6 views

Uploaded by Nainesh Kumar

- w Digital Signature
- DS - Final Report
- Digital Signature
- ARPRASAD
- RSA.ppt
- Digital Signature
- Cryptography FAQ's
- Digital Signature.doc
- P013490496
- ns1
- Lecture 1 - Cryptography
- digital
- U2 - M3 - Security Mechanisms
- Text Cryptosystem Based on Elliptic Curve Cryptography for Networks
- Enhancing Data Security in Cloud Computing Using RSA Encryption and MD5 Algorithm
- Cyber Law Presentation
- US Federal Reserve: 3000p5
- 5.[29-38]a Practical Approach for Implementation of Public Key Infrastructure for Digital Signatures
- Cl Module III
- Advantages and Disadvantages of Symmetric and Asymmetric Key Encryption Methods

You are on page 1of 28

Seminar Report On

Submitted By

ZAID WAHED - 111P023

SWEET RAMTEKE - 121P048

TABISH SHAIKH - 111P001

Rizvi College of Engineering

New Rizvi Educational Complex, Off-Carter Road,

Bandra(w), Mumbai - 400050

Affiliated to

University of Mumbai

Rizvi College of Engineering

Department of Computer Engineering

New Rizvi Educational Complex, Off-Carter Road,

Bandra(w), Mumbai - 400050

CERTIFICATE

This is certify that

ZAID WAHED

SWEET RAMTEKE

TABISH SHAIKH

of Third Year Computer Engineering have completed the seminar work entitled Digital signature

algorithm under my supervision at Rizvi College of Engineering, Mumbai under the University of

Mumbai.

Project Guide HOD, Computer Department

Date:

Acknowledgements

I am profoundly grateful to Prof. Dinesh B. Deore for his expert guidance and continuous encourage-

ment throughout to see that this report rights its target since its commencement to its completion.

I would like to express deepest appreciation towards Dr. Varsha Shah, Principal RCOE, Mumbai and

Prof. Dinesh B. Deore HOD Computer Department whose invaluable guidance supported me in com-

pleting this report.

At last I must express my sincere heartfelt gratitude to all the staff members of Computer Engineering

Department who helped me directly or indirectly during this course of work.

Zaid Wahed

Sweet Ramteke

Tabish Shaikh

ABSTRACT

People have traditionally used signatures as a means of informing others that the signature has read and

understood a document. Digital signature in a document is bound to that document in such a way that

altering the signed document or moving the signature to a different document invalidates the signature.

This security eliminates the need for paper copies of documents and can speed the processes involving

documents that require signatures. Digital Signatures are messages that identify and authenticate a

particular person as the source of the electronic message, and indicate such persons approval of the

information contained in the electronic message. Emerging applications like electronic commerce and

secure communications over open networks have made clear the fundamental role of public key cryp-

tosystem as unique security solutions. On the other hand, these solutions clearly expose the fact, that

the protection of private keys is a security bottleneck in these sensitive applications. This problem is

further worsened in the cases where a single and unchanged private key must be kept secret for very

long time (such is the case of certification authority keys, and e-cash keys). They help users to achieve

basic security building blocks such as identification, authentication, and integrity.

I NDEX

1 Introdtion 1

1.1 INFORMAL DEFINITION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.2 OBJECIVES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

2 DIGITAL SIGNATURE 3

2.1 Input to a digital signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

3.1 Message Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

3.2 Message Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

3.3 Nonrepudiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

3.4 confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

4.1 Attack Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

4.2 Forgery Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

4.2.1 Existential Forgery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

4.2.2 Selective Forgery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

5.1 RSA Digital Signature Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

5.1.1 Key generation: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

5.1.2 Encryption: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

5.1.3 Decryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

5.2 ElGamal Digital Signature Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

5.2.1 Key generation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

5.2.2 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

5.2.3 Decryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

6.1 APPLICATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

6.1.1 SMART CARDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

6.1.2 MITRENET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

6.1.3 ISDN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

6.1.4 TIME STAMPED SIGNATURES . . . . . . . . . . . . . . . . . . . . . . . . . 17

6.1.5 BLIND SIGNATURES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

6.2 Benefits of digital signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

6.3 Drawbacks of digital signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

6.3.1 Non-repudiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

7 Conclusion 19

References 20

APPENDICES 20

A Project Hosting 21

List of Figures

2.2 Adding key to the digital signature process . . . . . . . . . . . . . . . . . . . . . . . . 5

2.3 Signing the digest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

3.2 Adding confidentiality to a digital signature scheme . . . . . . . . . . . . . . . . . . . . 9

5.2 The RSA signature on the message digest . . . . . . . . . . . . . . . . . . . . . . . . . 14

5.3 ElGamal digital signature scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Chapter 1 Introdtion

Chapter 1

Introdtion

The Digital Signature Standard, created by the NIST, specifies DSA as the algorithm for digital signa-

tures and SHA-1 for hashing. DSA is for signatures only and is not an encryption algorithm, although

Schneier describes encryption mechanisms (ElGamel encryption and RSA encryption) based on DSA.

DSA is a public key algorithm; the secret key operates on the message hash generated by SHA-1; to

verify a signature, one recomputed the hash of the message, uses the public key to decrypt the signature

and then compare the results.

The key size is variable from 512 to 1024 bits which is adequate for current computing capabilities

as long as you use more than 768 bits. Signature creation is roughly the same speed as with RSA, but

is 10 to 40 times (Schneier) as slow for verification. However, these numbers depend partially on the

assumptions made by the bench marker. Since verification is more frequently done than creation, this is

an issue worth noting.

The only known cracks (forgery) areeasily circumvented by avoiding the particularmodule (prime

factor of p - 1 where p is the publickey) that lead to weak signatures. Schneier states that DSS is less

susceptible to attacks than RSA; the difference is that RSA depends on a secret prime while DSA de-

pends on a public prime the verifier can check that the prime number is not a fake chosen to allow

forgery. It is possible to implement the DSA algorithm such that a subliminal channel is created that

can expose key data and lead to forgeable signatures so one is warned not to used unexamined code.

A Digital Signature is a checksum which depends on the time period during which it was produced. It

depends on all the bits of a transmitted message, and also on a secret key, but which can be checked

without knowledge of the secret key. A major difference between handwritten and digital signatures is

that a digital signature cannot be a constant; it must be a function of the document that it signs. If this

were not the case then a signature, could be attached to any document. Furthermore, asignature must be

a function of the entire document; changing even a single bit should produce a different signature. Adig-

ital signature algorithm authenticates the integrity of the signed data and the identity of the signatory.

A digital signaturealgorithm may also be used in proving to a third party that data was actually signed

by the generator of the signature. Is intended for use in electronic mail, electronic data interchange,

software distribution, and other applications that require data integrity assurance and data origin authen-

tication.The wireless protocols, like HiperLAN and WAP have specified security layers and the digital

signature algorithm have been applied for the authentication purposes.

Informally, a digital signature is a technique for establishing the origin of a particular message in order

to settle later disputes about what message (if any) was sent.

The purpose of a digital signature is thus for an entity to bind its identity to a message.

Chapter 1 Introdtion

We use the term signer for an entity who creates a digital signature, and the term verifier for an entity

who receives a signed message and attempts to check whether the digital signature is correct or not.

Digital signatures have many attractive properties and it is very important to understand exactly what

assurances they provide and what their limitations are.

While data confidentiality has been the driver behind historical cryptography, digital signatures could

be the major application of cryptography in the years to come.

1.2 OBJECIVES

To define a digital signature

To define security services provided by a digital signature

To define attacks on digital signatures

To discuss some digital signature schemes, including RSA, ElGamal,

To describe some applications of digital signatures and some advantages and disadvantages

Chapter 2 DIGITAL SIGNATURE

Chapter 2

DIGITAL SIGNATURE

The term digital signature encompasses a great many variety of signatures. Electronic signatures are

simply an electronic confirmation of identity. This definition is deliberately broad enough to encompass

all forms of electronic identification, from biometric signatures such as iris scans and fingerprints to

non-biometric signatures, such asdigital signatures.

Electronic signatures can be further subdivided into the highly secure and the insecure. Digital sig-

nature must serve the same essential functions that we expect of documents signed by handwritten

signatures, namely integrity, non repudiation, authentication and confidentiality. In the digital realm,

integrity means ensuring that a communication has not been altered in the course of transmission. It

is concerned with the accuracy and completeness of the communication. The recipient of an electronic

communication must be confident of a communications integrity before she can rely on and act on the

communication. Integrity is critical to ecommerce transactions, especially where contracts are formed

electronically. The process of digitally signing starts by taking a mathematical summary (called a hash

code) of the check. This hash code is a uniquely-identifying digital fingerprint of the check. If even

a single bit of the check changes, the hash code will dramatically change. The next step in creating a

digital signature is to sign the hash code with your private key. This signed hash code is then appended

to the check.

How is this a signature? Well, the recipient of your check can verify the hash code sent by you,

using your public key. At the same time, a new hash code can be created from the received check and

compared with the original signed hash code. If the hash codes match, then the recipient has verified

that the check has not been altered. The recipient also knows that only you could have sent the check

because only you have the private key that signed the original hash code.

Existing Techniques for Signing Flows:

Conceptually, a digital signature scheme is defined by functions for key generation, signing, and

verification. Thesigner (sender) uses the key generation function to create apair of keys, a signing key

and a verification key . Thesigner keeps the signing key private, and makes the verification key publicly

known to all verifiers (receivers).

To sign a message using signing key the signer calls the signing function which returns the signa-

ture of message. The signer then sends the signed message, consisting of message and its signature, to

verifiers. Having received the signed message, a verifier calls the verification function with key . If the

verification function returns true, then the verifier concludes that the signer did sign the message and

the message has not been altered. Moreover, the signer cannot deny having signed the message (nonre-

pudiation). In practice, a message digest function, such as MD5 [18], is first applied to the message to

generate a fixed-size message digest which is independent of message size. Signing a message means

signing the digest of the message. (MD5 message digests are 128 bits long.) Aflow is a sequence of

packets characterized by some attribute [16], [21]. Packets in a flow may be obtained from segmenting

the bit stream of digitized video, digitized audio, or a large file. They may also be related data items,

Chapter 2 DIGITAL SIGNATURE

such as stock quotes, news, etc., generated by the same source. It is easy and efficient to sign an all-

or-nothing flow, that is, a flow whose entire content is needed before any part of it can be used, e.g., a

long file. In this case, the signer simply generates a message digest of the entire flow (file) and signs the

message digest.

The message:

Since a digital signature needs to offer data origin authentication (and non-repudiation) it is clear

that the digital signature itself must be a piece of data that depends on the message, and cannot be a

completely separate identifier.

It may be sent as a separate piece of data to the message, but its computation must involve the

message. A secret parameter known only by the signer:

Since a digital signature needs to offer non-repudiation, its calculation must involve a secret param-

eter that is known only by the signer.

The only possible exception to this rule is if the other entity is totally trusted by all parties involved

in the signing and verifying of digital signatures.

Digital signatures enable people to sign digital documents by providing the properties of a hand-

written signature. They must fulfill the five compelling attributes of handwritten signatures as listed by

(Schneier, 1996). He stated that the handwritten signatures are authentic, unforgivable, not reusable,

unalterable, and cannot be repudiated. In the case of handwritten signatures, both the signature and the

document are physical things, which makes it difficult for the signer to claim the signature is not their

own. In order to provide a secure electronic signature scheme, these attributes must be satisfied.

Electronic signature technologies include PINs, user identifications and passwords, digital signa-

tures, digitized signatures, and hardware and biometric tokens. Therefore, it is important to distinguish

between electronic and digital signatures. Digital signatures are a subset of electronic signature tech-

nologies that utilize keys and cryptographic algorithms for signing documents. Digital signatures can

be generated using various techniques; however, the only digital signature standard approved by Na-

tional Institute for Standards and Technology (NIST) employs public key cryptography combined with

a one-way hash function. This infrastructure, commonly referred to as the Public Key Infrastructure

(PKI), requires each user to have a public-private key pair where the public key is available to the world

while the private key is only known by the user. Figure 1 illustrates the use of PKI for generating digital

signatures. The following is an example of a digital signature scenario. Bob (sender) wants to send

Alice (receiver) a text message with a digital signature. First, Bobreates the text message to be signed

and generates a hashed message using a message digest function (e.g., MD5, SHA1, etc.). A message

Chapter 2 DIGITAL SIGNATURE

digest function is a mathematical function that generates a 162-bit hash of the original message; this

hash cannot be used to regenerate the original message. Therefore, thehashed message is secure and

unique. Once Bob has the hashed message, he uses the public key digital signature algorithm and his

private key to sign the hash to generate a digital signature for the specific document.

Once Alice receives the digital signature, and the corresponding text message, she will need to cal-

culate two separate values. First the hashed message of the received text is calculated using the same

hashing algorithm. Then, once she has the hash value, she can now use the decryption algorithm with

Bobs public key and digital signature to retrieve the signed hash. If she can decrypt the digital signature,

this implies that Bobs private key was used to encrypt the hashed message. The final step for Alice is

to compare thehash she calculated with the hash she retrieved from the decryption process. If these two

hashed messages match, this implies that she received the original message Bob signed (thus preserving

message integrity).Key generation and distribution are the biggest challenges in deploying PKI. The so-

lution is to use a trusted central authority called a Certification Authority (CA) in PKI. CA is a trusted

entity that accepts certificate applications from entities, authenticates applications, issues certificates to

users and devices in a PKI, and maintains and provides status information about the certificates. If a

CA is managing a large, geographically dispersed population, it may use Local Registration Authorities

(LRAs), who provide direct physical contacts with subjects. These LRAs are especially required if the

CA is issuing a high level of assurance for its certificates. Currently, there are four levels of assurance

defined in the evolving government standard (PEC Solutions, 2000): Rudimentary; Basic; Medium; and

High. Traditionally, PKI architectures fall into one of three configurations: a single CA, a hierarchy of

CAs, or a mesh of CAs. Each of the configurationsis determined by the fundamental attributes of the

PKI: the number of CAs in the PKI, where users of the PKI place their trust (known as a users trust

point), and the trust relationships between CAs within a multi-CA PKI (Polk and Hastings, 2000). The

most basic PKI architecture is one that contains a single CA, which provides the PKI services (certifi-

cates, certificate status information, etc.) for all the users of the PKI. All the users of the PKI place their

trust in the sole CA of the architecture. Isolated CAs can be combined to form larger PKIs in two basic

ways: using superior-subordinate relationships, or peer-to-peer relationships. In the former, which is

called a hierarchical PKI, all users trust a root CA. There is single point of trust. The latter, a mesh PKI,

connects CAs with a peer-to-peer relationship. A PKI constructed of peer-to-peer CA relationships is

called a web of trust. The Bridge Certification Authority (BCA) architecture was designed to address the

shortcomings of the two basic PKI architectures, and to link PKIs that implement different architectures.

Unlike a mesh PKI CA, the BCA does not issue certificates directly to users.

The signer signs with her private key; the verifier verifies with the signers public key.

A cryptosystem uses the private and public keys of the receiver: a digital signature uses

Chapter 2 DIGITAL SIGNATURE

Chapter 3 SECURITY SERVICES PROVIDED BY A DIGITAL SIGNATURE

Chapter 3

DIGITAL SIGNATURE

We discussed several security services in Chapter 1 including message confidentiality, message authen-

tication, message integrity, and nonrepudiation. A digital signature can directly provide the last three;

for message confidentiality we still need encryption/decryption. the following points are here to discuss:

A secure digital signature scheme, like a secure conventional signature can provide message authentica-

tion. electronic equivalent of a signature on a message an authenticator, signature, or message authen-

tication code (MAC) is sent along with the message the MAC is generated via some algorithm which

depends on both the message and some (public or private) key known only to the sender and receiver .the

message may be of any length the MAC may be of any length, but more often is some fixed size, requir-

ing the use of some hash function to condense the message to the required size if this is not achieved by

the authentication scheme need to consider replay problems with message and MAC require a message

sequence number, timestamp or negotiated random values .

EX.Authentication using Private-key Ciphers

if a message is being encrypted using a session key known only to the sender and receiver, then the

message may also be authenticated since only sender or receiver could have created it any interference

will corrupt the message (provided it includes sufficient redundancy to detect change) but this does not

provide non-repudiation since it is impossible to prove who created the message.

The integrity of the message is preserved even if we sign the whole message because we cannot get the

same signature if the message is changed. Integrity is something very different. Integrity guarantees that

if you send an encrypted message, theres no way that the encrypted message could have been tampered

with after you encrypted it, without the recipient knowing it.

EX. MAC

A MAC is basically a hash-code: a short string appended to the message which in some waysumma-

rizes the message, so that if any part of the message was changed, the MAC will not match the message,

and so well know that the message was corrupted.

Chapter 3 SECURITY SERVICES PROVIDED BY A DIGITAL SIGNATURE

3.3 Nonrepudiation

Regarding digital security, the cryptological meaning and application of non-repudiation shifts to

mean:

A service that provides proof of the integrity and origin of data.

An authentication that can be asserted to be genuine with high assurance.

Nonrepudiation can be provided using a trusted party. The ways in which a party may attempt

to repudiate a signature present a challenge to the trustworthiness of the signatures themselves. The

standard approach to mitigating these risks is to involve a trusted third party.

3.4 confidentiality

A digital signature does not provide privacy.

If there is a need for privacy, another layer of encryption/decryption must be applied.

When we talk about confidentiality of information, we are talking about protecting the informa-

tion from disclosure to unauthorized parties. Information has value, especially in todays world. Bank

account statements, personal information, credit card numbers, trade secrets, government documents.

Everyone has information they wish to keep a secret. Protecting such information is a very major part

of information security.

A very key component of protecting information confidentiality would be encryption. Encryption

ensures that only the right people (people who knows the key) can read the information. Encryption is

VERY widespread in todays environment and can be found in almost every major protocol in use. A

very prominent example will be SSL/TLS, a security protocol for communications over the internet that

has been used in conjunction with a large number of internet protocols to ensure security.

Chapter 3 SECURITY SERVICES PROVIDED BY A DIGITAL SIGNATURE

Chapter 4 Attacks on digital signature

Chapter 4

If the digital signing process is not secure, attackers can create fake signatures or misuse authentic sig-

natures, bringing the systemand potentially the organizationinto disrepute. Failure to maintain adequate

documentation and certification for policies and practices associated with digital signing and key man-

agement could result in signatures failing to be accepted in any given jurisdiction, thereby negating their

value to the organization. Some digital signing processes can be computationally intensive, slowing

down business processes and limiting their ability to scale.

Key-Only Attack: the attacker is only given the public verification key. Known-Message Attack: the

attacker is given valid signatures for a variety of messages known by the attacker but not chosen by

the attacker. Chosen-Message Attack: the attacker first learns signatures on arbitrary messages of the

attackers choice.

4.2.1 Existential Forgery

Existential forgery is the creation (by an adversary) of any message/signature pair (m,), where was not

produced by the legitimate signer.

Selective forgery is the creation (by an adversary) of a message/signature pair (m,) where m has been

chosen by the adversary prior to the attack.

In a digital signature scheme you are your private key.

This is one aspect of the problem of identity theft.

Persuade others that someone elses public verification key belongs to you.

Others will verify it and believe that the message was signed by you.

This is a particularly neat attack because you do not need to obtain that other persons signature key

Chapter 4 Attacks on digital signature

examples:

An interesting variant of this attack for hand-written signatures arises if you steal someone elses mail

when a new credit card is sent out to them if you just sign this blank card then you can easily mas-

querade as them. There are other possible abuses to zero-knowledge proofs of identity, also discussed

in [485,120]. In some implementations, there is no check when an individual registers a public key.

Hence, Alice can have several private keys and, therefore, several identities. This can be a great help

if she wants to commit tax fraud. Alice can also commit a crime and disappear. First, she creates and

publishes several identities. One of them she doesnt use. Then, she uses that identity once and commits

a crime so that the person who identifies her is the witness. Then, she immediately stops using that

identity. The witness knows the identity of the person who committed the crime, but if Alice never uses

that identity againshes untraceable.

Chapter 5 DIGITAL SIGNATURE ALGORITHM

Chapter 5

A digital signature is computed using a set of parameters and authenticates the integrity of the signed data

and the identity of the signatory. An algorithm provides the capability to generate and verify signature.

Signature generation makes use of a private key to generate a digital signature. Signature verification

makes use of a public key, which corresponds to, but is not the same as, the private key. Each user

possesses a private and public key pair. Public keys are assumed to be known to the public in general.

Private keys are never shared. Anyone canverify the signature of a user by employing that user public

key. Only the possessor of the user private key can perform signature generation.

A hash function is used in the signature generation process to obtain a condensed version of data,

called a message digest. The message digest is then input to the digital signature algorithm to generate

the digital signature. The digital signature is sent to the intended verifier along with the message. The

verifier of the message and signature verifies the signature by using the senders public key.

5.1.1 Key generation:

Key generation in the RSA digital signature scheme is exactly the same as key generation in the RSA.

RSA involves a public key and a private key. The public key can be known by everyone and is used for

encrypting messages. Messages encrypted with the public key can only be decrypted in a reasonable

amount of time using the private key.

The keys for the RSA algorithm are generated the following way:

CHOOSE two distinct prime numbers p and q. For security purposes, the integers p and q should

be chosen at random, and should be of similar bit-length. Prime integers can be efficiently found

using a primarily test.

COMPUTE n = pq. n is used as the modulus for both the public and private keys. Its length, usually

expressed in bits, is the key length.

COMPUTE (n) = (p)(q) = (p 1)(q 1) = n - (p + q -1), where is Eulers totient function.

CHOOSE an integer e such that 1 e (n) and gcd(e, (n)) = 1; i.e., e and (n) are co-prime. e is

released as the public key exponent. e having a short bit-length and small Hamming weight results

in more efficient encryption most commonly 216 + 1 = 65,537. However, much smaller values of

e (such as 3) have been shown to be less secure in some settings.[5]

Determine d as d e1 (mod (n)); i.e., d is the multiplicative inverse of e (modulo (n)). This is

more clearly stated as: solve for d given de 1 (mod (n)) This is often computed using the ex-

Chapter 5 DIGITAL SIGNATURE ALGORITHM

tended Euclidean algorithm. Using the pseudo code in the Modular integers section, inputs a and n

correspond to e and (n), respectively. d is kept as the private key exponent.

5.1.2 Encryption:

Alice transmits her public key (n, e) to Bob and keeps the private key secret. Bob then wishes to send

message M to Alice. He first turns M into an integer m, such that 0 m n by using an agreed-upon

reversible protocol known as a padding scheme. He then computes the cipher text c corresponding to

This can be done quickly using the method of exponentiation by squaring. Bob then transmits c to

Alice. Note that at least nine values of m will yield a cipher text c equal to but this is very unlikely to

occur in practice.

5.1.3 Decryption

Alice can recover m from c by using her private key exponent d via computing

Given m, she can recover the original message M by reversing the padding scheme.

Example:

As a trivial example, suppose that Alice chooses p = 823 and q = 953, and calculates n = 784319.

The value of f(n) is 782544. Now she chooses e = 313 and calculates d = 160009. At this point key

generation is complete. Now imagine that Alice wants to send a message with the value of M = 19070

to Bob. She uses her private exponent, 160009, to sign the message:

Alice sends the message and the signature to Bob. Bob receives the message and the signature. He

calculates

Chapter 5 DIGITAL SIGNATURE ALGORITHM

When the digest is signed instead of the message itself, the susceptibility of the RSA digital signature

scheme depends on the strength of the hash algorithm.

5.2.1 Key generation

The key generator works as follows:

Alice generates an efficient description of a cyclic group G of order q with generator g. See below

for a discussion on the required properties of this group.

Alice chooses a random x from (1,(q-1)).

Alice computes h=gx .

Alice publishes h, along with the description of G,p,g, as her public key. Alice retains x as her

private key which must be kept secret.

5.2.2 Encryption

The encryption algorithm works as follows: to encrypt a message to Alice under her public key(G,q,g,h),

Bob chooses a random x from1..,q-1, then calculates c1=gy .

Bob calculates the shared secret s=hy .

Bob converts his secret message m into an element m of G.

Bob calculates c2=m.s.

Bob sends the cipher text (c1,c2)= (gy ,m.hy )= (gy , m.(gx )y ) to Alice.

Note that one can easily find hy if one knows m. Therefore, a new y is generated for every message

to improve security. For this reason, is also called an ephemeral key.

5.2.3 Decryption

The decryption algorithm works as follows: to decrypt a cipher text with her private key x, Alice cal-

culates the shared secret s=c1x and then computes m=c2.s 1 which she then converts back into the

plaintext message m, wheres 1 is the inverse of s in the group G. (E.g. modular multiplicative inverse

Chapter 5 DIGITAL SIGNATURE ALGORITHM

if G is a subgroup of a multiplicative group of integers modulo n). The decryption algorithm produces

the intended message, since m=c2.s 1=(m.hy .(gx y) 1)=(m.g xy.g( xy))

Chapter 6 APPLICATIONS OF DIGITAL SIGNATURES

Chapter 6

APPLICATIONS OF DIGITAL

SIGNATURES

6.1 APPLICATIONS

Digital Signature is a process that guarantees that the contents of a message have not been altered in

transit. When you, the server, digitally sign a document, you add a one-way hash (encryption) of the

message content using your public and private key pair.Your client can still read it, but the process

creates a signature that only the servers public key can decrypt. The client, using the servers public

key, can then validate the sender as well as the integrity of message contents.

Whether its

an email

an online order

or a watermarked photograph on eBay

if the transmission arrives but the digital signature does not match the public key in the digital certifi-

cate, then the client knows that the message has not been altered.

Asmart card is a plastic card, the size and shape of a credit card, with an embedded computer chip. Its

an old ideathe first patents were filed 20 years agobut practical limitations made them feasible only five

or so years ago. Since then they have taken off, mostly in Europe. Many countries use smart cards for

pay telephones. There are also smart credit cards, smart cash cards, smart everything cards. The U.S.

credit-card companies are looking at the technology, and within a few years even backwards Americans

will have smart cards in their wallets.

Asmart card contains a small computer (usually an 8-bit microprocessor), RAM (about a quarter

kilobyte), ROM (about 6 or 8 kilobytes), and eitherEPROM or EEPROM (a few kilobytes). Future

generation smart cards will undoubtedly have more capacity, but some physical limitations on smart

cards make expansion difficult. The card has its own operating system, programs, and data. (What

it doesnt have is power; that comes when the card is plugged in to a reader.) And it is secure. In a

world where you might not trust someone elses computer or telephone or whatever, you can still trust

a card that you keep with you in your wallet. Smart cards can have different cryptographic protocols

and algorithms programmed into them. They might be configured as an electronic purse, and be able to

spend and receive digital cash. They maybe able to perform zero-knowledge authentication protocols;

they may have their own encryption keys. They might be able to sign documents, or unlock applications

Chapter 6 APPLICATIONS OF DIGITAL SIGNATURES

on a computer. Some smart cards are assumed to be tamperproof; this often protects the institution that

issues the cards. A bank wouldnt want you to be able to hack their smart card to give yourself more

money.

6.1.2 MITRENET

One of the earliest implementations of public-key cryptography was the experimental system MEMO

(MITRE Encrypted Mail Office). MITRE is a DoD contractor, a government think tank, and an all-

around bunch of smart guys. MEMO was a secure electronic mail system for users in the MITRENET

network, using public-key cryptography for key exchange and DES for file encryption. In the MEMO

system, all public keys are stored in a Public Key Distribution Center, which is a separate node on

the network. They are stored in an EPROM to prevent anyone from changing them. Private keys are

generated by users or by the system. For a user to send secure messages, the system first establishes

a secure communications path with the Public Key Distribution Center. The user requestsa file of all

public keys from the Center. If the user passes an identification test using his private key, the Center

sends this list to the users workstation. The list is encrypted using DES to ensure file integrity.

6.1.3 ISDN

Bell-Northern Research developed a prototype secure Integrated Services Digital Network (ISDN) tele-

phone terminal [499, 1192, 493, 500]. As a telephone, it was never developed beyond prototype. The

resulting product was the Packet Data Security Overlay. The terminal uses Diffie-Hellman key exchange,

RSA digital signatures, and DES data encryption; it can transmit and receive voice and data at 64 kilobits

per second.

Sometimes a signed document needs to be time stamped to prevent it from being replaced by an adver-

sary. This is called time-stamped digital signature scheme.

Sometimes we have a document that we want to get signed without revealing the contents of the docu-

ment to the signer.

These are common reasons for applying a digital signature to communications: Authentication

Although messages may often include information about the entity sending a message, that informa-

tion may not be accurate. Digital signatures can be used to authenticate the source of messages. When

ownership of a digital signature secret key is bound to a specific user, a valid signature shows that the

message was sent by that user. The importance of high confidence in sender authenticity is especially

obvious in a financial context. For example, suppose a banks branch office sends instructions to the

central office requesting a change in the balance of an account. If the central office is not convinced

that such a message is truly sent from an authorized source, acting on such a request could be a grave

mistake. Integrity

In many scenarios, the sender and receiver of a message may have a need for confidence that the

message has not been altered during transmission. Although encryption hides the contents of a message,

Chapter 6 APPLICATIONS OF DIGITAL SIGNATURES

it may be possible to change an encrypted message without understanding it. (Some encryption algo-

rithms, known as nonmalleable ones, prevent this, but others do not.) However, if a message is digitally

signed, any change in the message will invalidate the signature. Furthermore, there is no efficient way

to modify a message and its signature to produce a new message with a valid signature, because this is

still considered to be computationally infeasible by most cryptographic hash functions.

Although the digital signature technique is a very effective method of maintaining integrity and au-

thentication of data, there are some drawbacks associated with this method. They are discussed in this

section.

The private key must be kept in a secured manner. The loss of private key can cause severe damage

since, anyone who gets the private key can use it to send signed messages to the public key holders and

the public key will recognize these messages as valid and so the receivers will feel that the message was

sent by the authentic private key holder.

The process of generation and verification of digital signature requires considerable amount of time.

So, for frequent exchange of messages the speed of communication will reduce.

When the digital signature is not verified by the public key, then the receiver simply marks the mes-

sage as invalid but he does not know whether the message was corrupted or the false private key was

used.

For using the digital signature the user has to obtain private and public key, the receiver has to obtain

the digital signature certificate also. This requires them to pay additional amount of money.

If a user changes his private key after every fixed interval of time, then the record of all these changes

must be kept. If a dispute arises over a previously sent message then the old key pair needs to be referred.

Thus storage of all the previous keys is another overhead.

Although digital signature provides authenticity, it does not ensure secrecy of the data. To provide

the secrecy, some other technique such as encryption and decryption needs to be used.

6.3.1 Non-repudiation

In a cryptographic context, the word repudiation refers to the act of disclaiming responsibility for a mes-

sage. A messages recipient may insist the sender attach a signature in order to make later repudiation

more difficult, since the recipient can show the signed message to a third party (eg, a court) to reinforce

a claim as to its signatories and integrity. However, loss of control over a users private key will mean

that all digital signatures using that key, and so ostensibly from that user, are suspect. Nonetheless, a

user cannot repudiate a signed message without repudiating their signature key.

Digital signatures in real applications Increasingly, digital signatures are being used in secure e-

mail and credit card transactions over the Internet. The two most common secure e-mail systems using

digital signatures are Pretty Good Privacy and Secure/Multipurpose Internet Mail Extension. Both of

these systems support the RSA as well as the DSS-based signatures. The most widely used system for

the credit card transactions over the Internet is Secure Electronic Transaction (SET). It consists of a set

of security protocols and formats to enable prior existing credit card payment infrastructure to work on

the Internet. The digital signature scheme used in SET is similar to the RSA scheme.

Chapter 7 Conclusion

Chapter 7

Conclusion

Digital signatures are in some senses a complimentary technology to public key encryption, offering

data origin authentication and non-repudiation of digital messages. Digital signatures have different

properties and offer different guarantees to hand-written signatures. The security of digital signatures

critically relies on the security of the keys that are used to create and verify them. the digital signa-

ture technology vastly used in modern life and technology. the digital signature algorithm are used

in various purposes such as internet protocols, business deals, software certification, mobile phones,

and internet websites etc. Digital signatures utilizing the public key cryptography system have every

potential to achieve the same level of legal recognition as handwritten signatures. However, the main

obstacle at present is in the functional element of non-repudiation. This element, unlike the other three

elements ofhandwrittensignatures discussed, cannot be achieved by technology alone. Assistance is re-

quired from the law to help it attain the functional element of nonrepudiation. Once non-repudiation

has been achieved, then and only then, can electronic commerce be expected to be successfully taken

up. A certification authority in turn can be validated by higher certification authorities, thus creating a

certificate chain. Hence, the trustworthiness of a certification authority may depend on its reputation in

traditional business transactions, or, it may be a subscriber of a higher certification authority, and use

the certificate of the higher certification authority to reassure subscribers and relying parties that it is not

a bogus certification authority. The certification authority atthe pinnacle of the certification authority

hierarchy is known as a root certification authority and it issues root certificates. The root certification

authority selfauthenticates for purposes of determining the validity of the certificates.

References

References

[1] Digital Signature Algorithm Based on Hash Round Function and Self-Certified Public Key Sys-

tem;Chen Hai-peng, Education Technology and Computer Science, 7-8 March 2009

[2] Comparison Research on Digital Signature Algorithms in Mobile Web Services; Zuguang Zuan,

Management and Service Science,20-22 Sept. 2009

[3] Somitra Kumar Sanadhya and Palash Sarkar. New collision attacks against up to 24-step SHA-2.

In Dipanwita Roy Chowdhury, Vincent Rijmen, and Abhijit Das, editors, IN- DOCRYPT, volume

5365 of Lecture Notes in Computer Science, pages 91103. Springer, 2008

[4] Dike, W., and Hellman, M. New directions in cryptography. IEEE Trans. Inform. Theory IT-22,

(Nov. 1976), 644-654.

[5] ISO/IEC 29192-3. Information technology Security techniques Lightweight cryptography Part 3:

Stream ciphers. International Organization for Standardization, 2012.

[6] Digital Signature Algorithm Based on Hash Round Function and Self-Certified Public Key System

Education Technology and Computer Science, 2009. ETCS 09. First International Workshop on

(Volume:2 ) Date of Conference:7-8 March 2009

Project Hosting

Appendix A

Project Hosting

The report is shared at Academia.edu. The complete report about the seminar is uploaded here for future

reference.

QR CODE:

- w Digital SignatureUploaded byapi-3825760
- DS - Final ReportUploaded byNamra Saheba
- Digital SignatureUploaded byharish
- ARPRASADUploaded byramanjijntu10
- RSA.pptUploaded byRajesh Kumar
- Digital SignatureUploaded byUrvashi Khajuria
- Cryptography FAQ'sUploaded byvinotd1
- Digital Signature.docUploaded byRohan Kirpekar
- P013490496Uploaded byAnonymous 7VPPkWS8O
- ns1Uploaded byapi-26830587
- Lecture 1 - CryptographyUploaded byAya Puertollano
- digitalUploaded byMangala Semage
- U2 - M3 - Security MechanismsUploaded byGarvitJain
- Text Cryptosystem Based on Elliptic Curve Cryptography for NetworksUploaded byeditor_ijcat
- Enhancing Data Security in Cloud Computing Using RSA Encryption and MD5 AlgorithmUploaded byEighthSenseGroup
- Cyber Law PresentationUploaded bybhuvanachawla
- US Federal Reserve: 3000p5Uploaded byThe Fed
- 5.[29-38]a Practical Approach for Implementation of Public Key Infrastructure for Digital SignaturesUploaded byiiste
- Cl Module IIIUploaded bykrishnanand
- Advantages and Disadvantages of Symmetric and Asymmetric Key Encryption MethodsUploaded byronics123
- Understanding PKIUploaded byayazbutt1
- Comp SeutrityUploaded byarchana_sree13
- Digital Signature GuidelinesUploaded byapi-3798769
- Public Key Cryptography and RSAUploaded byryu447
- [IJCST-V4I3P3]:Godavari H. Kudlikar, Sunita S. BarveUploaded byEighthSenseGroup
- Lecture 9Uploaded byAbdelrahman
- GemSafeAppletUploaded byggorbis
- Cryptography Network SecurityUploaded bysusmi
- 22 Network Security and CryptograpyUploaded byRamana Yellapu
- Public Key CryptographyUploaded byJoshiAbhishek

- 59760432-Brain-ChipsUploaded bySoumith Reddy
- grenew.txtUploaded byNainesh Kumar
- Wooley MultiplierUploaded byNainesh Kumar
- Logic Synthesis of Fault Bcd AdderUploaded byNainesh Kumar
- C questions.docxUploaded byNainesh Kumar
- wooley.txtUploaded byNainesh Kumar
- c Interview QuestionssUploaded byNainesh Kumar
- Programing C.txtUploaded byNainesh Kumar
- C questions.docxUploaded byNainesh Kumar
- Woooley Multiplier.docUploaded byNainesh Kumar
- New Microsoft Word Document (2)Uploaded byNainesh Kumar
- Sai AnnaUploaded byNainesh Kumar
- New Text Document.txtUploaded byNainesh Kumar
- New Microsoft Office Word DocumentUploaded byNainesh Kumar
- 1Uploaded byNainesh Kumar
- Digital Signature Project ReportUploaded bySurabhi Agrawal
- A_Seminar_Report_On_DIGITAL_SIGNATURE_AL.pdfUploaded byNainesh Kumar
- gre.txtUploaded byNainesh Kumar
- HelloUploaded byNainesh Kumar

- Paper Twofish PaperUploaded byruptus
- Chapter 8 ProblemsUploaded byPuneet Singhal
- EnCase Forensic Imager v7.06 User's GuideUploaded byNeetish Jayant
- Symmetric encryption, DES, AES, MAC, Hash algorithms, HMACUploaded byMukesh
- Ecryptfs Enterprise LinuxUploaded byrgolfnut1
- Practical Byzantine Fault ToleranceUploaded bySouthlakeguy
- SHA Algorithms ExplainedUploaded byShradha Shah
- Statistical & Performance Analysis of SHA-3 Hash CandidatesUploaded byrosslovelady
- Acoustic Fingerprinting SystemUploaded byAinuddin Faizan
- Sms Based Secure MobileUploaded bybob505
- SECURE FILE MANAGEMENT SYSTEM FOR JAVA CARDSUploaded byijfcstjournal
- 17) Digital Signature.docxUploaded byTelika Ramu
- Eliminating Vulnerable Attacks Using One-Time Password and PassText – Analytical Study of Blended SchemaUploaded byAsrul Masri
- user seqUploaded byDinuka Thilanga
- rsa algmUploaded byReddy Shekar
- CBPStudyGuide.pdfUploaded bydeepakbarhate
- Windows Azure and Java Working With Blob Storage – PersistentUploaded byArya Golriz
- Mobile Security Testing Guide PreviewUploaded bydheutin
- RSA Based CPDP with Adaptive Indexed Cluster for Distributed Cloud Storage ServicesUploaded byInternational Journal for Scientific Research and Development - IJSRD
- Duplicate Cleaner LogUploaded byDedianto Dede
- Cryptography in NET SuccinctlyUploaded byIt Option
- Manjaro - Guia UsuarioUploaded bypablofs_93
- NS-2 Security Node DocumentUploaded byManasa Gunda
- ProgrammingC#_July_2015.pdfUploaded byiuqamberi
- WP0156 Software Signing on the Blockchain v6Uploaded bycraig
- Bitcoin Improvement Proposal 70 (BIP-70)Uploaded byessofluffy
- Hack Proofing MysqlUploaded byycescudero
- EcashUploaded byapi-3746880
- Kaseya API guide - R8Uploaded byk3moy
- Checklist Oracle v3.1Uploaded bydrosas_2001