Presentation is loading. Please wait.

Presentation is loading. Please wait.

Announcements: 1. Pass in HW7 now. 2. Project rubrics posted (peruse together) 3. Teams choose presentation dates now Questions? This week: Birthday attacks,

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Announcements: 1. Pass in HW7 now. 2. Project rubrics posted (peruse together) 3. Teams choose presentation dates now Questions? This week: Birthday attacks,"— Presentation transcript:

1 Announcements: 1. Pass in HW7 now. 2. Project rubrics posted (peruse together) 3. Teams choose presentation dates now Questions? This week: Birthday attacks, Digital signatures, DSA Birthday attacks, Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 31

2 Why are digital signatures important? Compare with paper signatures Danger: Eve would like to use your signature on other documents! Solution: sig = f(document, user) Let m be the message/document Let m be the message/document Algorithms we’ll study: RSA RSA ElGamal ElGamal DSA (Digital Signature Algorithm) DSA (Digital Signature Algorithm)

3 RSA Signatures Alice chooses: p,q, n=pq, p,q, n=pq, e: gcd(n, (p-1)(q-1))=1, e: gcd(n, (p-1)(q-1))=1, d: ed = 1(mod ((p-1)(q-1)) d: ed = 1(mod ((p-1)(q-1)) Publishes n, e Alice’s signature: y = m d (mod n). Delivers (m, y) y = m d (mod n). Delivers (m, y) Bob’s verification: Does m = y e (mod n)? Does m = y e (mod n)? Show the verification works. Note that given the signature y, Bob can compute the message, m.

4 RSA Signatures Alice chooses: p,q, n=pq, p,q, n=pq, e: gcd(n, (p-1)(q-1))=1, e: gcd(n, (p-1)(q-1))=1, d: ed = 1(mod ((p-1)(q-1)) d: ed = 1(mod ((p-1)(q-1)) Publishes n, e Alice’s signature: y = m d (mod n). Delivers (m, y) y = m d (mod n). Delivers (m, y) Bob’s verification: Does m = y e (mod n)? Does m = y e (mod n)? Show the verification works. Note that given the signature y, Bob can compute the message, m. Eve wants to use Alice’s signature on a different document, m 1 Why doesn’t this work? Eve wants to choose a new y 1, then compute m 1 = y 1 e Why doesn’t this work?

5 Blind Signature Alice chooses: p,q, n=pq, p,q, n=pq, e: gcd(n, (p-1)(q-1))=1, e: gcd(n, (p-1)(q-1))=1, d: ed = 1(mod ((p-1)(q-1)) d: ed = 1(mod ((p-1)(q-1)) Publishes n, e Bob wants m signed Bob chooses: k: random, gcd(k, n)=1 k: random, gcd(k, n)=1 Bob sends: t=k e m Alice’s signature: s = t d (mod n). s = t d (mod n). Bob’s verification: Computes sk -1 Computes sk -1 Bob wants Alice to sign a document as a method of time-stamping it, but doesn’t want to release the contents yet. Why can’t Alice read m? Verification: Find sk -1 in terms of m What is the significance of this? What’s the danger to Alice of a blind signature?

Download ppt "Announcements: 1. Pass in HW7 now. 2. Project rubrics posted (peruse together) 3. Teams choose presentation dates now Questions? This week: Birthday attacks,"

Similar presentations

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.

1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and applications Math 7290CryptographySu07.

Digital Signatures and applications Math 7290CryptographySu07.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 # Public/Private Keys = 2 n.

A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 # Public/Private Keys = 2 n.
Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.

Announcements:Questions? This week: Digital signatures, DSA Digital signatures, DSA Secret sharing Secret sharing DTTF/NB479: DszquphsbqizDay 29.
Announcements: 1. Term project groups and topics due midnight 2. HW6 due next Tuesday. Questions? This week: Primality testing, factoring Primality testing,

Announcements: 1. Term project groups and topics due midnight 2. HW6 due next Tuesday. Questions? This week: Primality testing, factoring Primality testing,
Announcements: See schedule for weeks 8 and 9 See schedule for weeks 8 and 9 Project workdays, due dates, exam Project workdays, due dates, exam Projects:

Announcements: See schedule for weeks 8 and 9 See schedule for weeks 8 and 9 Project workdays, due dates, exam Project workdays, due dates, exam Projects:
Announcements: 1. Pass in Homework 5 now. 2. Term project groups and topics due by Friday 1.Can use discussion forum to find teammates 3. HW6 posted, due.

Announcements: 1. Pass in Homework 5 now. 2. Term project groups and topics due by Friday 1.Can use discussion forum to find teammates 3. HW6 posted, due.
Attacks on Digital Signature Algorithm: RSA

Attacks on Digital Signature Algorithm: RSA
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.
Announcements: HW4 – DES due midnight HW4 – DES due midnight So far the record is less than 15 sec on 1 million iters Quiz on ch 3 postponed until after.

Announcements: HW4 – DES due midnight HW4 – DES due midnight So far the record is less than 15 sec on 1 million iters Quiz on ch 3 postponed until after.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.

Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
Announcements: 1. Presentations start Friday 2. Cem Kaner presenting O167 10 th block today. Questions? This week: DSA, Digital Cash DSA, Digital Cash.

Announcements: 1. Presentations start Friday 2. Cem Kaner presenting O th block today. Questions? This week: DSA, Digital Cash DSA, Digital Cash.
Announcements:Questions? This week: Birthday attacks, Digital signatures, DSA Birthday attacks, Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 30.

Announcements:Questions? This week: Birthday attacks, Digital signatures, DSA Birthday attacks, Digital signatures, DSA DTTF/NB479: DszquphsbqizDay 30.
Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,

Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,
Announcements: 1. Short “pop” quiz on Ch 3 (not today) 2. Term project groups and topics due tomorrow midnight Waiting for posts from 22 of you. 3. HW6:

Announcements: 1. Short “pop” quiz on Ch 3 (not today) 2. Term project groups and topics due tomorrow midnight Waiting for posts from 22 of you. 3. HW6:
Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.

Pass in HW6 now Can use up to 2 late days Can use up to 2 late days But one incentive not to burn them all: teams will get to pick their presentation day.
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.

Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Chapter 7-1 Signature Schemes.

Chapter 7-1 Signature Schemes.

Similar presentations

Ads by Google