Digital Signatures & Authentication Protocols
Digital Signatures & Authentication Protocols
Digital Signatures & Authentication Protocols
Protocols
The recipient takes the message and produces a hash code. The recipient also decrypts the
signature using the sender's public key. If the calculated hash code matches the decrypted
signature, the signature is accepted as valid. Because only the sender knows the private
key, only the sender could have produced a valid signature.
DSS Approach
The DSS approach also makes use of a hash function. The hash code is provided
as input to a signature function along with a random number k generated for this
particular signature.
The signature function also depends on the sender's private key (PRa) and a
set of parameters known to a group of communicating principals.
We can consider this set to constitute a global public key (PUG).The result is a
signature consisting of two components, labeled s and r.
At the receiving end, the hash code of the incoming message is generated. This
plus the signature is input to a verification function.
The verification function also depends on the global public key as well as the
sender's public key (PUa), which is paired with the sender's private key.
The output of the verification function is a value that is equal to the signature
component r if the signature is valid. The signature function is such that only
the sender, with knowledge of the private key, could have produced the valid
signature.
DSA Key Generation
have shared global public key values (p,q,g):
◦ choose a large prime p with 2L-1 < p < 2L
where L= 512 to 1024 bits and is a multiple of 64
◦ choose q with 2159 < q < 2160
such that q is a 160 bit prime divisor of (p-1)
◦ choose g = h(p-1)/q
where 1<h<p-1 and h(p-1)/q mod p > 1
users choose private & compute public key:
◦ choose x<q
◦ compute y = gx mod p
DSA Signature Creation
to sign a message M the sender:
◦ generates a random signature key k, k<q
◦ k must be random, be destroyed after use, and
never be reused
then computes signature pair:
r = (gk mod p)mod q
s = [k-1(H(M)+ xr)] mod q
sends signature (r,s) with message M
DSA Signature Verification
having received M & signature (r,s)
to verify a signature, recipient computes:
w = s-1 mod q
u1= [H(M)w ]mod q
u2= (rw)mod q
v = [(gu1 yu2)mod p ]mod q
if v=r then signature is verified
Summary
have discussed:
◦ digital signatures
◦ authentication protocols (mutual & one-way)
◦ digital signature algorithm and standard