6
CSCI381 Fall 2005 GWU Digital Signatures

Digital Signatures

Embed Size (px)

DESCRIPTION

Digital Signatures. CSCI381 Fall 2005 GWU. Definition. P : set of plaintext S : set of signatures K : keyspace private function: sig k : P  S public function: ver K : P X S  {true, false} ver K (m, s) = true iff sig K (m) = s; else ver K (m, s) = false - PowerPoint PPT Presentation

Citation preview

Page 1: Digital Signatures

CSCI381 Fall 2005

GWU

Digital Signatures

Page 2: Digital Signatures

04/19/23 CS284/Spring05/GWU/Vora/Signatures 2

Definition

• P: set of plaintext

• S: set of signatures

• K: keyspace

• private function: sigk: P S

• public function: verK : P X S {true, false}

• verK(m, s) = true iff sigK(m) = s; else verK(m, s) = false

• {m, sigK(m)} is a signed message

Page 3: Digital Signatures

04/19/23 CS284/Spring05/GWU/Vora/Signatures 3

El Gamal Digital Signature

• For a key K= (p, , , a); = a mod p; a private

• Choose random k invertible in Zp-1

• sigK(x, k) = (=k mod p, =(x-a)k-1 mod p-1)

• verK(x, (G, D)) = true GGD=x mod p

• Depends on security of the DL problem: Find a given p, ,

Page 4: Digital Signatures

04/19/23 CS284/Spring05/GWU/Vora/Signatures 4

Digital Signature Example

• K= (p=11, =2, =5, a=4); = a mod p; a private

• Choose random k=3 invertible in Zp-1

• sigK(x=7, k=3) = (=k mod p, =(x-a)k-1 mod p-1) = (8, 5)

• verK(x, (G, D)) = true GGD=x mod p (7 mod 11)

Page 5: Digital Signatures

04/19/23 CS284/Spring05/GWU/Vora/Signatures 5

DSA

Uses SHA(x) instead of X

Page 6: Digital Signatures

04/19/23 CS284/Spring05/GWU/Vora/Signatures 6

Discrete Log in Elliptic Curves

As before, only group is no longer Zp*

The problem is to determine a given P and Q = aP in the elliptic curve group

The best-known algorithm for breaking DL over Zp*

takes less time than that for breaking DL over an elliptic curve group of the same size