This preview shows page 1. Sign up to view the full content.
Unformatted text preview: ital signature schemes have been put in one coherent framework. In my opinion this finally puts to rest any patent dispute between Schnorr [1398] and DSA [897]: DSA is not a derivative of Schnorr, nor even of ElGamal. All three are examples of this general construction, and this general construction is unpatented. 20.5 OngSchnorrShamir
This signature scheme uses polynomials modulo n [1219,1220]. Choose a large integer n (you need not know the factorization of n). Then choose a random integer, k, such that k and n are relatively prime. Calculate h such that h = –k2 mod n = (k1)2 mod n The public key is h and n; k is the private key. To sign a message, M, first generate a random number, r, such that r and n are relatively prime. Then calculate: S1 = 1/2 * (M/r + r) mod n S2 = k/2 * (M/r – r) mod n The pair, S1 and S2, is the signature. To verify a signature, confirm that S12 + h * S22 a M (mod n) The version of the scheme described here is based on quadratic polynomials. When it was first proposed in [1217], a $100 reward was offered for successful cryptanalysis. It was proved insecure [1255,18], but its authors were not deterred. They proposed a modification of the algorithm based on cubic polynomials, which is also insecure [1255]. The authors then proposed a quartic version, which was also broken [524,1255]. A variant which fixes these problems is in [1134]. 20.6 ESIGN
ESIGN is a digital signature scheme from NTT Japan [1205,583]. It is touted as being at least as secure and considerably faster than either RSA or DSA, with similar key and signature lengths. The private key is a pair of large prime numbers, p and q. The public key is n, when n = p 2q H is a hash function that operates on a message, m, such that H(m) is between 0 and n – 1. There is also a security parameter, k, which will be discussed shortly. (1) Alice picks a random number x, where x is less than pq. (2) Alice computes: w, the least integer that is larger than or equal to (H(m) – xk mod n)/pq s = x + ((w/kxk  1) mod p)pq (3) Alice sends s to Bob. (4) To verif...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details