Unformatted text preview: and s mod 2256. She sends these to Bob. (3) Bob verifies the signature by computing v = H(m)q2 mod q z1 = (sv) mod q z2 = ((q – r) * v) mod q u = ((az1 * yz2) mod p) mod q If u = r, then the signature is verified. Previous Table of Contents Next Products  Contact Us  About Us  Privacy  Ad Info  Home Use of this site is subject to certain Terms & Conditions, Copyright © 19962000 EarthWeb Inc. All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Read EarthWeb's privacy statement. To access the contents, click the chapter and section titles. Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth)
Go!
Keyword
Brief Full Advanced Search Search Tips (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book:
Go! Previous Table of Contents Next
 The difference between this scheme and DSA is that with DSA s = (xr + k1(H(m))) mod q, which leads to a different verification equation. Curious, though, is that q is 256 bits. Most Western cryptographers seem satisfied with a q of around 160 bits. Perhaps this is just a reflection of the Russian tendency to play it ultrasafe. The standard has been in use since the beginning of 1995, and is not classified “for special use”—whatever that means. 20.4 Discrete Logarithm Signature Schemes
ElGamal, Schnorr (see Section 21.3), and DSA signature schemes are very similar. In fact, they are just three examples of a general digital signature scheme based on the Discrete Logarithm Problem. Along with thousands of other signature schemes, they are part of the same family [740,741,699,1184]. Choose p, a large prime number, and q, either p – 1 or a large prime factor of p – 1. Then choose g, a number between 1 and p such that gq a 1 (mod p). All these numbers are public, and can be common to a group of users. The private key is x, less than q. The public key is y = gx mod p. To sign a message, m, first choose a random k less than and relatively prime to q. If q is also prime, any k less than q wor...
View
Full Document
 Fall '10
 ALIULGER
 Cryptography, Bruce Schneier, Applied Cryptography, EarthWeb, Search Search Tips

Click to edit the document details