This preview shows page 1. Sign up to view the full content.
Unformatted text preview: lied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth)
Brief Full Advanced Search Search Tips (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book:
Go! Previous Table of Contents Next
----------- Resending the Message as a Receipt
Consider an implementation of this protocol, with the additional feature of confirmation messages. Whenever Bob receives a message, he returns it as a confirmation of receipt. (1) Alice signs a message with her private key, encrypts it with Bob’s public key, and sends it to Bob. EB(SA(M)) (2) Bob decrypts the message with his private key and verifies the signature with Alice’s public key, thereby verifying that Alice signed the message and recovering the message. VA(DB(EB(SA(M)))) = M (3) Bob signs the message with his private key, encrypts it with Alice’s public key, and sends it back to Alice. EA(SB(M)) (4) Alice decrypts the message with her private key and verifies the signature with Bob’s public key. If the resultant message is the same one she sent to Bob, she knows that Bob received the message accurately. If the same algorithm is used for both encryption and digital-signature verification there is a possible attack . In these cases, the digital signature operation is the inverse of the encryption operation: VX = EX and SX = DX. Assume that Mallory is a legitimate system user with his own public and private key. Now, let’s watch as he reads Bob’s mail. First, he records Alice’s message to Bob in step (1). Then, at some later time, he sends that message to Bob, claiming that it came from him (Mallory). Bob thinks that it is a legitimate message from Mallory, so he decrypts the message with his private key and then tries to verify Mallory’s signature by decrypting it with Mallory’s public key. The resultant message, which is pure gibberish, is: EM(DB(EB(DA(M)))) = EM(DA(M)) Even so, Bob goes on with the protocol and sends Mallory a receipt: EM(DB(EM(DA M...
View Full Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
- Fall '10