Design of RSA Digital Signature Scheme Using A Novel Cryptographic Hash Algorithm

Transcription

1 Design of RSA Digital Signature Scheme Using A Novel Cryptographic Hash Algorithm Venkateswara Rao Pallipamu 1, Thammi Reddy K 2, Suresh Varma P 3 1,3 Department of Computer Science, Adikavi Nannaya University, Rajahmundry , Andhra Pradesh, India, 2 Department of Computer Science and Engineering, GITAM University, Visakhapatnam , Andhra Pradesh, India Abstract Internet became a part of human life and these days online communication gained more popularity than traditional communication. Eventually paper based documents are replaced by electronic documents. Digital Signature is a security mechanism used to check the authenticity and integrity of an electronic document. It is also used to achieve non-repudiation service, which provides proof for sent or received messages. In this paper we propose a new digital signature scheme using a novel message digest algorithm, Algorithm for Secure Hashing-160 (ASH-160). This proposed scheme has been implemented in java and the results are analyzed and compared with RSA digital signature scheme using SHA1 and RIPEMD160. analysis of experimental results reveals an increase in security strength and slight improvement in the efficiency of RSA with ASH160 than the compared schemes. Keywords Cryptography, Authentication, Integrity and Non-repudiation, Message digest, Digital signature. I. INTRODUCTION Digital signature plays an important role in online communication. In these days most of the electronic documents are identified by the digital signature only. Digital signature is a branch of cryptography [2, 15, 16]. Cryptography is defined as secret writing. Cryptography mainly consists of symmetric key algorithms, asymmetric key algorithms and message digest algorithms. asymmetric key and symmetric key differs from each other by number of keys. Single key is used in the symmetric key algorithm and two keys (public and private) are used in the asymmetric key algorithm [4]. Message digest algorithm is used to generate message digest of a given input message. Message digest is also called hash code or finger print of the input message [3]. Digital signature scheme is designed using two algorithms, one is asymmetric key or public key cryptographic algorithm and the other is message digest algorithm [7-10]. Symmetric key and asymmetric key cryptographic algorithms cannot provide any authentication mechanisms but they provide security to the information that may be either transmitted data or stored data. Broadly authentication mechanisms are categorized into two, data authentication and entity authentication. data authentication can be achieved by digital signature schemes. Digital signatures [5, 6,18] are used in most of the security applications and protocols and they also play an important role in every online communication which may be either personal or organizational communication. II. OVERVIEW OF DIGITAL SIGNATURES A. Rivest-Shamir-Adleman (RSA)digital signature scheme RSA signature scheme is a deterministic digital signature scheme which facilitates message verification and recy. For the RSA public-key encryption scheme the message space M and the cipher text space C are Zn= {0,1,2,...,n-1}. Key generation In RSA public key cryptosystems each user a) Generates two large distinct random primes p and q, b) Computes n = pq and Ф = (p-1)(q-1) c) Selects a random integer e,1 < e < Ф, such that gcd(e,ф) = 1 d) Computes the unique integer d,1 < d < Ф, such that ed 1 mod Ф Now the public key of Alice (sender) is (n,e) and the private key is d. To sign a message m Є M, Alice a) Identifies m with a number ~ m in Zn through a map R : M Zn. b) Computes the signature s = ~ m d mod n. To verify the signature of Alice, Bob (receiver) a) Chooses the public key (e,n) of Alice. b) Computes ~ m = s e mod n. 609

2 c) Verifies that ~ m Є M where M denotes the set of images of R. If it does not hold, the signature is rejected else recs the message as m = R - 1 (~ m). B. Digital Signature Scheme (DSS) DSS makes use of the following parameters: a) p = a prime modulus, where 2L-1 < p < 2L for 512 and L for 1024 wherein L is multiple of 64 b) q = a prime divisor of p - 1, where 2159 < q < 2160 c) g = h(p-1)/q mod p, where h is any integer with 1< h< p-1 such that h(p-1)/q mod p>1 (g has order q mod p) d) x = a randomly or pseudo randomly generated integer with 0 < x < q e) y = gx mod p f) k = a randomly or pseudo randomly generated integer with 0 < k < q p, q, and g integers can be public or limited to a group of users. Private and public keys of a user are x and y respectively. y are normally fixed for a period of time. Parameters x and k are only used for signature generation and must be kept secret. Parameter k must be regenerated for each signature. Parameters p and q shall be generated by common methods or by using FIPS approved security methods. Parameters x and k shall be generated by the processes similar to that of p and q. signature of a message M is the pair of numbers r and s computed according to the equations below: r = (gk mod p) mod q and s = (k -1 (SHA-1(M) + xr)) mod q In the above, k -1 is the multiplicative inverse of k, mod q; i.e., (k -1 k) mod q = 1 and 0 < k -1 < q. value of SHA- 1(M) is a 160-bit string output by the Secure Hash Algorithm specified in FIPS For computing s, this string must be converted to an integer. As an option, one may wish to check if r = 0 or s = 0. If either r = 0 or s = 0, a new value of k should be generated and the signature should be recalculated. It is extremely unlikely condition that r = 0 or s = 0 when signatures are generated properly. signature is transmitted along with the message to the verifier. Prior to verifying the signature in a signed message, p, q and g along with the sender's public key and identity are made available to the verifier in an authenticated manner. Let M, r, and s be the received versions of M, r and s respectively, and let y be the public key of the signatory. To verify the signature, the verifier first checks to see that 0 < r < q and 0 < s < q; if either condition is violated the signature shall be rejected. If these two conditions are satisfied, the verifier computes w = (s ) -1 mod q u1 = ((SHA-1(M ))w) mod q u2 = ((r )w) mod q v = (((g)u1 (y)u2) mod p) mod q If v = r, then the signature is verified and the verifier can have high confidence that the received message was sent by the party holding the secret key x corresponding to y. v = r when M = M, r = r, and s = s. If v does not equal to r, then the message might have been modified, incorrectly signed by the signatory, or signed by an impostor. message should be considered invalid. C. Elliptic Curve Digital Signature Algorithm (ECDSA) This section describes the procedures to generate and verify the signatures using ECDSA[17]. Generation To sign a message m, an entity A with domain parameters D=(q,FR,a,b,G,n,h) and associated key pair (d,q) does the following: a. Select a random or pseudorandom integer k,1<=k<=n- 1 b. Compute kg=(x 1,y 1 ) and convert x 1 to an integer x 1 1 c. Compute r= x 1 mod n. If r=0 then go to step 1 d. Compute k -1 mod n e. Compute SHA-1(m) and convert this bit string to an integer e f. Compute s= k -1 (e+dr) mod n. If s=0 then go to step 1 Signature of A for the message m is (r,s) To verify A s signature (r,s) on m, B obtains an authentic copy of A s domain parameters D=(q,FR, a,b,g,n,h) and associated public key Q. It is recommended that B also validates D and Q. n B does the following: a. Verify that r and s are integers in the interval [1, n-1] b. Compute SHA-1 (m) and convert this bit string to an integer e c. Compute w=s -1 mod n d. Compute u1=ew mod n and u2=rw mod n e. Compute x=u1g + u2q 610

3 f. If x=o, then reject the signature. Otherwise, convert the x-coordinate x 1 of X to an integer x 1 1 and compute v= x 1 mod n Accept the signature if and only if v=r D. ELGamal Signature Scheme ELGamal signature scheme is a digital signature scheme which requires a hash function h: {0,1} * Z p, where p is large prime. In this scheme, the system parameters p, a are large prime numbers Signature Generation In signature generation process first of all the message digest (MD) of a given input message (M) is found using ASH160 and encrypt (E) the message digest using public key cryptosystem with senders private key (K-PR), to obtain digital signature (DS) of input message. DS=E K-PR (MD=H(M)) g - a generator of Z * p h- a secure collision free one-way hash function xa- a random integer in (1,p-1), it works as secret key of Alice. ya- where, ya= g xa mod p, works as the public key of Alice. To sign a binary message m of arbitrary length, the user Alice selects a random integer k Є (1,p-1) such that gcd(k,p-1) = 1. Alice computes r = g k mod p and k -1 mod p- 1. He further computes s = k -1 [h(m) - x Ar ] mod p - 1. Alice's signature for the message m is (r,s,m). To verify the signature (r,s,m) Bob checks that: 1 < r < (p - 1) to accept a valid commitment r Computes v1= ya r r s mod p Computes h(m) and v2= g h(m) mod p signature is valid if and only v1= v2 Signature Fig 1. Digital process III. PROPOSED RSA DIGITAL SIGNATURE SCHEME USING ASH160 Algorithm for Secure Hashing-160 (ASH160) is a cryptographic hash algorithm, which was designed using co-ordinate geometry concepts. algorithm ASH160 takes a message as input and produces a 160-bit message digest as output [1, 11-14]. Generation of digital signature using RSA and ASH160 as described below: Key generation a) Select two large prime numbers p,q(p q). b) Calculate n= p x q c) Calculate ø(n) =(p-1)(q-1) d) Select e, gcd(ø(n), e)=1 and 1<e< ø(n) e) Calculate d e -1 mod ø(n) Private key(k-pr)={e,n} and Public key(k-pu) ={d,n} Fig 2. Digital Signature process In signature verification process the received digital signature (DS) is decrypted by public key cryptosystem using public key (K-PU) of sender to obtain the message digest (MD). MD=D K-PU (DS) Where, M=input message 611

4 DS=digital signature E=encryption H=ASH160 hash algorithm MD=message digest D=decryption =concatenation operation IV. RESULTS AND DISCUSSIONS Here we provide comparative results of RSA digital signature scheme using ASH160, SHA1 and RIPEMD160. RSA encryption and decryption process uses 1024-bit key. experiment results conclude that the encryption of RSA with ASH160 takes less time when compared to RSA with SHA1 and RIPEMD160. However a slight increase in decryption time with ASH160 may not be considered, since ASH160 is more secure than the SHA1 and RIPEMD160. TABLE I COMPARATIVE RESULTS OF RSA DIGITAL SIGNATURE SCHEME (1024 BITS KEY) USING ASH160, SHA1 AND RIPEMD160 Hash function ASH 160 SHA1 Input message Message digest bcd d e752dbf42 9b22415b7 9ee a4e4132a0 88a0aaa668 1caaa89def e13c95548 cc 4b32ac607 70fa13ea fef11o f724a642b9 a f6d047f68d 19c6e5eda6 Encry ption time (ms) Decry ption time (ms) RIPEMD 160 9b1dd3f f 408d f890ff7 a0c3528e8 bed1e0b a78ace432 d92b905e9 15e4fb6006 bde1dc5b1 be e17b bb9d15c 68a4685fe6 4cd5536e1 000 fc850169b1 f2ce72e3f8 aa0aeb5ca8 7d6f8519c6 d c 22fbccf046 0d24d6a68 370e21bfee d4 V. CONCLUSION This paper describes RSA digital signature scheme using ASH160, SHA1 and RIPEMD160. experimentation is done on three different data values, which differ by a bit alone.

5 On the basis of experimental results we can conclude that RSA digital signature scheme using ASH160 consumes less CPU time while encryption process but a little bit more time in decryption process. But in the security point of view the ASH160 is stronger than the SHA1 and RIPEMD160 algorithms. This work show a path to design new message digests for digital signatures and also strengthen the existing hash algorithms by introducing new mathematical functions which takes less CPU time and withstand against security attacks. REFERENCES [1] Venkateswara Rao Pallipamu, Thammi Reddy K and Suresh Varma P, ASH-160: A Novel Algorithm for Secure Hashing Using Geometric Concepts. Journal of Information Security and Applications, Elsevier, DOI: /j.jisa , in press. [2] Rivest,R.,A.Shamir and L. Aldeman, 1978.A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM, 21: [3] Diffie,W. and M.E. Hellman, New directions in cryptography. IEEE Trans. Information ory, IT-22: [4] Menezes, A., J. Van Oorshot and PCSA Vanstone, Handbook of Applied Cryptography. CRC Press. [5] J-S. Coron and D. Naccache, Security analysis of the Gennaro- Halevi-Rabin signature scheme, proc. Advances in Cryptology Eurocrypt 00,Lecture Notes in Computer Science vol.1807,pp ,2000. [6] D. Pointcheval and J.Stern, Security arguments for digital signatures and blind signatures, Journal of Cryptology, vol.13,no.3,pp ,2000. [7] D. Boneh, I. Mironov and V. Shoup,A Secure signatures scheme from bilinear map, Proc. Topics in Cryptology-CT-RSA 03,lecture notes in Computer Science, Vol.2612, pp ,2003. [8] J. Camenisch and A. Lysyanskaya, A Signature scheme with efficient protocols, Proc. 3 rd Conference on Security in Communication Networks-SCN 02, Lecture Notes in Computer Science vol.2576,pp ,2003. [9] C.H.Tan, Key substitution attacks on some provable secure signature schemes, IEICE Trans. On Fundamentals, vol.e87-a, no.1,pp , Jan [10] C.H.Tan, Key substitution attacks on provably secure signature schemes, IEICE Trans. On Fundamentals, vol.e88-a, no.2,pp , Feb [11] S. F. Tzeng, and M.S. Hwang, A new digital signature scheme based on factoring and discrete logarithms, International journal of computer mathematics,vol.81,no.1, pp.9-14,2004. [12] M. Ayoub Khan and Y.P.Singh, On the Security of Joint Signature and Hybrid Encryption, /05/$ IEEE. [13] Chuanhua Zhou, Baohua Zhao,Gemei Zhu and Wei Wei, Study of One-way Hash Function to Digital Signature Technology, /06/$ IEEE. [14] S.R.Subramanya and Byung K.YI., Digital Signatures, /06/$ IEEE. [15] Mikko T.Siponen and Harri Oinas-Kukkonen, Areview of Information Security Issues and Respective Research Contributions, DATA BASE for Advances in Information Systems.vol.38.Number 1, February [16] Hu Chaoju and Wang Xuning, Zero Watermark Protocol Based on Time-Stamp and Digital Signature, /09 $ IEEE. [17] Deng Jian-zhi, Cheng Xiao-hui and Gui Qiong, Design of Hyper Elliptic Curve Digital Signature, /09 $ IEEE. [18] Iuon-Chang Lin, Hsing-Leiwang, An Improved Digital Signature Scheme with Fault Tolerance in RSA, /10$ IEEE. 613