# chapter7-1 - Signature schemes The Problem Consider the...

This preview shows pages 1–11. Sign up to view the full content.

Signature schemes

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
2 The Problem Consider the real-life example A person pays by credit card and signs a bill The seller verifies that the signature on the bill is the same as the signature on the card Contracts, they are valid if they are signed Can we have a similar service in the electronic world?
3 A conventional signature A conventional handwritten signature attached to a document is used to specify the person responsible for it A signature is part of the physical document being signed verified by comparing it to other, authentic signatures Not very secure as it is relatively easy to forge someone else’s signature A copy of a signed paper document can usually be distinguished from an original

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
4 A digital signature (1) A method of signing a message stored in electronic form “bind” the signature to the message Verified using a publicly known verification algorithm Using a secure signature scheme will prevent the possibility of forgeries
5 A digital signature (2) A copy of a signed digital message is identical to the original This feature means that care must be taken to prevent a signed digital message from being reused There are two components A (private) signing algorithm ( sig ( x )) A public verification algorithm ( ver ( x , y ))

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
6 A Signature Scheme Definition 7.1: A signature shceme is a five-tuple( P , A , K , S , V ), where the following conditions are satisfied 1. P is a finite set of possible messages 2. A is a finite set of possible signatures 3. K , the keyspace, is a finite set of possible keys 4. For each K K , there is a signing algorithm sig K S and a corresponding verification algorithm ver K V . Each sig K P →A and ver K P A → { true , false } are functions such that the following equation is satisfied for every message x P and for every signature y A : A pair ( x , y ) with x P and y A is called a signed message true if y=sig(x) ver(x,y) = false if y sig(x)
7 RSA Signature Scheme Cryptosystem 7.1: RSA Signature Scheme Let n = pq , where p and q are primes. Let P = A = Z n , and define K ={( n, p, q, a, b ): n = pq, p, q prime, ab 1 (mod Ф( n ))} The values n and b are the public key, and the values p, q, a are the private key For K = ( n,p,q,a,b ), define sig K ( x )= x a mod n And ver K ( x , y )=true x y b (mod n ) ( x, y  Z n )

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
8 Signing and public-key encryption Suppose Alice wishes to send a signed, encripted message to Bob 1. Given a plaintext x , Alice would compute her signature: y = sig Alice ( x ) 2. Encrypt x and y using Bob’s public encryption function to obtain z = e Bob ( x,y ) 3. When Bob receives z, he decrypt it using his decrytion function d Bob to get ( x,y ) 4. Bob uses Alice’s public verification function to check that ver Alice ( x,y )=true
9 Attack models for Digital Signatures Key-only attack Oscar possesses Alice’s public key, i.e., the verification function, ver K Known message attack Oscar possesses a list of messages previously signed by Alice, say ( x 1 , y 1 ), ( x 2 , y 2 ), … Chosen message attack Oscar requests Alice’s signatures on a list of messages

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document