chapter7-1 - Signature schemes The Problem Consider the...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
Signature schemes
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 The Problem Consider the real-life example A person pays by credit card and signs a bill The seller verifies that the signature on the bill is the same as the signature on the card Contracts, they are valid if they are signed Can we have a similar service in the electronic world?
Background image of page 2
3 A conventional signature A conventional handwritten signature attached to a document is used to specify the person responsible for it A signature is part of the physical document being signed verified by comparing it to other, authentic signatures Not very secure as it is relatively easy to forge someone else’s signature A copy of a signed paper document can usually be distinguished from an original
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 A digital signature (1) A method of signing a message stored in electronic form “bind” the signature to the message Verified using a publicly known verification algorithm Using a secure signature scheme will prevent the possibility of forgeries
Background image of page 4
5 A digital signature (2) A copy of a signed digital message is identical to the original This feature means that care must be taken to prevent a signed digital message from being reused There are two components A (private) signing algorithm ( sig ( x )) A public verification algorithm ( ver ( x , y ))
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 A Signature Scheme Definition 7.1: A signature shceme is a five-tuple( P , A , K , S , V ), where the following conditions are satisfied 1. P is a finite set of possible messages 2. A is a finite set of possible signatures 3. K , the keyspace, is a finite set of possible keys 4. For each K K , there is a signing algorithm sig K S and a corresponding verification algorithm ver K V . Each sig K P →A and ver K P A → { true , false } are functions such that the following equation is satisfied for every message x P and for every signature y A : A pair ( x , y ) with x P and y A is called a signed message true if y=sig(x) ver(x,y) = false if y sig(x)
Background image of page 6
7 RSA Signature Scheme Cryptosystem 7.1: RSA Signature Scheme Let n = pq , where p and q are primes. Let P = A = Z n , and define K ={( n, p, q, a, b ): n = pq, p, q prime, ab 1 (mod Ф( n ))} The values n and b are the public key, and the values p, q, a are the private key For K = ( n,p,q,a,b ), define sig K ( x )= x a mod n And ver K ( x , y )=true x y b (mod n ) ( x, y  Z n )
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 Signing and public-key encryption Suppose Alice wishes to send a signed, encripted message to Bob 1. Given a plaintext x , Alice would compute her signature: y = sig Alice ( x ) 2. Encrypt x and y using Bob’s public encryption function to obtain z = e Bob ( x,y ) 3. When Bob receives z, he decrypt it using his decrytion function d Bob to get ( x,y ) 4. Bob uses Alice’s public verification function to check that ver Alice ( x,y )=true
Background image of page 8
9 Attack models for Digital Signatures Key-only attack Oscar possesses Alice’s public key, i.e., the verification function, ver K Known message attack Oscar possesses a list of messages previously signed by Alice, say ( x 1 , y 1 ), ( x 2 , y 2 ), … Chosen message attack Oscar requests Alice’s signatures on a list of messages
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
10 Adversarial Goals
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 51

chapter7-1 - Signature schemes The Problem Consider the...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online