Unformatted text preview: and s mod 2256. She sends these to Bob. (3) Bob verifies the signature by computing v = H(m)q-2 mod q z1 = (sv) mod q z2 = ((q – r) * v) mod q u = ((az1 * yz2) mod p) mod q If u = r, then the signature is verified. Previous Table of Contents Next Products | Contact Us | About Us | Privacy | Ad Info | Home Use of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc. All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Read EarthWeb's privacy statement. To access the contents, click the chapter and section titles. Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth)
Brief Full Advanced Search Search Tips (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book:
Go! Previous Table of Contents Next
----------- The difference between this scheme and DSA is that with DSA s = (xr + k-1(H(m))) mod q, which leads to a different verification equation. Curious, though, is that q is 256 bits. Most Western cryptographers seem satisfied with a q of around 160 bits. Perhaps this is just a reflection of the Russian tendency to play it ultrasafe. The standard has been in use since the beginning of 1995, and is not classified “for special use”—whatever that means. 20.4 Discrete Logarithm Signature Schemes
ElGamal, Schnorr (see Section 21.3), and DSA signature schemes are very similar. In fact, they are just three examples of a general digital signature scheme based on the Discrete Logarithm Problem. Along with thousands of other signature schemes, they are part of the same family [740,741,699,1184]. Choose p, a large prime number, and q, either p – 1 or a large prime factor of p – 1. Then choose g, a number between 1 and p such that gq a 1 (mod p). All these numbers are public, and can be common to a group of users. The private key is x, less than q. The public key is y = gx mod p. To sign a message, m, first choose a random k less than and relatively prime to q. If q is also prime, any k less than q wor...
View Full Document
- Fall '10
- Cryptography, Bruce Schneier, Applied Cryptography, EarthWeb, Search Search Tips