Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature.

Published byMelvin Sanders Modified over 7 years ago

Similar presentations

Presentation on theme: "CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature."— Presentation transcript:

1 CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature

2 14. Digital Signature CS480_W16 14 - 2 Outline r Conventional signatures and digital signatures r Services provided by signature r Some digital signature schemes r Diffie-Hellman Key exchange algorithm

3 14. Digital Signature CS480_W16 14 - 3 Conventional signatures and digital signatures r Conventional signature m Signature on a document m Signature on a check, … m A signature, when verified, is a sign of authentication The document is authentic It’s originated from the right person What else? r Digital signature m Electronic signature used to prove the authenticity of a digital message and its sender

4 14. Digital Signature CS480_W16 14 - 4 Differences between conventional signatures and digital signatures r Inclusion r Verification method r Relationship r duplicity

5 14. Digital Signature CS480_W16 14 - 5 Inclusion r A conventional signature is included in the document r It is part of the document r But when we sign a document digitally, we send the signature as a separate document

6 14. Digital Signature CS480_W16 14 - 6 Verification method r For a conventional signature, when the recipient receives a document, she compares the signature on the document with the signature on file m The recipient needs to have a copy of this signature on file r For a digital signature, the recipient receives the message and the signature. The recipient needs to apply a verification technique to the combination of the message and the signature to verify the authenticity m A copy of signature is not stored anywhere

7 14. Digital Signature CS480_W16 14 - 7 Relationship r For a conventional signature, there is normally a one-to-many relationship between a signature and documents m The same signature can be used in many documents r For a digital signature, there is a one-to-one relationship between a signature and a message. m The signature of one message cannot be used in another message

8 14. Digital Signature CS480_W16 14 - 8 Duplicity r In conventional signature, a copy of the signed document can be distinguished from the original one on file r In digital signature, there is no such distinction unless there is a factor of time on the document m Digital signature is subject to replay attack

9 14. Digital Signature CS480_W16 14 - 9 Digital signature process r The sender uses a signing algorithm to sign the message r The message and the signature are sent to the receiver r The receiver receives the message and the signature and applies the verifying algorithm to the combination r If the result is true, the message is accepted; otherwise, it is rejected.

10 14. Digital Signature CS480_W16 14 - 10 Need for Keys r A digital signature needs a public-key system r The signer signs with her private key; the verifier verifies with the signer’s public key.

11 14. Digital Signature CS480_W16 14 - 11 Signing the Digest r A cryptosystem uses the private and public keys of the receiver: a digital signature uses the private and public keys of the sender

12 14. Digital Signature CS480_W16 14 - 12 Services provided by signature r Authentication r Message integrity m The integrity of the message is preserved even if we sign the whole message because we cannot get the same signature if the message is changed r Nonrepudiation m The digital signature is created using the sender’s private key m Only the sender knows his private key m He cannot deny the fact that he signed the message

13 14. Digital Signature CS480_W16 14 - 13 Adding confidentiality to a digital signature scheme r A digital signature does not provide privacy. r If there is a need for privacy, another layer of encryption/decryption must be applied.

14 14. Digital Signature CS480_W16 14 - 14 The differences between MAC and digital signature r They are based on different kinds of key schemes m MAC is symmetric key based m Digital signature is asymmetric key based r MAC can provide authentication and integrity r Digital signature can provide authentication, integrity and nonrepudiation

15 14. Digital Signature CS480_W16 14 - 15 Digital signature schemes r RSA Digital Signature Scheme r ElGamal Digital Signature Scheme r Digital Signature Standard (DSS)

16 14. Digital Signature CS480_W16 14 - 16 RSA Digital Signature Scheme d e

17 14. Digital Signature CS480_W16 14 - 17 Key Generation r Key generation in the RSA digital signature scheme is exactly the same as key generation in the RSA r In the RSA digital signature scheme m d is private m e and n are public.

18 14. Digital Signature CS480_W16 14 - 18 Signing and Verifying

19 14. Digital Signature CS480_W16 14 - 19 Example r suppose that Alice chooses p = 823 and q = 953, and calculates n = 784319. r The value of ø(n) is 782544 r Now she chooses e = 313 and calculates d = 160009. r At this point key generation is complete r Now imagine that Alice wants to send a message with the value of M = 19070 to Bob r She uses her private exponent, 160009, to sign the message

20 14. Digital Signature CS480_W16 14 - 20 Example r Alice sends the message and the signature to Bob. Bob receives the message and the signature. He calculates Bob accepts the message because he has verified Alice’s signature.

21 14. Digital Signature CS480_W16 14 - 21 RSA Signature on the Message Digest r When the digest is signed instead of the message itself, the susceptibility of the RSA digital signature scheme depends on the strength of the hash algorithm.

22 14. Digital Signature CS480_W16 14 - 22 ElGamal Digital Signature Scheme Figure 13.9 General idea behind the ElGamal digital signature scheme

23 14. Digital Signature CS480_W16 14 - 23 Key Generation r The key generation procedure here is exactly the same as the one used in the cryptosystem r In ElGamal digital signature scheme, (e1, e2, p) is Alice’s public key; d is her private key.

24 14. Digital Signature CS480_W16 14 - 24 ElGamal Digital Signature Scheme: key generation

25 14. Digital Signature CS480_W16 14 - 25 Verifying and Signing r should be relative prime to p-1

26 14. Digital Signature CS480_W16 14 - 26 Example Here is a trivial example. Alice chooses p = 3119, e 1 = 2, d = 127 and calculates e 2 = 2 127 mod 3119 = 1702. She also chooses r to be 307. She announces e1, e2, and p publicly; she keeps d secret. The following shows how Alice can sign a message.

27 14. Digital Signature CS480_W16 14 - 27 Example Alice sends M, S 1, and S 2 to Bob. Bob uses the public key to calculate V 1 and V 2. e 2 S1

28 14. Digital Signature CS480_W16 14 - 28 Example Now imagine that Alice wants to send another message, M = 3000, to Ted. She chooses a new r, 107. Alice sends M, S 1, and S 2 to Ted. Ted uses the public keys to calculate V 1 and V 2. e 2 S1 2

29 14. Digital Signature CS480_W16 14 - 29 Digital Signature Standard (DSS)

30 14. Digital Signature CS480_W16 14 - 30 Key Generation r Alice chooses a primes p, between 512 and 1024 bits in length. The number of bits in p must be a multiple of 64 r Alice chooses a 160-bit prime q in such way that q divides (p-1). r Alice uses and. m is a subgroup of r Alice creates e 1 to be the qth root of 1 mod p (e 1 q = 1 mod p). m To do so, Alice chooses a primitive element e 0 in Zp, m Calculates e 1 = e 0 (p-1)/q mod p r Alice chooses d as the private key and calculates e 2 = e 1 d mod p. r Alice’s public key is (e 1, e 2, p, q) r Her private key is (d).

31 14. Digital Signature CS480_W16 14 - 31 Signing r Alice chooses a random number r(1<=r<=q) r Alice calculates the first signature m S 1 = (e 1 r mod p) mod q m Note: S 1 does not depend on M, the message r Alice creates a digest of M, h(M) r Alice calculates the second signature m S2 = ( h(M) + dS 1 )r -1 mod q r Alice sends M, S 1 and S 2 to Bob

32 14. Digital Signature CS480_W16 14 - 32 Verifying r Bob checks to see if 0 < S1 < q r Bob checks to see if 0 < s2 <q r Bob calculates a digest of M, h(M) r Bob calculates V = [(e 1 h(M)S2^-1 e 2 S1S2^-1 ) mod p] mod q r If S1 = V, M is accepted

33 14. Digital Signature CS480_W16 14 - 33 Verifying and Signing

34 14. Digital Signature CS480_W16 14 - 34 Example Alice chooses q = 101 and p = 8081. Alice selects e 0 = 3 and calculates e 1 = e 0 (p−1)/q mod p = 6968. Alice chooses d = 61 as the private key and calculates e 2 = e 1 d mod p = 2038. Now Alice can send a message to Bob. Assume that h(M) = 5000 and Alice chooses r = 71: 71

35 14. Digital Signature CS480_W16 14 - 35 Example Alice sends M, S 1, and S 2 to Bob. Bob uses the public keys to calculate V.

36 14. Digital Signature CS480_W16 14 - 36 Comparison r DSS Versus RSA m Computation of DSS signatures is faster than computation of RSA signatures when using the same p. r DSS Versus ElGamal m DSS signatures are smaller than ElGamal signatures because q is smaller than p.

37 14. Digital Signature CS480_W16 14 - 37 Symmetric key agreement r Alice and Bob can create a session key between themselves r This method of session-key creation is referred to as the symmetric-key agreement m Diffie-Hellman Key Agreement

38 14. Digital Signature CS480_W16 14 - 38 Diffie-Hellman Key Agreement r Alice and Bob agree on global parameters:  Large prime integer p m g: a primitive root r Alice generates a key pair  chooses a private key (number): x < p  Compute her public key: R1 = g x mod p m A sends R1 to Bob r Bob generates a key pair  chooses a private key (number): y < p  Compute his public key: R2 = g y mod p m Bob sends R2 to Alice

39 14. Digital Signature CS480_W16 14 - 39 Diffie-Hellman Key Agreement r The Shared session key for Alice and Bob is K AB : m Alice computes K AB = R2 x mod p m Bob Computes K AB = R1 y mod p r If Alice and Bob subsequently communicate, they will have the same key as before, unless they choose new public-keys

40 14. Digital Signature CS480_W16 14 - 40 Example r Alice & Bob wish to set up a session key:  They Agree on prime p=353 and g=3 r Alice  Chooses: x = 97  Computes : R1= g x = 3 97 mod 353 = 40  Publishes : R1 = 40 r Bob  chooses y = 233  Computes : R2 = g y = 3 233 mod 353 = 248  Publishes : R2 = 248 r Compute the shared session key  Alice : K AB = R2 x mod 353 = 248 97 mod 353 = 160  Bob : K AB = R1 y mod 353 = 40 233 mod 353= 160

Download ppt "CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature."

Similar presentations

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Public Key Cryptography & Message Authentication By Tahaei Fall 2012.

Public Key Cryptography & Message Authentication By Tahaei Fall 2012.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,

Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.5 Public Key Algorithms.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.

13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.

13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
Chapter 13 Digital Signature

Chapter 13 Digital Signature
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall 2011 1.

Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
Rachana Y. Patil 1 1.

Rachana Y. Patil 1 1.
CS5204 – Fall 2009 1 Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Similar presentations

Ads by Google