This preview shows page 1. Sign up to view the full content.
Unformatted text preview: , and her credentials, J. She sends this signature to Bob. (4) Bob computes T´ = DvJd mod n. He then computes d´ = H(M,T´). If d = d´, then Alice must know B and the signature is valid. Multiple Signatures
What if many people want to sign the same document? The easy solution has each of them signing separately, but this signature scheme can do better than that. Here Alice and Bob sign the same document and Carol verifies the signatures, but any number of people can be involved in the signature process. As before, Alice and Bob have their own unique J and B values: (JA, BA) and (JB, BB). The values n and v are common to the system. (1) Alice picks a random integer, rA, such that rA is between 1 and n 1. She computes TA = rAv mod n and sends TA to Bob. (2) Bob picks a random integer, rB, such that rB is between 1 and n  1. He computes TB = rBv mod n and sends TB to Alice. (3) Alice and Bob each compute T = (TATB) mod n. (4) Alice and Bob each compute d = H(M,T), where M is the message being signed and H(x) is a oneway hash function. The d produced by the hash function must be between 0 and v  1 [1280]. If the output of the hash function is not within this range, it must be reduced modulo v. (5) Alice computes DA = rABAd mod n and sends DA to Bob. (6) Bob computes DB = rBBBd mod n and sends DB to Alice. (7) Alice and Bob each compute D = DADB mod n. The signature consists of the message, M, the two calculated values, d and D, and both of their credentials: JA and JB. (8) Carol computes J = JAJB mod n. (9) Carol computes T´ = DvJd mod n. She then computes d´ = H(M,T´). If d a d´, then the multiple signature is valid. This protocol can be extended to any number of people. For multiple people to sign, they all multiply their individual Ti values together in step (3), and their individual Di values together in step (7). To verify a multiple signature, multiply all the signers Ji values together in step (8). Either all the signatures are valid or there is at least one invalid sign...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details