Digital Signatures. Meka N.L.Sneha. Indiana State University. October 2015

Transcription

1 Digital Signatures Meka N.L.Sneha Indiana State University October Introduction Digital Signatures are the most trusted way to get documents signed online. A digital signature is signing an electronic document which ensures the authenticity, non-repudiation and data integrity of signed electronic documents. A Digital Signature is like a handwritten signature which is impossible to forge and is sent as a part of an electronic document. Organizations are able to shorten processing times with cutting costs and improving collaboration and efficiency after using Digital Signatures. An electronic document which is to be signed is issued to the signer. To create digital signature this message is crunch down into few lines by a process called hashing. Then the hash is encrypted using signers private key. The encrypted hash along with the message is the digital signature. This hashed data enables others to validate the integrity of the data by decrypting the hashed data using signers public key. 2 History Long before digital signatures, paper signature were used to sign important contracts and documents. As people began doing business across the world, it became necessary to find other ways to sign the agreement. Whitfield Diffie and Martin Hellman first described the idea of Digital Signature scheme but they only conjectured that such schemes only existed. It was published in Soon after Ronald Rivest, Adi Shamir and Len Adleman invented the RSA algorithm. This could be used to create primitive Digital Signatures. The first widely software package to offer digital signature was Lotus 1.0. It was released in 1989 and uses RSA algorithm. In many countries including United States have the same legal significance as the handwritten signed documents. A number of states had already published 1

2 their own electronic signatures regulations by the time E-Sign Act was passed. Soon after Utah passed its digital signature act in 1995, California and other handful of states created similar guidelines. The American Bar Association has set up its own set of digital signatures guidelines in These guidelines were for attorneys and other legal professionals determine the integrity and authenticity of digital signatures. Model Law on Electronic Commerce (MLEC) was developed in 1996 with the purpose of encouraging e-commerce by providing a series of internationally acceptable rules. In 2000, E-Sign Act wass passed. The guidelines in the E-Sign Act became the most recognized guidelines in the world. The creation of the digital signatures let businesses send signed contracts across the globe in seconds. 3 Description A digital signature is equivalent to a written signature but is more secured than a written signature and cannot be forged. A digital signature algorithm consists of a digital signature generation process and a digital signature verification process. A signatory uses generation process to generate digital signature and verifier uses verification process to verify the authenticity. A signatory has a public key and private key. The claimed signatory is the only entity to have authorization to use the private key. Private key is used to generate digital signatures and public key is used in signature verification process. CAs shall have assurance of the public key. 3.1 Digital Signature Generation A digital signature key pair is generated by itself or by obtaining the key pair from a trusted party as specified for the digital signature algorithm. The intended signatory shall obtain assurance of validity of public key and assurance that the entity possesses the private key after obtaining the key pair. To generate a digital signature, the information to be signed is crunch down into message digest using an appropriate approved hashing algorithm. Based on digital signature algorithm, this message digest, private key and any other information required by the signature generation process, a digital signature shall be generated. The digital signature is appended with the message and is sent to the recipient. The following section describes the hashing algorithms used to generate message digest Hashing Algorithm Hashing algorithms are used to generate message digests. These message digests can be used to detect whether the messages have been altered since the digests were generated. The secured hashing algorithms are SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256. All of these algorithms are iterative, one-way hash functions that generate a message digest. The hash 2

3 algorithms are secure because, it is infeasible to obtain the original message that corresponds to a message digest and every message produces a different message digest. Each algorithm consists of two stages, that is, preprocessing and hash computation. Hash computation produces a message schedule from padded message and uses that schedule to determine series of hash values. The final hash value is used to generate message digest. Pre-processing Preprocessing involves three steps: padding the message, parsing the padded message and setting the initial hash value. Padding the Message The purpose of padding is to make sure that the padded message is a multiple of 512 or 1024 bits depending on the hashing algorithm. Consider that the length of the message M is l bits. The message is padded with a one bit followed by k zero bits and then the message length. Appending 0 s to the end should be done until the length of the message is either congruent to 448 mod 512 or 896 mod The padded message should be a multiple of 512 or 1024 bits. For SHA-1, SHA-224 and SHA-256, the length of the padded message should be a multiple of 512 bits. For SHA-384, SHA-512, SHA-512/224 and SHA- 512/256, the length of the padded message should be a multiple of 1024 bits. Parsing the Message The message and the padded message are parsed into N m-blocks. For SHA- 1, SHA-224 and SHA-256, the message and its padding are parsed into N 512-bit blocks, M (1), M (2),..., M (N). The 512-bits of the block can be expressed as sixteen 32-bit words. These bits of message block i are denoted as M (i) 0, M (i) 1 and so on up to M (i) 15. For SHA-384, SHA-512, SHA-512/224 and SHA-512/256, the message and its padding are parsed into N 1024-bit blocks, M (1), M (2),..., M (N) bits of the block can be expressed as sixteen 64-bit words. These 64 bits of message block i are denoted as M (i) 0, M (i) 1 and so on up to M (i) 15. Setting the Initial Value For each of the hash algorithms, before hash computation begins the initial value H (0) must be set. The size and number of words in H (0) depends on the message digest size. Hash Computation For each hashing algorithm, hash computation uses different functions and constants are defined. Each message block is processed in order. Firstly, the message schedule is prepared, that is, each message block is put through a little function that creates 80 words. Then we initialize the working variables a, b, c,... h. Working variables are the w-bit words which are used in the computation of hash value H (i). Then the i th intermediate hash value is computed. These 3

4 steps are repeated through a total of N times to generate message digest of the message M Digital Signature Algorithm A message digest is generated using hashing function. Digital signature algorithm is used to encrypt the message digest with the signatory private key. The result is the digital signature which is then appended to the message. The hashed data represents that the document has been signed. The approved techniques used for digital signature generation, and for the verification and validation of those signatures are Digital Signature Algorithm (DSA), RSA digital signature algorithm and Elliptic Curve Digital Signature Algorithm (ECDSA). Digital Signature Algorithm (DSA) A DSA digital signature is generated using a set of domain parameters, a private key, a per-message secret number k, data to be signed and a hash function. Each signatory has a private key and a public key. The private key is used for a fixed period of time and public key is used as long as the digital signature is verified. The domain parameters may be public. A user with the domain parameters has the assurance of validity before using them. The domain parameters are p (prime modulus), q (prime divisor of (p-1)), g (generator of the subgroup of order q mod p), x(private key), y(public key), k (secret number unique to each message).these domain parameters are either generated by the Trusted Third Party (TTP) or by itself. DSA requires private key to generate digital signature with respect to a particular set of domain parameters. DSA per-message secret random number is generated prior to the digital signature generation. An approved hash function is used for the generation of digital signatures. DSA Signature Generation The bit length of q is denoted by N and the minimum of the positive integers N is denoted by min (N, outlen), where outlen is the bit length of the message digest. The digital signature consists of pair of numbers r and s that is computed using following equations: r = (g k mod p) mod q. z = the leftmost min(n, outlen) bits of Hash(M). s = (k 1 (z + xr)) mod q. When computing s, string z is obtained from Hash (M) which is converted to an integer. Parameter r can be computed whenever k, p, q and g are available. The signature is sent to the receiver along with the message. RSA Digital Signature Algorithm RSA digital signature key pair consists of RSA private key which is used to compute the digital signature and can be used only for one digital signature scheme. RSA private key consists of modulus n, which is the product of two 4

5 positive prime integers p and q and a private key exponent d and public key exponent e. The two integers p and q and the private key exponent d are kept secret. The RSA private key is the pair of values (n, d) and is used to generate digital signatures. Elliptic Curve Digital Signature Algorithm (ECDSA) ECDSA is the elliptic curve analog of DSA. ECDSA keys are not used for any purpose. An ECDSA key pair consists of a private key d and public key Q. The private key is used for a period of time and the public key is used as long as the digital signature is generated. A digital signature key pair d and Q is generated for domain parameters. ECDSA requires that private key used for generating digital signature be generated with respect to a particular set of domain parameters. These domain parameters may be public. An approved hash function is used during the generation of ECDSA parameters. A new secret number k is generated before generation of each digital signature. ECDSA Digital Signature Generation An ECDSA digital signature is generated using domain parameters, a private key, a per-message secret number, an approved hash function and an approved random number generator. 3.2 Digital Signature Verification The verification process is used to verify the authenticity of the signature. The public key is used in the verification process and the public key need not be kept secret. Both the message and digital signature are made available for verification. By an approved hash function, message is converted to a fixedlength representation, that is, message digest. The digital signature is decrypted into message digest using signatory public key. If the message digest is same as the message digest created when the signature is decrypted, it means that the digital signature is not altered. Digital signature validation needs to verify the digital signature and also need to obtain the appropriate assurances. These assurances are obtain the assurance of the claimed signatory s identity, assurance of domain parameter validity, assurance of the validity of the owner s public key and assurance that the owner possesses the private key Hashing Algorithm Approved hash functions are described in the section Digital Signature Algorithm In signature verification process, digital signature algorithm is used for the decryption of message digest with the signatory public key. This message digest is generated using approved hash functions. The techniques used for verification and validation of the digital signatures are Digital Signature Algorithm (DSA), 5

6 RSA digital signature algorithm and Elliptic Curve Digital Signature Algorithm (ECDSA). DSA Signature Verification and Validation Prior to verifying the signature, the domain parameters, the signatory s public key and identity are made available to the verifier. The public key is obtained from a trusted entity such as Certificate Authority (CA). The signature verification can be verified by the signatory, the intended recipient or any other party using the signatory s public key. A signatory verifies the signed message before sending the digital signature to the intended recipient. The recipient or any other party verifies the signature to determine the authenticity. RSA Digital Signature Verification RSA digital signature key pair consists of private key used to compute the digital signature and public key used to verify a digital signature. The public key consists of a modulus n which is the product of two prime integer s p and q and public key exponent e. The RSA public key is the pair of values (n, e) and is used to verify the signed data. The modulus n and public key exponent e may be made known to anyone. When the public key exponent e is odd, the digital signature algorithm is commonly known as RSA and when the public signature verification exponent e is even, the algorithm is commonly known as Rabin-Williams. ECDSA Digital Signature Verification An ECDSA digital signature is verified using the same domain parameters and hash function that is used while generation of digital signature. 4 Conclusion The digital signature technology is vastly utilized in modern life and innovation. The security of the digital signatures depends on the security of the keys that are used to create and verify them. The digital signature algorithms are used in different purposes such as websites, mobile phones, software certification, business bargains etc. The trustworthiness of a certification authority can be obtained by higher certification authorities. Once non-repudiation has been accomplished, then only the electronic business has been expected to successfully taken up. 6

7 References [1] FIPS PUB 180-4, Secure Hash Standard (SHS). [2] FIPS PUB 186-3, Digital Signature Standard (DSS). [3] [4] [5] NIST SP , Randomized Hashing for Digital Signatures. 7