign ③ Signature ④ Unblinding ⑤ Signature ⑥ Verification ⑦ Blinding ① Blinded Message ②

39 Zhijun LiS1034040/Autumn08/HIT39 RSA Blind Signature Initialization: Authority: p,q are primes, N=p  q, public key e and e  d  1 mod (p-1)(q-1) Blinding: Alice: Get N and e, choose a random r  Z N *, compute blinded message b  m  r e (mod N)

40 Zhijun LiS1034040/Autumn08/HIT40 RSA Blind Signature Signing: Authority: sign the blinded message b s = b d Unblinding: Alice: Remove the r from s s = s  r -1  m d (mod N) Verify: Bob: Receive (m 1,s 1 ) Check s 1 e  ? m 1 (mod N)

41 Zhijun LiS1034040/Autumn08/HIT41 Undeniable Signature Signature with following features: –Signature verification must involve the participation of the signer –Signer can prove that a signature is not valid –Signer can’t Deny a Valid Signature –So Undeniable Example: –Software distribution

42 Zhijun LiS1034040/Autumn08/HIT42 Why Undeniable? The signer need to be online when verifying –The precondition for undeniability –Challenge-Response interaction The signer can prove a signature is forged –If he deny to prove –Then the signature is valid

43 Zhijun LiS1034040/Autumn08/HIT43 How to Prove? In Challenge-Response interaction –If the Verification fails The signature is a fraud Signer cheats by giving “incorrect” response –So need run some protocol after fails Summary: Signing & Verification & Disavowal Protocol

44 Zhijun LiS1034040/Autumn08/HIT44 Initialization: The Signer Chooses: –two primes p and q, and p=2q+1 –g  Z p * and ord(g)=q –G generated by g, so G is a subgroup of Z p * –A random k(0<k<q), k is secret and g k is public Chaum-van Antwerpen Signature

45 Zhijun LiS1034040/Autumn08/HIT45 Signing: For a message m  G s=m k (mod p) Verification: Bob and Signer interact: –Challenge: Bob select two random a,b  Z q * and sends the challenge c=s a (g k ) b (mod p) –Response: r = c k -1  m a  g b (mod p) –Test: Bob checks VER( m, r ) = (r  ? m a g b (mod p)) Chaum-van Antwerpen Signature

46 Zhijun LiS1034040/Autumn08/HIT46 Disavowal Protocol: (when verification fails) –Bob  Signer: select a 1,b 1  Z q * and sends c 1 =s a 1 (g k ) b 1 (mod p) –Signer  Bob: r 1 =c 1 k -1 –Test: if r 1  m a 1  g b 1 (mod p), then follow –Bob  Signer: select a 2,b 2  Z q * and sends c 2 =s a 2 (g k ) b 2 (mod p) –Signer  Bob: r 2 =c 2 k -1 –Test: r 2  m a 2  g b 2 (mod p) If (r 1  g -b 1 ) a 2  (r 2  g -b 2 ) a 1 (mod p) then forged else signer cheat Chaum-van Antwerpen Signature

47 Zhijun LiS1034040/Autumn08/HIT47 Theorem: if s  m k mod p, then Bob accepts s as correct signature with prob. at most 1/q Proof: –For each c=s e 1 (g k ) e 2, there are q pairs of (e 1, e 2 ) because the order of s and g k is all q –g is a generator and ord(g)=q –c=g i, r=g j, m=g v, s=g w –c  s e 1 (g k ) e 2 (mod p); r  m e 1 g e 2 (mod p) –i  we 1 + ke 2 (mod q); j  ve 1 + e 2 (mod q) –If s  m k mod p, then w  kv mod q, then  0, and only a pair in q pairs of (e 1,e 2 ) is correct Correctness of Verification w k v 1

48 Zhijun LiS1034040/Autumn08/HIT48 Theorem: If s  m k mod p, and both parties follow the protocol, then (r  g -e 2 ) f 1  (R  g -f 2 ) e 1 (mod p) (Alice can convince Bob) Proof: –r=c k -1 (mod p) –c  s e 1 (g k ) e 2 (mod p) –(r  g -e 2 ) f 1  (s e 1 (g k ) e 2 ) k -1 g -e 2 ) f 1 (mod p)  s e 1 k -1 f 1 (mod p) –R=C k -1 (mod p) –(R  g -f 2 ) e 1  s e 1 k -1 f 1 (mod p) Correctness of Disavow Protocol

49 Zhijun LiS1034040/Autumn08/HIT49 Theorem: If s  m k mod p, and Bob follows the protocol, then Alice can convince Bob ((r  g -e 2 ) f 1  (R  g -f 2 ) e 1 (mod p)) with prob. 1/q Proof: –s=m k ; (r  g -e 2 ) f 1  (R  g -f 2 ) e 1 (mod p) –r  m e 1 g e 2 ; R  m f 1 g f 2 –(r  g -e 2 ) f 1  (R  g -f 2 ) e 1 (mod p) iff. R = (r 1/e 1 g -e 2 /e 1 ) f 1 g f 2 –Let r 0 =r 1/e 1 g -e 2 /e 1, which can be computed after stage one –Let stage two is the verification protocol –Suppose s is the r 0 ’s signature (s=r 0 k mod p) with prob. 1-1/q –s  m k mod p and s=r 0 k mod p  m=r 0 –r  m e 1 g e 2  m  r 1/e 1 g -e 2 /e 1  m  r 0 –Contradiction  (r  g -e 2 ) f 1  (R  g -f 2 ) e 1 (mod p) with prob. 1/q Correctness of Disavow Protocol

50 Zhijun LiS1034040/Autumn08/HIT50 Situation: For the Attacker with Unlimited Computing Power Scene Alice Bob TTP Oscar Establish Parameters ① Public Keys ② ⑤ Build PROOF ③ Signatures ④ Forged Signatures ⑦ Fail-stop ⑥ Proof Fail-Stop Signatures

51 Zhijun LiS1034040/Autumn08/HIT51 Initialization: TTP: two primes p and q, and p=2q+1 –g  Z p * and ord(g)=q –a random r  Z q * (0<r<q), r is known only by TTP and R=g r –(p,q,g,R) is Public and keep r is Secret Signer(Alice): Select a 1,a 2,b 1,b 2  Z q * as secret key, compute (  1  g a 1  R b 1 mod p  2  g a 2  R b 2 mod p) as public key Van Heyst & Pedersen Signature

52 Zhijun LiS1034040/Autumn08/HIT52 Signing: Alice: Sig K (m)=(s 1,s 2 ) s 1 =a 1 +mb 1 mod q s 2 =a 2 +mb 2 mod q Verification: Bob: Ver K (m,s) is  1  2 m  ? g s 1  R s 2 mod p Van Heyst & Pedersen Signature

53 Zhijun LiS1034040/Autumn08/HIT53 Build PROOF: Alice: –Detect a forged signature (s 1,s 2 ) for m –Compute the original signature (s 1,s 2 ) for m –Compute PROOF(s)=r  (s 1 -s 1 )(s 2 -s 2 ) -1 (mod q) r is the proof Van Heyst & Pedersen Signature

54 Zhijun LiS1034040/Autumn08/HIT54 Lemma 1: Let Oscar with unlimited power, he can solve (a 1,a 2,b 1,b 2 ) with q possible solutions from the public information and a signature s=(s 1,s 2 ) for m Proof: Denote  1 =g e 1 and  2 =g e 2, so g e 1  g a 1  g rb 1 mod p g e 2  g a 2  g rb 2 mod p e 1 =a 1 +rb 1 mod q s 1 =a 1 +mb 1 mod q s 2 =a 2 +mb 2 mod q             m010 0m01 r100 00r1       2 1 2 1 s s e e        =       2 1 2 1 b b a a       Rank is 3 Find by unlimited power Van Heyst & Pedersen: Remark

55 Zhijun LiS1034040/Autumn08/HIT55 Rank is 4           m010 0m01 r100 00r1      2 1 2 1 s s e e      =       2 1 2 1 b b a a             m’01 0 0 01   2 1 s’     Van Heyst & Pedersen: Remark Lemma 2: Let a signature s=(s 1,s 2 ) for m and a signature s’=(s 1 ’,s 2 ’) for m’, then a single solution for (a 1,a 2,b 1,b 2 ) Proof: Notes: –One-time signature –Oscar can compute s’=sig K (m’) with prob. 1/q known s=sig K (m) –BUT Oscar can give a verifiable signature s’’ for m’ and s’’  s’

56 Zhijun LiS1034040/Autumn08/HIT56 Lemma 3: If Signer get a forged signature s’=(s 1 ’,s 2 ’) for m and s’  s, he can compute the r=log g R Proof: –The forged signature s’ can pass the test –  1  2 m  g s’ 1  R s’ 2 mod p –For original signature –  1  2 m  g s 1  R s 2 mod p –g s’ 1  R s’ 2  g s 1  R s 2 mod p –  r=log g R  (s 1 -s 1 ’)(s 2 ’-s 2 ) -1 (mod q) Van Heyst & Pedersen: Remark

57 Zhijun LiS1034040/Autumn08/HIT57 Summary Nonreputation –Digital Signature –Public Key Infrastructure RSA Signature ElGamal Signature Digital Signature Algorithm Signatures with other Properties

Download ppt "Chapter 8 Digital Signature Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li"

Similar presentations

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Cryptography and Network Security

Cryptography and Network Security
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Computer Science&Technology School of Shandong University Instructor: Hou Mengbo Email: houmb AT sdu.edu.cn Office: Information Security Research Group.

Computer Science&Technology School of Shandong University Instructor: Hou Mengbo houmb AT sdu.edu.cn Office: Information Security Research Group.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Introduction to Modern Cryptography Homework assignments.

Introduction to Modern Cryptography Homework assignments.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Chapter 7-1 Signature Schemes.

Chapter 7-1 Signature Schemes.
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)

Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)
Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: 361-396 Authors: D. Pointcheval and J. Stern Presented.

Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.
Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: 361-396 Authors: D. Pointcheval and J. Stern Presented.

Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.
Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.

Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.

Similar presentations

Ads by Google