Digital signatures. Informal properties


 Gillian Knight
 3 years ago
 Views:
Transcription
1 Digital signatures Informal properties Definition. A digital signature is a number dependent on some secret known only to the signer and, additionally, on the content of the message being signed Property. A digital signature must be verifiable If a dispute arises an unbiased third party must be able to solve the dispute equitably, without requiring access to the signer's secret A.A Digital signatures 2
2 Classification Digital signatures with appendix require the original message as input to the verification algorithm; use hash functions Examples: ElGamal, DSA, DSS, Schnorr Digital signatures with message recovery do not require the original message as input to the verification algorithm; the original message is recovered from the signature itself; Examples: RSA, Rabin, NybergRueppel A.A Digital signatures 3 Definitions Digital signatures with appendix M is the message space h is a hash function with domain M M h is the image of h S is the signature space Key generation Alice selects a private key d A which defines a signing algorithm S A which is a onetoone mapping S A : M h S Alice defines the corresponding public key e A defining the verification algorithm V A such that V A (m*, s) = true if S A (m*) = s and false otherwise, for all m* M h and s S, where m* = h(m) for m M. A.A Digital signatures 4
3 Digital signatures with appendix The signing process M M h S h S A m m* s Signature generation process Compute m* = h(m), s = S A (m*) Send (m, s) A.A Digital signatures 5 Digital signature with appendix Verification process Obtain A s public key V A Compute m* = h(m), u = V A (m*, s) Accept the signature iff u = true A.A Digital signatures 6
4 Digital Signature with appendix Properties of S A and V A (efficiency) S A should be efficient to compute (efficiency) V A should be efficient to compute (security) It should be computationally infeasible for an entity other than A to find an m M and an s S such that V A (m*, s) = true, where m* = h(m) A.A Digital signatures 7 Digital Signature with message recovery Definitions M is the message space M S is the signing space S is the signature space Key generation A selects a private key d A defining a signing algorithm S A which is a onetoone mapping S A : M S S A defines the corresponding public key defining the verification algorithm V A such that V A S A is identity map on M S. A.A Digital signatures 8
5 Digital signature with message recovery M The signing process M R S R S A m m* s M S Compute m* = R(m), R is a redundancy function (invertible) Compute s = S A (m*) A.A Digital signatures 9 Digital signature with message recovery The signing process M M R S R S A m m* s Obtain authentic public key V A Compute m* = V(s) M S Verify if m* M S (if not, reject the signature) Recover the message m = R 1 (m*) A.A Digital signatures 10
6 Digital signatures with message recovery Properties of S A and V A (efficiency) S A should be efficient to compute (efficiency) V A should be efficient to compute (security) It should be computationally infeasible for an entity other than A to find an s S such that V A (s) M S A.A Digital signatures 11 Dig sig with message recovery The redundancy function R and R 1 are publicly known Selecting an appropriate R is critical to the security of the system A bad redundancy function may lead to existential forgery Let us suppose that MR MS R and SA are bijections, therefore M and S have the same number of elements Therefore, for all s S, VA(s) MR. Hence, it is easy to find an m for which s is the signature, m = R 1 (VA(s)) s is a valid signature for m (existential forgery) A.A Digital signatures 12
7 Digital signatures with message recovery A good redundancy function although too redundant Example M = {m : m {0, 1} n }, M S = {m : m {0, 1} 2n } R: M M S, R(m) = m m (concatenation) M R M S When n is large, M R / M S = (1/2) n is small. Therefore, for an adversary it is unlikely to choose an s that yields V A (s) M R ISO/IEC 9776 is an international standard that defines a redundancy function for RSA and Rabin A.A Digital signatures 13 Dig sig with appendix from message recovery Signature generation Compute m* = R(h(m)), s = S A (m*) A s digital signature for m is s m, s are made available to anyone who may wish to verify the signature Signature verification Obtain A s public key VA Compute m* = R(h(m)), m = V A (s), and u = (m == m*) Accept the signature iff u = true Comment R is not security critical anymore and can be any onetoone mapping A.A Digital signatures 14
8 Types of attacks BREAKING A SIGNATURE Total break adversary is able to compute the signer s private key Selective forgery adversary controls the messages whose signature is forged Existential forgery adversary has no control on the messages whose signature is forged A.A Digital signatures 15 Types of attacks KEYONLY ATTACKS Adversary knows only the signer s public key MESSAGE ATTACKS knownmessage attack An adversary has signatures for a set of messages which are known by the adversary but not chosen by him chosenmessage attack In this case messages are chosen by the adversary adaptive chosenmessage attack In this case messages are adaptively chosen by the adversary A.A Digital signatures 16
9 Attacks a few considerations Adaptive chosenmessage attack It is the most difficult attack to prevent Although an adaptive chosenmessage attack may be infeasible to mount in practice, a welldesigned signature scheme should nonetheless be designed to protect against the possibility The level of security may vary according to the application Example 1. When an adversary is only capable of mounting a keyonly attack, it may suffice to design the scheme to prevent the adversary from being successful at selective forgery. Example 2. When the adversary is capable of a message attack, it is likely necessary to guard against the possibility of existential forgery. A.A Digital signatures 17 Attacks a few considerations Hash functions and digital signature processes When a hash function h is used in a digital signature scheme (as is often the case), h should be a fixed part of the signature process so that an adversary is unable to take a valid signature, replace h with a weak hash function, and then mount a selective forgery attack. Example. Let m, s where s = S A (h(m)). Let adversary be able to replace h with a weaker hash function g that is vulnerable to selective forgery. Then the adversary can determine m such that g(m ) = h(m); and replace m with m A.A Digital signatures 18
10 Digital signatures RSABASED DIG SIG A.A Digital signatures 19 RSA Key generation (see public key encryption) Signing operation: exponentiation by priv key Verification opeartion: exponentiation by pub key A.A Digital signatures 20
11 Types of RSAbased dig sig Digital signature with message recovery Redundancy function A suitable redundancy function is necessary in order to avoid existential forgery IOS/IEC 9796 (1991) defines a mapping that takes a kbit integer and maps it into a 2kbits integer Digital signature scheme with appendix MD5 (128 bit) PKCS#1 specifies a redundancy function mapping 128bit integer to a kbit integer, where k is the modulus size (k>512, k = 768, 1024) A.A Digital signatures 21 Attacks Same attacks as the cipher Multiplicative property of RSA Requirement on R: a necessary condition for avoiding existential forgery is that R must not satisfy the multiplicative property. A.A Digital signatures 22
12 The reblocking problem The problem. If Alice wants to send a secret and signed message to Bob then it must be n A < n B Possible solutions Reordering: the operation with the smaller modulus is performed first CONS: The preferred order is always to sign first and encrypt later Two moduli for entity Each entity has two moduli Moduli for signing (e.g., tbits) are always smaller of all possible moduli for encryption (e.g., t+1bits) A.A Digital signatures 23 Probabilistic Signature Standard (PSS) Schoolbook RSA is subject to existential forgery The attack can be prevented by allowing only certain message formats (padding) Probabilistic Signature Standard s = EM d mod n Alternative to PKCS#1 PROS Verifiable secure Salting makes EM probabilistic A.A Digital signatures 24
13 Digital Signature DIGITAL SIGNATURES BASED ON EL GAMAL A.A Digital signatures 25 Discrete Logarithm Systems Discrete Logarithm Systems! Let p be a prime, q a prime divisor of p 1 and g [1, p 1] has order q! Let x be the private key selected at random from [1, q 1]! Let y be the corresponding public key y = g x mod p Discrete Logarithm Problem (DLP)! Given (p, q, g) and y, determine x A.A Digital signatures 26
14 El Gamal digital signature Signature Randomly select k Z* p 1 r = g k mod p, s = (h(m) xr)k 1 mod (p 1) The pair (r, s) is the digital signature for m Verification Verify that 1 r p 1; if not reject the signature Compute v1 = y r r s mod p Compute h(m) and v2 = g h(m) mod p Accept the signature only if v1 = v2 A.A Digital signatures 27 ElGamal consistency! If the digital signature (r, s) has been produced by Alice then s = (h(m) xr)k 1 mod (p 1).! Multiplying both sides by k gives ks = (h(m) xr) mod (p 1). Rearranging yields h(m)=ks+xr mod (p 1).! This implies that g h(m) = g xr+ks = (g x ) r r s mod p! Thus v 1 = v 2 as required. A.A Digital signatures 28
15 ElGamal security In order to forge a signature, an adversary can select k at random, compute r = gk mod p. Than he has to compute s = (h(m) xr)k 1 mod (p 1). If the DLP is computationally infeasible, the adversary can do no better than to choose an s at random; the success probability is 1/p which is negligible for large p. A different k must be selected for different messages otherwise the secret key x can be revealed If no hash function h is used, an adversary can easily mount an existential forgery attack. If the check on r is not done, an adversary can sign messages of its choice provided it has one valid signature produced by Alice A.A Digital signatures 29 Digital Signatures HASH FUNCTIONS A.A Digital signatures 30
16 Properties Hash functions properties Preimage resistance Second preimage resistance Collision resistance These properties are crucial for digital signatures security A.A Digital signatures 31 Preimage resistance Digital signature scheme based on (schoolbook) RSA (n, d) is a Alice s private key; (n, e) is a Alice s public key s = (h(m)) d (mod n) If h is not preimage resistant " existential forgery Adversary selects z < n, computes y = z e (mod n) and finds m' such that h(m') = y The the adversary claims that z is the digital signature of m' A.A Digital signatures 32
17 2nd preimage resistance Digital signature with appendix Let s = S(h(m)) be the digital signature for m A trusted third party chooses a message x that Alice signs producing s = S(d A, h(m)) If h is not 2ndpreimage resistant, an adversary (e.g. Alice herself) can claim that Alice has signed m instead of m Adversary determines a 2ndpreimage m' of m Adversary claims that Alice has signed m' instead of m A.A Digital signatures 33 Collision resistance Digital signature with appendix s = S(h(m)) is the digital signature for m If h() is not collision resistant, Alice (an untrusted party) can choose m and m' so that h(m) = h(m') compute s = S(d A, h(m)) issue <m, s> to Bob later claim that she actually issued <m', s> A.A Digital signatures 34
18 Digital signatures NONREPUDIATION VS AUTHENTICATION A.A Digital signatures 35 Nonrepudiation vs authentication DEFINITION. Nonrepudiation prevents a signer from signing a document and subsequently being able to successfully deny having done so. Nonrepudiation vs authentication of origin Authentication (based on symmetric cyptography) allows a party to convince itself or a mutually trusted party of the integrity/authenticity of a given message at a given time t0 Nonrepudiation (based on publickey cyptography) allows a party to convince others at any time t1 t0 of the integrity/authenticity of a given message at time t0 A.A Digital signatures 36
19 Dig sig vs nonrepudiation Alice s digital signature for a given message depends on the message and a secret known to Alice only (the private key) Bob verifies the digital signature by means of another, different value: the public key A.A Digital signatures 37 Dig sig vs nonrepudiation Data origin authentication as provided by a digital signature is valid only while the secrecy of the signer s private key is maintained A threat that must be addressed is a signer who intentionally discloses his private key, and thereafter claims that a previously valid signature was forged This threat may be addressed by preventing direct access to the key use of a trusted timestamp agent use of a trusted notary agent A.A Digital signatures 38
20 Bob Trusted timestamping service s = S B (m) Trent <m, s> s S T (s t 0 ) Alice! Trent certifies that digital signature s exists at time t 0! If Bob s privkey is compromised at t 1 > t 0, then s is valid A.A Digital signatures 39 Trusted Notary Service TNS generalize the TTS Trent certifies that a certain statement σ on the digital signatire s is true at t 0 s exists at t 0 s is valid at t 0 Trent is trusted to verify the statement before issuing it A.A Digital signatures 40
Digital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem
Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the reallife example where a person pays by credit card and signs a bill; the seller verifies
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationIntroduction to Cryptography CS 355
Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita Rotaru
More informationDigital Signature. Raj Jain. Washington University in St. Louis
Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse57111/
More informationCRC Press has granted the following specific permissions for the electronic version of this book:
This is a Chapter from the Handbook of Applied Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone, CRC Press, 1996. For further information, see www.cacr.math.uwaterloo.ca/hac CRC Press has
More informationDigital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?
Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)
More informationCrittografia e sicurezza delle reti. Digital signatures DSA
Crittografia e sicurezza delle reti Digital signatures DSA Signatures vs. MACs Suppose parties A and B share the secret key K. Then M, MAC K (M) convinces A that indeed M originated with B. But in case
More informationSignature Schemes. CSG 252 Fall 2006. Riccardo Pucella
Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by
More informationDigital Signature CHAPTER 13. Review Questions. (Solution to OddNumbered Problems)
CHAPTER 13 Digital Signature (Solution to OddNumbered Problems) Review Questions 1. We mentioned four areas in which there is a differences between a conventional and a digital signature: inclusion, verification,
More informationOutline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg
Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian
More informationAuthentication requirement Authentication function MAC Hash function Security of
UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy
More informationDigital Signatures. Prof. Zeph Grunschlag
Digital Signatures Prof. Zeph Grunschlag (Public Key) Digital Signatures PROBLEM: Alice would like to prove to Bob, Carla, David,... that has really sent them a claimed message. E GOAL: Alice signs each
More informationCommunications security
University of Roma Sapienza DIET Communications security Lecturer: Andrea Baiocchi DIET  University of Roma La Sapienza Email: andrea.baiocchi@uniroma1.it URL: http://net.infocom.uniroma1.it/corsi/index.htm
More informationCryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs
Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a
More informationPrinciples of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms
Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport
More informationCryptography and Network Security Digital Signature
Cryptography and Network Security Digital Signature XiangYang Li Message Authentication Digital Signature Authentication Authentication requirements Authentication functions Mechanisms MAC: message authentication
More informationCryptographic Hash Functions Message Authentication Digital Signatures
Cryptographic Hash Functions Message Authentication Digital Signatures Abstract We will discuss Cryptographic hash functions Message authentication codes HMAC and CBCMAC Digital signatures 2 Encryption/Decryption
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; DH key exchange; Hash functions; Application of hash
More informationPart VII. Digital signatures
Part VII Digital signatures CHAPTER 7: Digital signatures Digital signatures are one of the most important inventions/applications of modern cryptography. The problem is how can a user sign a message such
More informationComputer Science 308547A Cryptography and Data Security. Claude Crépeau
Computer Science 308547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308647A)
More informationDigital Signatures. What are Signature Schemes?
Digital Signatures Debdeep Mukhopadhyay IIT Kharagpur What are Signature Schemes? Provides message integrity in the public key setting Counterparts of the message authentication schemes in the public
More information8th ACM Conference on Computer and Communications Security 2001 58 November 2001 Philadelphia  Pennsylvania  USA
8th ACM Conference on Computer and Communications Security 2001 58 November 2001 Philadelphia  Pennsylvania  USA Twin Signatures: an Alternative to the HashandSign Paradigm David Naccache (Gemplus,
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More informationDIGITAL SIGNATURES 1/1
DIGITAL SIGNATURES 1/1 Signing by hand COSMO ALICE ALICE Pay Bob $100 Cosmo Alice Alice Bank =? no Don t yes pay Bob 2/1 Signing electronically Bank Internet SIGFILE } {{ } 101 1 ALICE Pay Bob $100 scan
More information1 Signatures vs. MACs
CS 120/ E177: Introduction to Cryptography Salil Vadhan and Alon Rosen Nov. 22, 2006 Lecture Notes 17: Digital Signatures Recommended Reading. KatzLindell 10 1 Signatures vs. MACs Digital signatures
More informationCryptography Lecture 8. Digital signatures, hash functions
Cryptography Lecture 8 Digital signatures, hash functions A Message Authentication Code is what you get from symmetric cryptography A MAC is used to prevent Eve from creating a new message and inserting
More informationData integrity and data origin authentication
Network Security Elements of Applied Cryptography Hash functions and data integrity Manipulation Detection Code (MDC) Message Authentication Code (MAC) Data integrity and origin authentication Data integrity
More informationPublic Key Cryptography and RSA. Review: Number Theory Basics
Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and
More information2. Cryptography 2.4 Digital Signatures
DIFCTUNL Computer and Network Systems Security Segurança de Sistemas e Redes de Computadores 20102011 2. Cryptography 2.4 Digital Signatures 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures
More informationElements of Applied Cryptography Public key encryption
Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let
More informationCSC474/574  Information Systems Security: Homework1 Solutions Sketch
CSC474/574  Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a oneround Feistel cipher
More informationIntroduction to Computer Security
Introduction to Computer Security Hash Functions and Digital Signatures Pavel Laskov Wilhelm Schickard Institute for Computer Science Integrity objective in a wide sense Reliability Transmission errors
More informationOverview of PublicKey Cryptography
CS 361S Overview of PublicKey Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.16 slide 2 PublicKey Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationMTAT.07.003 Cryptology II. Digital Signatures. Sven Laur University of Tartu
MTAT.07.003 Cryptology II Digital Signatures Sven Laur University of Tartu Formal Syntax Digital signature scheme pk (sk, pk) Gen (m, s) (m,s) m M 0 s Sign sk (m) Ver pk (m, s)? = 1 To establish electronic
More informationCryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.
Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 20 PublicKey Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown PublicKey Cryptography
More informationHash Function Firewalls in Signature Schemes
Outline Hash function flexibility and firewalls Breaking firewalls in signature schemes Hash Function Firewalls in Signature Schemes Conclusions Burt Kaliski, RSA Laboratories IEEE P1363 Working Group
More informationACTA UNIVERSITATIS APULENSIS No 13/2007 MATHEMATICAL FOUNDATION OF DIGITAL SIGNATURES. Daniela Bojan and Sidonia Vultur
ACTA UNIVERSITATIS APULENSIS No 13/2007 MATHEMATICAL FOUNDATION OF DIGITAL SIGNATURES Daniela Bojan and Sidonia Vultur Abstract.The new services available on the Internet have born the necessity of a permanent
More informationLecture 15  Digital Signatures
Lecture 15  Digital Signatures Boaz Barak March 29, 2010 Reading KL Book Chapter 12. Review Trapdoor permutations  easy to compute, hard to invert, easy to invert with trapdoor. RSA and Rabin signatures.
More informationImprovement of digital signature with message recovery using selfcertified public keys and its variants
Applied Mathematics and Computation 159 (2004) 391 399 www.elsevier.com/locate/amc Improvement of digital signature with message recovery using selfcertified public keys and its variants Zuhua Shao Department
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of
More information1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.
1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks
More informationDigital Signatures. Meka N.L.Sneha. Indiana State University. nmeka@sycamores.indstate.edu. October 2015
Digital Signatures Meka N.L.Sneha Indiana State University nmeka@sycamores.indstate.edu October 2015 1 Introduction Digital Signatures are the most trusted way to get documents signed online. A digital
More informationTextbook: Introduction to Cryptography 2nd ed. By J.A. Buchmann Chap 12 Digital Signatures
Textbook: Introduction to Cryptography 2nd ed. By J.A. Buchmann Chap 12 Digital Signatures Department of Computer Science and Information Engineering, Chaoyang University of Technology 朝 陽 科 技 大 學 資 工
More information1 Domain Extension for MACs
CS 127/CSCI E127: Introduction to Cryptography Prof. Salil Vadhan Fall 2013 Reading. Lecture Notes 17: MAC Domain Extension & Digital Signatures KatzLindell Ÿ4.34.4 (2nd ed) and Ÿ12.012.3 (1st ed).
More informationwww.studymafia.org Seminar report Digital Signature Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science
A Seminar report on Digital Signature Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science SUBMITTED TO: www.studymafia.org SUBMITTED BY: www.studymafia.org Preface
More informationCapture Resilient ElGamal Signature Protocols
Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department
More informationDigital signatures are one of the most important inventions/applications of modern cryptography.
CHAPTER 7: DIGITAL SIGNATURES Digital signatures are one of the most important inventions/applications of modern cryptography. Part VII Digital signatures The problem is how can a user sign (electronically)
More informationCryptography. Jonathan Katz, University of Maryland, College Park, MD 20742.
Cryptography Jonathan Katz, University of Maryland, College Park, MD 20742. 1 Introduction Cryptography is a vast subject, addressing problems as diverse as ecash, remote authentication, faulttolerant
More informationSoftware Implementation of GongHarn Publickey Cryptosystem and Analysis
Software Implementation of GongHarn Publickey Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master
More informationImplementation and Comparison of Various Digital Signature Algorithms. Nazia Sarang Boise State University
Implementation and Comparison of Various Digital Signature Algorithms Nazia Sarang Boise State University What is a Digital Signature? A digital signature is used as a tool to authenticate the information
More informationRandomized Hashing for Digital Signatures
NIST Special Publication 800106 Randomized Hashing for Digital Signatures Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February 2009 U.S. Department
More informationCS549: Cryptography and Network Security
CS549: Cryptography and Network Security by XiangYang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared
More informationThe application of prime numbers to RSA encryption
The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered
More informationPractice Questions. CS161 Computer Security, Fall 2008
Practice Questions CS161 Computer Security, Fall 2008 Name Email address Score % / 100 % Please do not forget to fill up your name, email in the box in the midterm exam you can skip this here. These practice
More informationA New Generic Digital Signature Algorithm
Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA DiffieHellman Key Exchange Public key and
More informationImproved Online/Offline Signature Schemes
Improved Online/Offline Signature Schemes Adi Shamir and Yael Tauman Applied Math. Dept. The Weizmann Institute of Science Rehovot 76100, Israel {shamir,tauman}@wisdom.weizmann.ac.il Abstract. The notion
More informationNetwork Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 035742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室
Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 035742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination
More informationFast Batch Verification for Modular Exponentiation and Digital Signatures
An extended abstract of this paper appears in Advances in Cryptology Eurocrypt 98 Proceedings, Lecture Notes in Computer Science Vol. 1403, K. Nyberg ed., SpringerVerlag, 1998. This is the full version.
More informationAuthentication, digital signatures, PRNG
Multimedia Security Authentication, digital signatures, PRNG Mauro Barni University of Siena Beyond confidentiality Up to now, we have been concerned with protecting message content (i.e. confidentiality)
More informationPublic Key (asymmetric) Cryptography
PublicKey Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,
More informationTwin Signatures: an Alternative to the HashandSign Paradigm
Proceedings of the 8th ACM Conference on Computer and Communications Security. Pages 20 27. (november 5 8, 2001, Philadelphia, Pennsylvania, USA) Twin Signatures: an Alternative to the HashandSign Paradigm
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIENCHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationSome Identity Based Strong BiDesignated Verifier Signature Schemes
Some Identity Based Strong BiDesignated Verifier Signature Schemes Sunder Lal and Vandani Verma Department of Mathematics, Dr. B.R.A. (Agra), University, Agra282002 (UP), India. Email sunder_lal2@rediffmail.com,
More informationAuthentication Protocols Using HooverKausik s Software Token *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 22, 691699 (2006) Short Paper Authentication Protocols Using HooverKausik s Software Token * WEICHI KU AND HUILUNG LEE + Department of Computer Science
More informationMessage authentication and. digital signatures
Message authentication and " Message authentication digital signatures verify that the message is from the right sender, and not modified (incl message sequence) " Digital signatures in addition, non!repudiation
More informationSecureMessageRecoveryandBatchVerificationusingDigitalSignature
Global Journal of Computer Science and Technology: F Graphics & Vision Volume 14 Issue 4 Version 1.0 Year 2014 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationSecurity Arguments for Digital Signatures and Blind Signatures
Journal of Cryptology, Volume 13, Number 3. Pages 361 396, SpringerVerlag, 2000. 2000 International Association for Cryptologic Research Security Arguments for Digital Signatures and Blind Signatures
More informationTable of Contents. Bibliografische Informationen http://dnb.info/996514864. digitalisiert durch
1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...
More informationRecommendation for Applications Using Approved Hash Algorithms
NIST Special Publication 800107 Recommendation for Applications Using Approved Hash Algorithms Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February
More informationA Factoring and Discrete Logarithm based Cryptosystem
Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511517 HIKARI Ltd, www.mhikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques
More informationHash Functions. Integrity checks
Hash Functions EJ Jung slide 1 Integrity checks Integrity vs. Confidentiality! Integrity: attacker cannot tamper with message! Encryption may not guarantee integrity! Intuition: attacker may able to modify
More informationPublic Key Cryptography in Practice. c Eli Biham  May 3, 2005 372 Public Key Cryptography in Practice (13)
Public Key Cryptography in Practice c Eli Biham  May 3, 2005 372 Public Key Cryptography in Practice (13) How Cryptography is Used in Applications The main drawback of public key cryptography is the inherent
More informationNetwork Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015
Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015 Chapter 2: Introduction to Cryptography What is cryptography? It is a process/art of mangling information in such a way so as to make it
More informationUniversal Padding Schemes for RSA
Universal Padding Schemes for RSA JeanSébastien Coron, Marc Joye, David Naccache, and Pascal Paillier Gemplus Card International, France {jeansebastien.coron, marc.joye, david.naccache, pascal.paillier}@gemplus.com
More informationA New Efficient Digital Signature Scheme Algorithm based on Block cipher
IOSR Journal of Computer Engineering (IOSRJCE) ISSN: 22780661, ISBN: 22788727Volume 7, Issue 1 (Nov.  Dec. 2012), PP 4752 A New Efficient Digital Signature Scheme Algorithm based on Block cipher 1
More informationIndex Calculation Attacks on RSA Signature and Encryption
Index Calculation Attacks on RSA Signature and Encryption JeanSébastien Coron 1, Yvo Desmedt 2, David Naccache 1, Andrew Odlyzko 3, and Julien P. Stern 4 1 Gemplus Card International {jeansebastien.coron,david.naccache}@gemplus.com
More informationNotes on Network Security Prof. Hemant K. Soni
Chapter 9 Public Key Cryptography and RSA PrivateKey Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications
More information1 Message Authentication
Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationLecture 3: OneWay Encryption, RSA Example
ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: OneWay Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require
More informationMessage Authentication
Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator nonrepudiation of origin (dispute resolution) will consider the
More informationFinal Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket
IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationA Proposal for Authenticated Key Recovery System 1
A Proposal for Authenticated Key Recovery System 1 Tsuyoshi Nishioka a, Kanta Matsuura a, Yuliang Zheng b,c, and Hideki Imai b a Information & Communication Business Div. ADVANCE Co., Ltd. 57 Nihombashi
More informationPublic Key Cryptography. c Eli Biham  March 30, 2011 258 Public Key Cryptography
Public Key Cryptography c Eli Biham  March 30, 2011 258 Public Key Cryptography Key Exchange All the ciphers mentioned previously require keys known apriori to all the users, before they can encrypt
More informationPublic Key Cryptography Overview
Ch.20 PublicKey Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 16301830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic
More informationClient Server Registration Protocol
Client Server Registration Protocol The ClientServer protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More information9 Digital Signatures: Definition and First Constructions. Hashing.
Leo Reyzin. Notes for BU CAS CS 538. 1 9 Digital Signatures: Definition and First Constructions. Hashing. 9.1 Definition First note that encryption provides no guarantee that a message is authentic. For
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 81
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 81 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationARCHIVED PUBLICATION
ARCHIVED PUBLICATION The attached publication, FIPS Publication 1863 (dated June 2009), was superseded on July 19, 2013 and is provided here only for historical purposes. For the most current revision
More informationAnalysis of Software Realized DSA Algorithm for Digital Signature
ELECTRONICS, VOL. 15, NO. 2, DECEMBER 2011 73 Analysis of Software Realized DSA Algorithm for Digital Signature Bojan R. Pajčin and Predrag N. Ivaniš Abstract In this paper the realization of one algorithm
More informationCryptography and Network Security Chapter 9
Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,
More informationSchnorr Signcryption. Combining public key encryption with Schnorr digital signature. Laura Savu, University of Bucharest, Romania
Schnorr Signcryption Combining public key encryption with Schnorr digital signature Laura Savu, University of Bucharest, Romania IT Security for the Next Generation European Cup, Prague 1719 February,
More informationDiscrete logarithms within computer and network security Prof Bill Buchanan, Edinburgh Napier
Discrete logarithms within computer and network security Prof Bill Buchanan, Edinburgh Napier http://asecuritysite.com @billatnapier Introduction. Encryption: Public/Private Key. Key Exchange. Authentication.
More information