Presentation by: Ajay Chauhan 2954/996

Digital signature is a protocol that produces the same

effect as a real signature: It is a mark that only the sender can make , but other people can easily recognize as belongings to the sender. Just like a real signature, a digital signature is used to confirm agreement to a message.

Properties
A digital Signature must meet two primary conditions: It must be unforgeable .If person P signs message M with signature S(P,M), it is impossible for anyone else to produce the pair [M,S(P,M)]. It must be authentic. If a person R receives the pair [M,S(P,M)] purportedly from P, R can check that the signature is really from P. Only P could have created this signature, and the signature is firmly attached to M

Two more properties, also drawn with the paper-based environment , are desirable for transactions completed with the aid of digital signatures: It is not alterable. After being transmitted , M cannot be changed by S,R, or an interceptor. It is reusable. A previous message presented again will be instantly detected by R.

Public Key Protocol

Public key encryption systems are ideally suited to

digital signatures Let us assume Public key encryption for user U is accessed through E(M,KU) Private key transformation for U is written as D(M,KU) E as the privacy transformation (since only U can decrypt it) D as the authenticity transformation (since only U can produce it)

 If S wishes to send M to R,S uses the authenticity

transformation to produce D(M,KS). S then sends D(M,KS) to R R decodes the message with the public key transformation of S, computing E(D(M,KS),KS)=M Since only S can create a message that make under E(,KS), the message must genuinely have come from S. This test satisfies the authenticity requirement. R will save D(M,KS).If S should later allege that the message is a forgery .R can simply show M and D(M,KS). Anyone can verify that since D(M,KS) is transformed to M with the public key transformation of S-but only S could have produced D(M,KS)-then D(M, KS) must be from S. This test satisfies the

unforgeable requirement.

El Gamal and Digital Signature Algorithms

Another public key algorithm was devised in 1984 by

El Gamal While this algorithm is not widely used directly, it is of considerable importance in the U.S. Digital Signature Standard (DSS) of NIST. This algorithm relies on the difficulty of computing discrete logarithms over finite fields.

El Gamal Algorithm
In the El Gamal algorithm, to generate a key pair, first

chose a prime p and two integers, a and x, such that a<p and x<p and calculate y=ax mod p The prime p should be chosen so that (p-1) has a large prime factor ,q. The private key is x and the public key is y, along with parameters p and a.

 To sign a message m, choose a random integer k, 0<k<p-1,

which has not been used before and which is relatively prime to ( p-1), and compute r = ak mod p and s=k-1(m-xr) mod (p-1) While k-1 is the multiplicative inverse of k mod (p-1),so that k*k-1 =1 mod (p-1). The message signature is then read r and s. A recipient can use the public key y to compute yr rs mod p and determine that it is equivalent to am mod p. To defeat this encryption and infer the values of x and k given r, s, and m, the intruder could find a means of computing a discrete logarithms to solve y=a s and r=a k

Digital Signature Algorithm

The U.S. Digital Signature Algorithm (DSA) (also

called the Digital Signature Standard or DSS) is the El Gamal algorithm with a few restrictions. First, the size of p is specifically fixed at 2511 <p <2512 (so that p is roughly 170 decimal digits long) Second , q, the large prime factor of (p-1) is chosen so that 2159 <p <2160 . The algorithm explicitly uses H(m), a hash value, instead of the full message text m. Finally, the computations of r and s are taken mod q

Thankyou