Presentation is loading. Please wait.

Presentation is loading. Please wait.

Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 29.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 29."— Presentation transcript:

1 Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 29

2 Why are digital signatures important? Compare with paper signatures Danger: Eve would like to use your signature on other documents! Solution: sig = f(m, user) Let m be the message (document) Let m be the message (document) Algorithms we’ll study: RSA RSA ElGamal ElGamal DSA (Digital Signature Algorithm) DSA (Digital Signature Algorithm)

3 RSA Signatures Alice chooses: p,q, n=pq, p,q, n=pq, e: gcd(e, (p-1)(q-1))=1, e: gcd(e, (p-1)(q-1))=1, d: ed ≡ 1(mod ((p-1)(q-1)) [d is the “pen” Alice uses] d: ed ≡ 1(mod ((p-1)(q-1)) [d is the “pen” Alice uses] Publishes n, e [“glasses” Bob uses to see the writing] Alice’s signature uses the decryption exponent: y ≡ m d (mod n). Delivers (m, y) y ≡ m d (mod n). Delivers (m, y) Bob’s verification: Does m ≡ y e (mod n)? Does m ≡ y e (mod n)? Show the verification works. Note that given only the signature y, and public info e and n, Bob can compute the message, m. 1

4 RSA Signatures Alice chooses: p,q, n=pq, p,q, n=pq, e: gcd(n, (p-1)(q-1))=1, e: gcd(n, (p-1)(q-1))=1, d: ed ≡ 1(mod ((p-1)(q-1)) d: ed ≡ 1(mod ((p-1)(q-1)) Publishes n, e Alice’s signature: y ≡ m d (mod n). Delivers (m, y) y ≡ m d (mod n). Delivers (m, y) Bob’s verification: Does m ≡ y e (mod n)? Does m ≡ y e (mod n)? Eve’s schemes: Can she use Alice’s signature on a different document, m 1 ? Can she compute a new y 1, so that m 1 = y 1 e ? Can she choose a new y 1 first, then compute m 1 = y 1 e ? 2

5 Blind Signature Alice chooses: p,q, n=pq, p,q, n=pq, e: gcd(n, (p-1)(q-1))=1, e: gcd(n, (p-1)(q-1))=1, d: ed ≡ 1(mod ((p-1)(q-1)) d: ed ≡ 1(mod ((p-1)(q-1)) Publishes n, e Bob wants m signed Bob chooses: k: random, gcd(k, n)=1 k: random, gcd(k, n)=1 Bob sends: t ≡ k e m (mod n) Alice’s signature: s ≡ t d (mod n). s ≡ t d (mod n). Bob’s verification: Computes sk -1 Computes sk -1 Bob wants Alice to sign a document as a method of time-stamping it, but doesn’t want to release the contents yet. Verification: Find sk -1 in terms of m What is the significance of this? Why can’t Alice read m? What’s the danger to Alice of a blind signature? 3-4

6 ElGamal Signatures Many different valid signatures for a given message But verification doesn’t reveal m. Alice chooses: p,primitive root ,  ≡  a (mod p) p,primitive root ,  ≡  a (mod p) Publishes (p,  ), keeps a secret Publishes (p,  ), keeps a secret Alice’s signature: Chooses k: random, gcd(k, p-1)=1 Chooses k: random, gcd(k, p-1)=1 Sends (m, (r,s)), where: Sends (m, (r,s)), where: r ≡  k (mod p) s ≡ k -1 (m – ar) (mod p-1) Bob’s verification: Does  r r s ≡  m (mod p)? Does  r r s ≡  m (mod p)?

7 ElGamal Signatures Many different valid signatures for a given message Alice chooses: p,primitive root , secret a, and  ≡  a (mod p) p,primitive root , secret a, and  ≡  a (mod p) Publishes (p,  ), keeps a secret Publishes (p,  ), keeps a secret Alice’s signature: Chooses k: random, gcd(k, p-1)=1 Chooses k: random, gcd(k, p-1)=1 Sends m, (r,s), where: Sends m, (r,s), where: r ≡  k (mod p) s ≡ k -1 (m – ar) (mod p-1) Bob’s verification: Does  r r s ≡  m (mod p)? Does  r r s ≡  m (mod p)? Notice that one can’t compute m from (r,s). Show the verification works. Why can’t Eve apply the signature to another message? If Eve learns a, she can forge the signature Note: Alice needs to randomize k each time, else Eve can recognize this, and can compute k and a relatively quickly. 5-7

Download ppt "Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 29."

Similar presentations

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Asymmetric-Key Cryptography

Asymmetric-Key Cryptography
Digital Signatures and applications Math 7290CryptographySu07.

Digital Signatures and applications Math 7290CryptographySu07.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.

Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.
Attacks on Digital Signature Algorithm: RSA

Attacks on Digital Signature Algorithm: RSA
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Announcements: HW4 – DES due midnight HW4 – DES due midnight So far the record is less than 15 sec on 1 million iters Quiz on ch 3 postponed until after.

Announcements: HW4 – DES due midnight HW4 – DES due midnight So far the record is less than 15 sec on 1 million iters Quiz on ch 3 postponed until after.
Announcements: 1. Presentations start Friday 2. Cem Kaner presenting O167 10 th block today. Questions? This week: DSA, Digital Cash DSA, Digital Cash.

Announcements: 1. Presentations start Friday 2. Cem Kaner presenting O th block today. Questions? This week: DSA, Digital Cash DSA, Digital Cash.
Introduction to Modern Cryptography Homework assignments.

Introduction to Modern Cryptography Homework assignments.
Announcements:Questions? This week: Birthday attacks, Digital signatures, DSA Birthday attacks, Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 30.

Announcements:Questions? This week: Birthday attacks, Digital signatures, DSA Birthday attacks, Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 30.
Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,

Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,
Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.

Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.

Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Chapter 7-1 Signature Schemes.

Chapter 7-1 Signature Schemes.
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)

Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)
Announcements: How was last Saturday’s workshop? How was last Saturday’s workshop? DES due now DES due now Chapter 3 Exam tomorrow Chapter 3 Exam tomorrow.

Announcements: How was last Saturday’s workshop? How was last Saturday’s workshop? DES due now DES due now Chapter 3 Exam tomorrow Chapter 3 Exam tomorrow.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

Similar presentations

Ads by Google