applied cryptography - protocols, algorithms, and source code in c

2 our ability to carry out large arithmetic

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 0.5 Discrete Logarithm Signature Schemes Signature Equation (1) r’k = s + mx mod q (2) r’k = m + sx mod q (3) sk = r’ + mx mod q (4) sk = m + r’x mod q (5) mk = s + r’x mod q (6) mk = r’ + sx mod q To sign, first compute r = mgk mod p and replace m by 1 in the signature equation. Then you can reconstruct the verification equation such that m can be computed directly. You can do the same with the DSA-like schemes: r = (mgk mod p) mod q Verification Equation rr’ = gsym mod p rr’ = gmys mod p rs = gr’ym mod p rs = gmyr’ mod p rm = gsyr’ mod p rm = gr’ys mod p Previous Table of Contents Next Products | Contact Us | About Us | Privacy | Ad Info | Home Use of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc. All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Read EarthWeb's privacy statement. To access the contents, click the chapter and section titles. Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth) Go! Keyword Brief Full Advanced Search Search Tips (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book: Go! Previous Table of Contents Next ----------- All the variants are equally secure, so it makes sense to choose a scheme that is easy to compute with. The requirement to compute inverses slows most of these schemes. As it turns out, a scheme in this pile allows computing both the signature equation and the verification equation without inverses and also gives message recovery. It is called the p-NEW scheme [1184]. r = mg-k mod p s = k – r’x mod q And m is recovered (and the signature verified) by m = gsyr’r mod p Some variants sign two and three message blocks at the same time [740]; other variants can be used for blind signatures [741]. This is a remarkable piece of research. All of the various discrete-logarithm-based dig...
View Full Document

Ask a homework question - tutors are online