Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Published byKelly Lane Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1."— Presentation transcript:

1 Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1

2 BK TP.HCM Content  Digital Signatures  Distribution of public keys 2

3 BK TP.HCM Digital Signatures  have looked at message authentication ▫ but does not address issues of lack of trust  digital signatures provide the ability to: ▫ verify author, date & time of signature ▫ authenticate message contents ▫ be verified by third parties to resolve disputes  hence include authentication function with additional capabilities 3

4 BK TP.HCM Practical Signature Schemes  Sender: ▫ Signer computes h = H(M) (for example SHA-1 hash) ▫ h is encrypted with the private key to get the signature S.  Signer sends M || S  Receiver: ▫ Extract M. Calculate h = H(M). ▫ S is decrypted with public key to get h’. ▫ Verify h’ = h 4

5 BK TP.HCM Practical Signature Schemes 5

6 BK TP.HCM RSA Signature Scheme  Alice's public keys are n a and e a.  Alice wishes to sign a message M ▫ Compute h = h(M) ▫ The signature S is computes as S = h d a mod n a.  Any verfier with access to Alice's public keys e a and n a can verify that: h’ = S e a ≡ h e a d a ≡ h k  (n a )+1 ≡ h mod n a. 6

7 BK TP.HCM Digital Signature Standard (DSS)  US Govt approved signature scheme  designed by NIST & NSA in early 90's  published as FIPS-186 in 1991  revised in 1993, 1996 & then 2000  uses the SHA hash algorithm  DSS is the standard, DSA is the algorithm  FIPS 186-2 (2000) includes alternative RSA & elliptic curve signature variants 7

8 BK TP.HCM Digital Signature Algorithm (DSA)  creates a 320 bit signature  with 512-1024 bit security  smaller and faster than RSA  a digital signature scheme only  security depends on difficulty of computing discrete logarithms 8

9 BK TP.HCM DSA Key Generation  have shared global public key values (p,q,g): ▫ choose q, a 160 bit ▫ choose a large prime 2 L-1 ≤ p ≤ 2 L  where L= 512 to 1024 bits and is a multiple of 64  and q is a prime factor of (p-1), 2 159 < q < 2 160 ▫ choose g = h (p-1)/q  where 1 1  users choose private & compute public key: ▫ choose private key: x < q ▫ compute public key: y = g x (mod p) 9

10 BK TP.HCM DSA Signature Creation  to sign a message M the sender: ▫ generates a random signature key k, k < q ▫ k must be random, be destroyed after use, and never be reused  then computes signature pair: r = (g k (mod p))(mod q) s = (k -1.H(M)+ x.r)(mod q)  signature is r || s (r, s are 160-bit quantities)  sends signature (r,s) with message M 10

11 BK TP.HCM DSA Signature Verification  having received M & signature (r,s)  to verify a signature, recipient computes: w = s -1 (mod q) u1= (H(M).w)(mod q) u2= (r.w)(mod q) v = (g u1.y u2 (mod p)) (mod q)  if v=r then signature is verified  A proof is provided at this book's Web site. 11

12 BK TP.HCM Advantages of DSA  The signature size is small (equivalent to 2 hashes)  All computations (for signing and verication) use smaller modulus q 12

13 BK TP.HCM Distribution of Public Keys  can be considered as using one of: ▫ public announcement ▫ publicly available directory ▫ public-key authority ▫ public-key certificates

14 BK TP.HCM Public Announcement  users distribute public keys to recipients or broadcast to community at large ▫ eg. append PGP keys to email messages or post to news groups or email list  major weakness is forgery ▫ anyone can create a key claiming to be someone else and broadcast it ▫ until forgery is discovered can masquerade as claimed user

15 BK TP.HCM Publicly Available Directory  can obtain greater security by registering keys with a public directory  directory must be trusted with properties: ▫ contains {name,public-key} entries ▫ participants register securely with directory ▫ participants can replace key at any time ▫ directory is periodically published ▫ directory can be accessed electronically  still vulnerable to tampering or forgery

16 BK TP.HCM Public-Key Authority  improve security by tightening control over distribution of keys from directory  has properties of directory  and requires users to know public key for the directory  then users interact with directory to obtain any desired public key securely ▫ does require real-time access to directory when keys are needed

17 BK TP.HCM Public-Key Authority

18 BK TP.HCM Public-Key Certificates  certificates allow key exchange without real- time access to public-key authority  a certificate binds identity to public key ▫ usually with other info such as period of validity, rights of use etc  with all contents signed by a trusted Public-Key or Certificate Authority (CA)  can be verified by anyone who knows the public-key authorities public-key

19 BK TP.HCM Public-Key Certificates

20 BK TP.HCM Public Key Infrastructure  CA signs the public key of all entities  which can be verified by any entity who has acess to the public key of the CA  The public key of the CA is widely distributed ▫ advertized in newspapers ▫ preloaded in all computers  X.509 - format for public key certificates

21 BK TP.HCM Public Key Infrastructure  (Step 1) Key generation: Every entity generates a public-private key pair ▫ choose a random private key ▫ compute the public key  (Step 2) Registration: Every entity should ▫ provide proof of their identity (to the CA)  (Step 3) Obtain certificate from the CA ▫ CA signs a certificate which binds the identity of A to A’s public key

22 BK TP.HCM X.509 Formats

23 BK TP.HCM Summary  have discussed: ▫ digital signatures ▫ distribution of public keys 23

Download ppt "Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1."

Similar presentations

Key Management Nick Feamster CS 6262 Spring 2009.

Key Management Nick Feamster CS 6262 Spring 2009.
Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
Cryptography and Network Security

Cryptography and Network Security
Computer Science&Technology School of Shandong University Instructor: Hou Mengbo Email: houmb AT sdu.edu.cn Office: Information Security Research Group.

Computer Science&Technology School of Shandong University Instructor: Hou Mengbo houmb AT sdu.edu.cn Office: Information Security Research Group.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Cryptography and Network Security (CS435) Part Eleven (Digital Signatures and Authentication Protocols)

Cryptography and Network Security (CS435) Part Eleven (Digital Signatures and Authentication Protocols)
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,

Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
Chapter3 Public-Key Cryptography and Message Authentication.

Chapter3 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings.

Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings.

Similar presentations

Ads by Google