Embed Size (px)
DESCRIPTION
Digital Signatures. CSCI381 Fall 2005 GWU. Definition. P : set of plaintext S : set of signatures K : keyspace private function: sig k : P S public function: ver K : P X S {true, false} ver K (m, s) = true iff sig K (m) = s; else ver K (m, s) = false - PowerPoint PPT Presentation
Citation preview
CSCI381 Fall 2005
GWU
Digital Signatures
04/19/23 CS284/Spring05/GWU/Vora/Signatures 2
Definition
• P: set of plaintext
• S: set of signatures
• K: keyspace
• private function: sigk: P S
• public function: verK : P X S {true, false}
• verK(m, s) = true iff sigK(m) = s; else verK(m, s) = false
• {m, sigK(m)} is a signed message
04/19/23 CS284/Spring05/GWU/Vora/Signatures 3
El Gamal Digital Signature
• For a key K= (p, , , a); = a mod p; a private
• Choose random k invertible in Zp-1
• sigK(x, k) = (=k mod p, =(x-a)k-1 mod p-1)
• verK(x, (G, D)) = true GGD=x mod p
• Depends on security of the DL problem: Find a given p, ,
04/19/23 CS284/Spring05/GWU/Vora/Signatures 4
Digital Signature Example
• K= (p=11, =2, =5, a=4); = a mod p; a private
• Choose random k=3 invertible in Zp-1
• sigK(x=7, k=3) = (=k mod p, =(x-a)k-1 mod p-1) = (8, 5)
• verK(x, (G, D)) = true GGD=x mod p (7 mod 11)
04/19/23 CS284/Spring05/GWU/Vora/Signatures 5
DSA
Uses SHA(x) instead of X
04/19/23 CS284/Spring05/GWU/Vora/Signatures 6
Discrete Log in Elliptic Curves
As before, only group is no longer Zp*
The problem is to determine a given P and Q = aP in the elliptic curve group
The best-known algorithm for breaking DL over Zp*
takes less time than that for breaking DL over an elliptic curve group of the same size
