This preview shows pages 1–8. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: Hashing, OneTime Signatures, and MACs c circlecopyrt Eli Biham  August 18, 2010 157 Hashing, OneTime Signatures, and MACs (6) Digital Signatures A signature ( î éú ) is • Writing the name of a person, in his own hands, as a confirmation. • Commitment. Distinguish between • Identification: Assures the identity ( é ). • Commitment: Assures the commitment ( ú éú ). c circlecopyrt Eli Biham  August 18, 2010 158 Hashing, OneTime Signatures, and MACs (6) † Digital Signatures (cont.) It is possible to have identification without commitment, and vice versa: • An anonymous letter has neither. • A company letter has an identifying title. • A check is a commitment, even if it has no identification. c circlecopyrt Eli Biham  August 18, 2010 159 Hashing, OneTime Signatures, and MACs (6) Digital Signatures (cont.) A Digital signature S ( M ) ( ú éú øñî éú ): 1. Computable by the signer for any message M . 2. Everybody (and the receiver in particular) can verify its originality. 3. It is impossible to forge a signature. 4. The signer cannot claim that a message he signed is forged. c circlecopyrt Eli Biham  August 18, 2010 160 Hashing, OneTime Signatures, and MACs (6) One Way Functions Informal Definition : A one way function ( ú éðëéö÷ ð ) Y = f ( X ) is a function which is efficient to calculate but difficult to invert: for a given Y it is difficult to find any X such that Y = f ( X ). Note: There is no relationship between a one way function and an invertible function. Example : Y = f ( X ) = AES X (0) is a one way function, if there is no suc cessful attack on AES which finds the key X from the ciphertext Y . c circlecopyrt Eli Biham  August 18, 2010 161 Hashing, OneTime Signatures, and MACs (6) • Lamport and Diffie’s Signature Scheme Preparation : 1. A one way function Y = f ( X ) is selected. 2. Each user U chooses 2 n random values X ,X 1 ,...,X 2 n − 1 , and computes Y ,Y 1 ,...,Y 2 n − 1 by Y i = f ( X i ). 3. U publishes the vector Y = ( Y ,Y 1 ,...,Y 2 n − 1 ) in a public file under his name (i.e., in a newspaper, or in a public file maintained by a trusted center). 4. U publishes in advance as many vectors as the number of signatures he is expected to sign. c circlecopyrt Eli Biham  August 18, 2010 162 Hashing, OneTime Signatures, and MACs (6) Lamport and Diffie’s Signature Scheme (cont.) Signature generation : 1. A wants to sign an nbit message M to B ( M = m m 1 ...m n − 1 ). 2. A chooses one of his unused vectors from the public file, and sends it to B. 3. B verifies the existence of the vector in the public file. 4. A and B mark the vector as used in the public file. 5. A computes the signature S = S S 1 ...S n − 1 by S i = X 2 i , if m i = 0; X 2 i +1 , if m i = 1 and sends the signature S to B....
View
Full
Document
 Spring '11
 YanivCarmeli

Click to edit the document details