07-Digital Signature Standards
-
Upload
akash-jain -
Category
Documents
-
view
221 -
download
0
Transcript of 07-Digital Signature Standards
-
8/2/2019 07-Digital Signature Standards
1/24
Chapter 7
Digital Signature Standards
-
8/2/2019 07-Digital Signature Standards
2/24
Digital Signature Standards
-
8/2/2019 07-Digital Signature Standards
3/24
Some Well-Known Digital Signature
Standards
The U.S.A. national standard : DSS.
The Russia national standard : GOST.
Japan national standard : ESIGN.
De factor standard : RSA. ISO/ICE 9796 : RSA
The U.S.A national standard X9.30-199 : RSA,
ElGamal.
-
8/2/2019 07-Digital Signature Standards
4/24
Digital Signature Standards
ElGamal
Schnorr
DSA
GOST 28147 (, 89 )
GOST 34.11 (, 94 )
GOST 34.10(, 94 )
-
8/2/2019 07-Digital Signature Standards
5/24
ElGamal Signature Algorithm
-
8/2/2019 07-Digital Signature Standards
6/24
ElGamal Signature Algorithm
(1/3)
Some mathematics : Suppose two integers a and n such that GCD(a, n)=1. Then
ax(mod n) ax(mod(n)) mod n.
Some proof :
Let for some k.ynkxnxy )())((mod
)(mod)(mod1)(mod
1)(mod1)(mod
)(mod)(mod
)(
)()(
)(
naanana
nana
nana
nkxxx
nkn
ynkx
)(mod)(mod))((mod
nananxy
-
8/2/2019 07-Digital Signature Standards
7/24
ElGamal Signature Algorithm
(2/3)
Key Generation :1. Select a large prime numberp and the primitive root g in
Zp*, then publishp and g.
2. Select a numberx in Zp-1.
3. Calculateygx (mod p).
4. The public key isy and the private key isx.
-
8/2/2019 07-Digital Signature Standards
8/24
ElGamal Signature Algorithm
(3/3)
For plaintext M and signature S : Sign :
1. The signer randomly select a number kZp-1.
2. Calculate r=gk(mod p).
3. Calculate s=k-1(M-xr) (mod p-1)
4. The signature S = (r, s).
Verify :
1. Is gM=yrrs (mod p) true ?
2. If true, the signature is right.3. Otherwise, the signature is wrong.
-
8/2/2019 07-Digital Signature Standards
9/24
Schnorr Signature Algorithm
-
8/2/2019 07-Digital Signature Standards
10/24
Schnorr Signature Algorithm
(1/3)
Key Generation :
1. Select a large prime number p2512.
2. Select a prime q such that q|p-1 and q 2160.
3. Select a ordered q primitive root g in Zp* and g1.
4. Publish p, q, and g.
5. Select a numberx in Zq.
6. Calculateygx (mod p).
7. The public key isy and the private key isx.
-
8/2/2019 07-Digital Signature Standards
11/24
Schnorr Signature Algorithm
(2/3)
For plaintext M and signature S : Sign :
1. The signer randomly select a number kZq.
2. Calculate r=gk
(mod p).3. Calculate e=h(r, M), where h is a public one-way hash
function.
4. Calculate s=k-xe (mod q)
5. The signature S = (e, s).
-
8/2/2019 07-Digital Signature Standards
12/24
Schnorr Signature Algorithm
(3/3)
For signature S : Verify :
1. Calculate r=gsye (mod p).
2. Is e=h(r, M) true ? If true, the signature is right.
Otherwise, the signature is wrong.
-
8/2/2019 07-Digital Signature Standards
13/24
DSA
Digital Signature Algorithm
Nation Institute of Standard and Technology(NIST), 1991.
-
8/2/2019 07-Digital Signature Standards
14/24
DSA Signature Algorithm (1/3)
Key Generation :1.Select a 512 ~ 1024-bit prime number p.
2.Select a 160-bit prime q such that q|p-1.
3.Select an ordered q primitive root g in Zp* and g1.4.Publish p, q, and g.
5.Select a numberx in Zq.
6.Calculateygx (mod p).7.The public key isy and the private key isx.
-
8/2/2019 07-Digital Signature Standards
15/24
DSA Signature Algorithm (2/3)
For plaintext M and signature S : Sign :
1.The signer randomly select a number kZq.
2.Calculate r=gk(mod p) (mod q).
3.Calculate s=k-1(M+xr) (mod q)
4.The signature S = (r, s).
-
8/2/2019 07-Digital Signature Standards
16/24
DSA Signature Algorithm (3/3)
For signature S : Verify :
1.Check 0rq and 0sq. If one condition is not
true, the signature is wrong.
2.Calculate t=Ms-1 (mod q).
3.Calculate u=rs-1 (mod q).
4.Is r=gtyu (mod p) (mod q) true ?If true, the signature is right.
Otherwise, the signature is wrong.
-
8/2/2019 07-Digital Signature Standards
17/24
Verification
r=gtyu (mod p) (mod q)?
gtyu =gM/s gx(r/s) =g(M+xr)/s =gk=r (mod q)
-
8/2/2019 07-Digital Signature Standards
18/24
DSS and DSA
DSA (Digital Signature Algorithm) was published byNation Institute of Standards and Technology (NIST)
in 1991.
DSS (Digital Signature Standard) is a signature
standard based on DSA.
-
8/2/2019 07-Digital Signature Standards
19/24
Some Positive Comments on DSS
The length of signature is shorter. The key generation is faster.
The processing time cost is less if signer generates
many r and store them first. Its been authenticated by the U.S.A government.
-
8/2/2019 07-Digital Signature Standards
20/24
Some Negative Comments on DSS
DSS and RSA are not compatible. If s is 0, the verification will fail.
The verification process is 100 times slower than
RSA.
-
8/2/2019 07-Digital Signature Standards
21/24
GOST Family
GOST 34.10 is the digital signature standard ofRussia.
Some other standards:
GOST34.28147a block cipher standard.
GOST34.11a one-way hash function.
-
8/2/2019 07-Digital Signature Standards
22/24
GOST34.11 (1/3)
Key Generation :
1. Select a prime number p such that 2509p 2512 or
21020p21024.
2. Select a prime q such that q|p-1 and 2254p2256.
3. Select a ordered q primitive root g in Zp* and g1.
4. Publish p, q, and g.
5. Select a numberx in Zq.
6. Calculateygx (mod p).
7. The public key isy and the private key isx.
-
8/2/2019 07-Digital Signature Standards
23/24
For plaintext M and signature S : Sign :
1. Calculate h(M), where h is a one-way hash
function.2. The signer randomly select a number kZq.
3. Calculate r=gk(mod p) (mod q).
4. Calculate s=k-1
(M+xr) (mod q)5. The signature S = (r, s).
GOST34.11 (2/3)
-
8/2/2019 07-Digital Signature Standards
24/24
For signature S :
Verify :
1. Check 0