Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Signatures and applications Math 7290CryptographySu07.

Published byEmery Terry Modified over 9 years ago

Similar presentations

Presentation on theme: "Digital Signatures and applications Math 7290CryptographySu07."— Presentation transcript:

1 Digital Signatures and applications Math 7290CryptographySu07

2  Digital Signature Schemes  Digital vs Conventional Signatures  RSA Signature Scheme  El Gamal Signature Scheme  Security Protocols  Session Keys -- Diffie Hellman theme and variations  Centralized key management (certificates)  Decentralized key management (PGP)

3 Conventional vs Digital advantages and disadvantages  Conventional  Part of a physical document  compared to known authentic signature  Identical copy easily distinguished and does not substitute for the original  Digital  Not physically part of the document  Verification is done with an authentication algorithm  Identical copies are easy to make and (ab)use

4 Digital Signature Scheme  Must bind to the signer and to the message being signed  An encryption like process  Must be verifiable by recipient  A decryption like process  Scheme consists of  Messagesx  Signaturesy  Keysk  Signing algorithmy=e(x,k)  Verification algorithmx=d(y,k’)

5 RSA encryption scheme n=pq, where p and q are large primes e, encryption exponent (no factor in common with (p-1)(q-1)) d, decryption exponent (multiplicative inverse of e mod (p-1)(q-1)) PUBLIC KEY (e, n) private key d encryption of message x: y=x e modulo n decryption of message y: x=y d modulo n

6 RSA Digital Signatures Alice has public key (e A,n A ) and private key d A. Bob has public key (e B,n B ) and private key d B. Alice has prepared a message x to send to Bob But before sending it she signs it using her private key: Then she sends z to Bob. Bob decrypts and verifies using his private key and Alice’s public key! Bob knows the message, and it had to be from Alice. Noone else could have her private key!

7 El Gamal Encryption Scheme  p a large prime, integer a, 0<a<p-1  , a primitive element mod p,  =  a mod p  public key (p, ,  ) private key a  Encryption of message x: (y 1,y 2 ) where  y 1 =  k mod p, y 2 =x  k mod p (k? any k is ok)  Decryption of message (y 1,y 2 ):  y 2 (y 1 a ) -1 mod p = x

8 El Gamal Signature Scheme Alice has her private key a, and her random k, (here chosen relatively prime to p-1) and her public key (p, ,  ) Bob Alice signs message m (encrypted or not with Bob’s public key) by computing and sending (m,r,s) to Bob(m,r,s)

9 Bob verifies that the message is from Alice, using Alice’s public key (p, ,  ). He computes: Bob receives (m,r,s) and the signature of Alice is verified if v 1 =v 2 because Bob can then decrypt m, if necessary,

10 caveat encryptor inadvertent trapdoors with El Gamal signatures don’t use the same k twice! the private key a becomes accessible be careful if r is relatively prime to p-1 again, the secrecy of a is compromised

11 Diffie Hellman Key Exchange whereby Alice & Bob agree on a session key Alice (or Bob) selects a large prime p and a primitive element  mod p. Both can be made public. Alice selects secret x, 0<x<p-1 and Bob selects secret y, 0<y<p-1. Alice sends A=  x mod p to Bob. Bob sends B=  y mod p to Alice. Alice computes K=B x =(  y ) x while Bob computes K=A y = (  x ) y. They have a common key to use in a symmetric key setting!

12 But what if … Alice (or Bob) selects a large prime p and a primitive element  mod p. Both can be made public. Alice selects secret x, 0<x<p-1 and Bob selects secret y, 0<y<p-1. Alice sends A=x mod p to Bob. Bob sends B=y mod p to Alice. but Eve intercepts both A and B; she selects her own z and sends instead E=z mod p and sends it to both Alice and Bob (who think they are receiving B and A). Eve computes KA=Az= (x )z, KB=Bz= (y )z Alice computes K=Ex=(z)x =KA while Bob computes K=Ey= (z )y =EB. Alice and Bob think they have safe communication, but Eve is …. supervising perhaps?

13 authenticated key agreement a protocol than incorporates digital signatures Alice (or Bob) selects a large prime p and a primitive element  mod p. Both can be made public. Alice selects secret x, 0<x<p-1 and Bob selects secret y, 0<y<p-1. Alice sends A=  x mod p to Bob. Bob sends B=  y mod p to Alice. Alice computes K=B x =(  y ) x while Bob computes K=A y = (  x ) y. Bob computes B=  y mod p.

14 authenticated key agreement a protocol than incorporates digital signatures Alice (or Bob) selects a large prime p and a primitive element  mod p. Both can be made public. Alice selects secret x, 0<x<p-1 and Bob selects secret y, 0<y<p-1. Alice sends A=  x mod p to Bob. Bob computes B=  y mod p. Bob uses his digital signature for the message (B,A) to produce sig B (B,A). Bob also computes K=A y = (  x ) y. Bob then encrypts sig B (B,A) using the key K: E K (sig B (B,A))=S B. Bob sends B, S B.

15 authenticated key agreement a protocol than incorporates digital signatures (continued) Alice uses B to compute K=Bx= (y)x Alice decrypts SB using K to get sigB(B,A). Alice then verifies Bob’s signature. Alice reciprocates; she computes sigA(A,B) and encrypts it using K: EK(sigA(A,B))=SA. Alice sends SA to Bob who can then verify her signature.

16 Public Key Infrastructures X.509 Certificate (centralized authority) VeriSign, AT&T,etc Certificates having different levels of trust/validity are issued by the CA PGP (decentralized system) each user has a keyring with trust levels for others (implicit/complete/partial/none) validation for any other based on connections in the web of trust associated with the user’s keyring

Download ppt "Digital Signatures and applications Math 7290CryptographySu07."

Similar presentations

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.
Public Key Cryptography Nick Feamster CS 6262 Spring 2009.

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.

Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Key Distribution CS 470 Introduction to Applied Cryptography

Key Distribution CS 470 Introduction to Applied Cryptography
20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 6 Epayment Security II.

ELECTRONIC PAYMENT SYSTEMSFALL 2001COPYRIGHT © 2001 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 6 Epayment Security II.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 29.

Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 29.

Similar presentations

Ads by Google