Scribd Logo
Unggah

Selamat datang di Scribd!

  • 07-Digital Signature Standards

    Diunggah oleh

    Akash Jain
    40 tayangan24 halaman

    Hak Cipta

    © Attribution Non-Commercial (BY-NC)

    Format Tersedia

    PPT, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PPT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    40 tayangan24 halaman

    07-Digital Signature Standards

    Diunggah oleh

    Akash Jain

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PPT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 24

    Chapter 7

    Digital Signature Standards


    Digital Signature Standards
    Some Well-Known Digital Signature
    Standards
    The U.S.A. national standard : DSS.
    The Russia national standard : GOST.
    Japan national standard : ESIGN.
    De factor standard : RSA.
    ISO/ICE 9796 : RSA
    The U.S.A national standard X9.30-199 : RSA,
    ElGamal.
    Digital Signature Standards
    ElGamal
    Schnorr
    DSA
    GOST 28147 (, 89 )
    GOST 34.11 (, 94 )
    GOST 34.10(, 94 )
    ElGamal Signature Algorithm
    ElGamal Signature Algorithm
    (1/3)
    Some mathematics :
    Suppose two integers a and n such that GCD(a, n)=1. Then
    a
    x
    (mod n) a
    x

    (mod(n))
    mod n.
    Some proof :
    Let for some k.

    y n k x n x y + = = ) ( )) ( (mod
    ) (mod ) (mod 1 ) (mod
    1 ) (mod 1 ) (mod
    ) (mod ) (mod
    ) (
    ) ( ) (
    ) (
    n a a n a n a
    n a n a
    n a n a
    n k x x x
    n k n
    y n k x

    +
    = =
    = =
    =

    ) (mod ) (mod
    )) ( (mod
    n a n a
    n x y
    = =
    ElGamal Signature Algorithm
    (2/3)
    Key Generation :
    1. Select a large prime number p and the primitive root g in
    Z
    p
    *
    , then publish p and g.
    2. Select a number x in Z
    p-1
    .
    3. Calculate yg
    x
    (mod p).
    4. The public key is y and the private key is x.
    ElGamal Signature Algorithm
    (3/3)
    For plaintext M and signature S :
    Sign :
    1. The signer randomly select a number keZ
    p-1
    .
    2. Calculate r=g
    k
    (mod p).
    3. Calculate s=k
    -1
    (M-xr) (mod p-1)
    4. The signature S = (r, s).
    Verify :
    1. Is g
    M
    =y
    r
    r
    s
    (mod p) true ?
    2. If true, the signature is right.
    3. Otherwise, the signature is wrong.
    Schnorr Signature Algorithm
    Schnorr Signature Algorithm
    (1/3)
    Key Generation :
    1. Select a large prime number p>2
    512
    .
    2. Select a prime q such that q|p-1 and q >2
    160
    .
    3. Select a ordered q primitive root g in Z
    p
    *
    and g=1.
    4. Publish p, q, and g.
    5. Select a number x in Z
    q
    .
    6. Calculate yg
    x
    (mod p).
    7. The public key is y and the private key is x.
    Schnorr Signature Algorithm
    (2/3)
    For plaintext M and signature S :
    Sign :
    1. The signer randomly select a number keZ
    q
    .
    2. Calculate r=g
    k
    (mod p).
    3. Calculate e=h(r, M), where h is a public one-way hash
    function.
    4. Calculate s=k-xe (mod q)
    5. The signature S = (e, s).
    Schnorr Signature Algorithm
    (3/3)
    For signature S :
    Verify :
    1. Calculate r=g
    s
    y
    e
    (mod p).
    2. Is e=h(r, M) true ?
    If true, the signature is right.
    Otherwise, the signature is wrong.
    DSA
    Digital Signature Algorithm
    Nation Institute of Standard and Technology
    (NIST), 1991.
    DSA Signature Algorithm (1/3)
    Key Generation :
    1.Select a 512 ~ 1024-bit prime number p.
    2.Select a 160-bit prime q such that q|p-1.
    3.Select an ordered q primitive root g in Z
    p
    *
    and g=1.
    4.Publish p, q, and g.
    5.Select a number x in Z
    q
    .
    6.Calculate yg
    x
    (mod p).
    7.The public key is y and the private key is x.
    DSA Signature Algorithm (2/3)
    For plaintext M and signature S :
    Sign :
    1.The signer randomly select a number keZ
    q
    .
    2.Calculate r=g
    k
    (mod p) (mod q).
    3.Calculate s=k
    -1
    (M+xr) (mod q)
    4.The signature S = (r, s).
    DSA Signature Algorithm (3/3)
    For signature S :
    Verify :
    1.Check 0srsq and 0sssq. If one condition is not
    true, the signature is wrong.
    2.Calculate t=Ms
    -1
    (mod q).
    3.Calculate u=rs
    -1
    (mod q).
    4.Is r=g
    t
    y
    u
    (mod p) (mod q) true ?
    If true, the signature is right.
    Otherwise, the signature is wrong.
    Verification
    r=g
    t
    y
    u
    (mod p) (mod q)?
    g
    t
    y
    u
    =g
    M/s
    g
    x(r/s)
    =g
    (M+xr)/s
    =

    g
    k
    =r (mod q)
    DSS and DSA
    DSA (Digital Signature Algorithm) was published by
    Nation Institute of Standards and Technology (NIST)
    in 1991.
    DSS (Digital Signature Standard) is a signature
    standard based on DSA.
    Some Positive Comments on DSS
    The length of signature is shorter.
    The key generation is faster.
    The processing time cost is less if signer generates
    many r and store them first.
    Its been authenticated by the U.S.A government.
    Some Negative Comments on DSS
    DSS and RSA are not compatible.
    If s is 0, the verification will fail.
    The verification process is 100 times slower than
    RSA.
    GOST Family
    GOST 34.10 is the digital signature standard of
    Russia.
    Some other standards:
    GOST34.28147 a block cipher standard.
    GOST34.11 a one-way hash function.
    GOST34.11 (1/3)
    Key Generation :
    1. Select a prime number p such that 2
    509
    sps 2
    512
    or
    2
    1020
    sps2
    1024
    .
    2. Select a prime q such that q|p-1 and 2
    254
    sps2
    256
    .
    3. Select a ordered q primitive root g in Z
    p
    *
    and g=1.
    4. Publish p, q, and g.
    5. Select a number x in Z
    q
    .
    6. Calculate yg
    x
    (mod p).
    7. The public key is y and the private key is x.
    For plaintext M and signature S :
    Sign :
    1. Calculate h(M), where h is a one-way hash
    function.
    2. The signer randomly select a number keZ
    q
    .
    3. Calculate r=g
    k
    (mod p) (mod q).
    4. Calculate s=k
    -1
    (M+xr) (mod q)
    5. The signature S = (r, s).
    GOST34.11 (2/3)
    For signature S :
    Verify :
    1. Check 0<r<q and 0<s<q. If one condition is not
    true, the signature is wrong.
    2. Calculate t=sh(M)
    (q-2)
    (mod q).
    3. Calculate u=(q-r)h(M)
    (q-2)
    (mod q).
    4. Is r=g
    t
    y
    u
    (mod p) (mod q) true ?
    5. If true, the signature is right.
    6. Otherwise, the signature is wrong.
    GOST34.11 (3/3)

    Anda mungkin juga menyukai