Académique Documents
Professionnel Documents
Culture Documents
digital
signatures
Benedictine University
MATH 390: Cryptography
2 April 2008
1
Menu
The problem of authentication
2
PROBLEM: AUTHENTICATION
3
HAS THIS EMAIL BEEN SIGNED?
4
HOW ABOUT NOW?
5
6
A TRUE SIGNATURE:
• IS AUTHENTIC
• CANNOT BE FORGED
• CANNOT BE REUSED
• PROVES DOCUMENT HAS NOT BEEN ALTERED
• CANNOT BE REPUDIATED
GOAL: DIGITAL SIGNATURES WHICH DO THIS FOR ELECTRONIC
DOCUMENTS.
7
Implementation
8
PUBLIC-KEY CRYPTOGRAPHY
Decryption
Encryption
function
function
Original
Plaintext Ciphertext
plaintext
Dear Bob - The Qrne Obo - Gur
meeting will be at zrrgvat jvyy or ng Dear Bob - The
the embassy. gur rzonffl. meeting will be
at the embassy.
Alice Bob
Eve
No secret key is ever
exchanged
Alice does not need
her own key to use the Public Private
system (e,n) d
9
KID CRYPTO
Choose positive integers A, B, a, and b.
M = ab − 1
e = AM + a
d = BM + b
ed − 1
n =
M
Public key: (e, n)
Private key: d
10
H E L P 07 04 11 15
TALBERT’S PUBLIC KEY: (E = 3242, N = 19723)
Encryption: Compute y = (ex) mod n for each number.
E 4 12698
L 11 15939
P 15 9184
11
2971 12698 15939 9184
TALBERT’S PRIVATE KEY: D = 1965
Decryption: Compute z = (dy) mod n for each number.
2971 7 H
12698 4 E
15939 11 L
9184 15 P
12
WHY KID CRYPTO WORKS
X = PLAINTEXT “CHARACTER”
ed − 1
n=
M
13
DIGITAL SIGNATURE = MESSAGE
ENCRYPTED WITH PRIVATE KEY
I HEREBY GIVE YOU I HEREBY GIVE YOU A
I HEREBY GIVE RAISE.
A RAISE.
YOU A RAISE. I HEREBY GIVE YOU A
192 2343 9102 ... RAISE.
s = dx mod n
BOB
15
I HEREBY GIVE YOU I HEREBY GIVE YOU A
I HEREBY GIVE RAISE.
A RAISE.
YOU A RAISE. X FLBRUG YTEX BIP Q
228 1893 189 ... XETIA.
PUBLIC PRIVATE
EVIL
(E,N) FAKE
D D
16
A TRUE SIGNATURE:
• IS AUTHENTIC
• CANNOT BE FORGED
• CANNOT BE REUSED
• PROVES DOCUMENT HAS NOT BEEN ALTERED
• CANNOT BE REPUDIATED
17
Public-key system as
signature system
Sender encrypts the message with his private key,
attaches “ciphertext” to the plaintext message.
18
A national standard?
1977: RSA INVENTED 1994: DSA APPROVED
19
227 = 2 × 10 + 2 × 10 + 7 × 10
2 1 0
+0 × 2 + 0 × 2 + 1 × 2 + 1 × 2
3 2 1 0
= 11100011
BINARY FORM OF 227 5 = 101
227 IS AN 8-BIT INTEGER 1967 =11110101111
! "
ln N
Bit length of N = +1
ln 2
20
HI, BOB. HOW’S IT GOING?
(SIGNATURE ATTACHED)
Alice Bob
AUTHENTICATED
21
1: SYSTEM-WIDE PARAMETERS
Name Description
α = h(p-1)/q mod p
α Where h is any number ≤ p-1
such that h(p-1)/q is > 1
22
2: KEY GENERATION
PRIVATE KEY
Random integer x such that
1 ≤ x ≤ q-1
Alice
PUBLIC KEY
y = α mod p
x
23
3: SIGNING
Has:
Message m
Public key y, Private key x
System parameters p, q, α
Alice
SIGNATURE: (R,S).
24
4: AUTHENTICATING
Receives:
Message m
Signature (r,s)
Has:
Public key y; System parameters p, q, α BOB
Verify 0 < r, s < q. Reject if not.
Compute H(m) and w = s−1 mod q.
u1 = (w · H(m)) mod q u2 = (rw) mod q
v = (α y u1 u 2
mod p) mod q
IF V = R AUTHENTICATED.
25
v = (α yu1 u 2
mod p) mod q
s = k (H(m) + xr) mod q
−1
!
s−1
= k H(m) + xr) mod q
−1
α u1
=α wH(m) mod q y u2 = (αx )u2 mod p
= α xrw mod q
mod p
26
v = (α y mod p) mod q
u1 u 2
! k
= α mod p) mod q
r = (α mod p) mod q
k
IF V = R AUTHENTICATED.
IF V ≠ R NO AUTHENTICATION.
27
I HEREBY GIVE YOU I HEREBY GIVE YOU A
I HEREBY GIVE RAISE.
A RAISE.
YOU A RAISE. I HEREBY GIVE YOU A
(R,S) RAISE.
SYSTEM: P, Q
Alice Bob
PUBLIC
y=αx
mod p HOW TO PRODUCE A FORGED (R,S) ON A
NEW MESSAGE?
28
FORGERY METHOD 1: RECOVER ALICE’S
PRIVATE KEY FROM AVAILABLE
INFORMATION.
y = α mod px
SOLVE FOR X
29
FORGERY METHOD 2: USE R TO RECOVER K.
r = (α mod p) mod q
k
30
FORGERY METHOD 3: HOPE FOR LAZINESS.
Gotcha!
s1 k − H(m1 ) = xr mod q
s2 k − H(m2 ) = xr mod q
k = (s1 − s2 ) −1
(H(m1 ) − H(m2 )) mod q
31
Further issues
One-way hash functions and their security (SHA-1,
MD5)
Electronic currency
Electronic notarization
32
Contact
Robert Talbert, PhD
Department of Mathematics and Computing
Franklin College
101 Branigin Blvd.
Franklin, IN 46131
rtalbert@franklincollege.edu
33