3 views

Uploaded by Nikita

Digital Signature presentation

- IMAGE ENCRYPTION TECHNIQUES USING FRACTAL FUNCTION: A REVIEW
- p1486-davtyan
- Digital Signature
- intro2e_ch10.ppt.pdf
- An Approach to Provide Safety over cloud using Efficient Encryption
- joli
- NETW4006-1
- paper
- Towards Secure Data Distribution Systems in Mobile Cloud Computing: A Survey
- Requirements Model.rtf
- Elliptic Curve Cryptography Theory
- wuetal
- Cloud Assisted Health Care PDF
- Digital Signature
- 159
- Sec Net
- Implementation of Des Algorithm
- 30 MW Tender_Document 1st March 2017
- Elliptical Curve
- r3-99b55.pdf

You are on page 1of 47

Cryptographic Goals

Cryptographic goals

**Confidentiality Data integrity Authentication Non-repudiation
**

Symmetric-key Arbitrary length Entity authentication Digital signatures

ciphers: hash functions Authentication

Block ciphers

Stream ciphers

primitives

Message

Public-key Authentication Message authentication

ciphers codes (MACs) MACs

**Digital signatures Digital
**

signatures 2

Non-repudiation

m is a signed message

s is a valid signature for m

m, s

Alice Bob

**Alice denies her signature if she finds:
**

m’ ≠ m : s is valid signature for m’

3

Message Authentication Codes

• MAC f (x, key):{ 0,1} * { 0,1} n

– knowing x and key f is easy to compute

– it is infeasible to calculate f ( x ,key)

without the key

**• MAC are often block cipher based
**

– message m, secret key k

– specification of block cipher E

• MAC (m) = E( m, key )

• MAC (m) = E(hash(m), key )

4

Use of a MAC • Used to provide – Data integrity – Message authentication Secret key message MAC Secret key algorith MAC m Unsecured channel Ok / not Ok message MAC verification algorithm Signer Verifier 5 .

Digital Signatures Scheme • Used to provide – Data integrity – Message authentication – Non-repudiation Signer’s private key message Signing Signer’s public key algorith m Unsecured channelSignature Ok / not Ok message signatur verification e algorithm Signer Verifier 6 .

Difference between MAC and digital signature • To prove the validity of a MAC to a third party. you can also create it • MAC does not allow a distinction to be made between the parties sharing the key • Computing a MAC is (usually) much faster than computing a digital signature – Important for devices with low computing power 7 . you need to reveal the key • If you can verify a MAC.

.

.

.

Framework Digital Signatures can provide • Authentication • Data Integrity • Non-Repudiation .

Framework • Definitions – Digital Signature .a data string which associates a message with some originating entity – Digital Signature Generation Algorithm – a method for producing a digital signature – Digital Signature Scheme .consists of a signature generation algorithm and an associated verification algorithm .

the image of h (h: M Mh) . Framework (cont) • Notation M message space MS signing space S signature space R a one-one mapping from M to MS called the redundancy function MR the image of R R-1 the inverse of R h a one-way function with domain M Mh hash value space.

Types of attacks • Key-only: adversary knows only the public key • Message attacks – Known-message attack: adversary has signatures for a set of messages which are known to the adversary but not chosen by him – Chosen-message attack: adversary obtains valid signatures from a chosen list of his choice (non adaptive) – Adaptive chosen-message attack: adversary can use the signer as an oracle .

RSA signature algorithm 15 .

e). such that gcd(e. such that ed 1 mod 5. Key-Generation 1. Private key is d 16 . Compute unique integer d: 1 d . ) 1 4. each roughly the same size 2. Generate two large random distinct primes p and q. Public key is (n. Select random integer e: 1 e . Compute n = pq and (n) ( p 1)(q 1) 3.

called the redundancy function • MR is the image of R: {y| y = R(x). called the signing space = Zn • R is a 1 to 1 mapping from M to MS. called the message space = Zn • MS is a set of elements. Notation • M is a set of elements. xЄ M} • R-1 is the inverse of R: MR M 17 .

n 1 ] m where R(m) is a redundancy function – Compute: sm ~ d mod n – A’s signature for m is s • To verify A’s signature and recover m. if not. RSA signature generation and verification • To sign a messagem M A should: – Compute: ~ R( m ). e) ~ s mod n m e – Compute: ~M m – Verify that R . B should: – Obtain A’s authentic public key (n. an integer in the range [ 0 . reject the signature 1 ~ – Recover m R (m) 18 .

then: ~ d mod n . ed 1( mod ( n )) . Proof that signature verification works • Euler’s theorem: a(n) 1modn. gcd(a. m sm ~ R( m ) • Since n pq . n) 1 .where ( n ) is the Euler’s function of n • If s is a signature for m. then: ~ ed m se m ~ 1 ( mod ( n )) m ~ ( n )q 1 m~ ( n )q m ~m ~( mod n ) ~ ) R 1( R( m )) m R 1( m • Finally: 19 .

RSA signature example Alice • p=5 q=7 n = 35 φ(n) = 4·6=24 • e = 5. d: ed = 5d=1 mod 24 => d = 5 Public key: (n=35. n-1] – m = R-1(m) = 26 20 . n-1] • For all m Є M R(m)=m • m = 26.m ~ R(m) = 26 s = 265 mod 35 = 31 Bob: – m~ R(m) = 315 mod 35 = 26 Є [0. e=5) Private key: d=5 • M = [0.

Possible Attacks on RSA signature • Integer factorization – If an adversary is able to factor n.e. then s is valid signature for m: m ~ R( m ) m R – Hence. ( n ) ( p 1 )( q 1 ) and find d : ed 1( mod ( n )) • Multiplicative property of RSA ~ d (mod n ) s1 m1 if ~m m ~m~ then s m ~d ( m ~m~ )d s s ( modn ) s m ~ d (mod n ) 1 2 1 2 1 2 2 2 – If ~ M . b M R( a b ) R( a ) R( b ) 21 . a . then n pq . to avoid this attack R must not be multiplicative. i.

q are k-bit primes) – Signature O(k3) – Verification O(k2) . RSA (cont) • Performance (p.

.Schnorr Signature.

Schnorr Signature .Salient Features I Derived from Schnorr identification scheme through Fiat-Shamir transformation I Based on the DLP I Security argued using oracle replay attacks I Uses the random oracle heuristic .

Proof through Contradiction I Consider a protocol P based on a hard problem Π .

Proof through Contradiction I Consider a protocol P based on a hard problem Π I Aim: Π is hard =⇒ P is not breakable .

Proof through Contradiction I Consider a protocol P based on a hard problem Π I Aim: Π is hard =⇒ P is not breakable ≡ P is breakable =⇒ Π is not hard Π Π P P B C A .

Proof through Contradiction I Consider a protocol P based on a hard problem Π I Aim: Π is hard =⇒ P is not breakable ≡ P is breakable =⇒ Π is not hard Π Π P P B C A I Since Π is assumed to be hard. . this leads to a contradiction.

Security Model I Lays down the schema to be followed for giving security proofs I Described using a game between a challenger C and an adversary A P P C A I C simulates the protocol environment for A I A wins the game if it solves the challenge given by C .

I A given oracle access to this function. the hash function modelled as a truly random function under the control of the challenger. . I In proofs.Random Oracles I Heuristic aimed at simplifying security proofs of protocols involving hash functions.

I In proofs.Schnorr Signature. Random Oracles I Heuristic aimed at simplifying security proofs of protocols involving hash functions. the hash function modelled as a truly random function under the control of the challenger. I A given oracle access to this function. P H .

I A given oracle access to this function. P P P C A H H . Random Oracles I Heuristic aimed at simplifying security proofs of protocols involving hash functions. I In proofs.Schnorr Signature. the hash function modelled as a truly random function under the control of the challenger.

P P P C A H H I Proofs without random oracles preferred. the hash function modelled as a truly random function under the control of the challenger.Schnorr Signature. Random Oracles I Heuristic aimed at simplifying security proofs of protocols involving hash functions. I A given oracle access to this function. . I In proofs.

V } - .Schnorr Signature. Preliminaries PKS and its Security Models Definition – Public-Key Signature An PKS scheme consists of three PPT algorithms {K. S .

sk) ← − K(κ) .Schnorr Signature. S . Preliminaries PKS and its Security Models Definition – Public-Key Signature An PKS scheme consists of three PPT algorithms {K. V } - I Key Generation: I Used by the user to generate the public-private key pair (pk. sk) I pk is published and the sk kept secret I Run on a security parameter κ $ (pk.

S . sk) I pk is published and the sk kept secret I Run on a security parameter κ $ (pk. V } - I Key Generation: I Used by the user to generate the public-private key pair (pk. m) . Preliminaries PKS and its Security Models Definition – Public-Key Signature An PKS scheme consists of three PPT algorithms {K. sk) ← − K(κ) I Signing: I Used by the user to generate signature on some message m I The secret key sk used for signing $ σ← − S (sk.Schnorr Signature.

pk) . m) I Verification: I Outputs 1 if σ is a valid signature on m. sk) I pk is published and the sk kept secret I Run on a security parameter κ $ (pk. else. V } - I Key Generation: I Used by the user to generate the public-private key pair (pk.Schnorr Signature. outputs 0 result ← V (σ. m. S . sk) ← − K(κ) I Signing: I Used by the user to generate signature on some message m I The secret key sk used for signing $ σ← − S (sk. Preliminaries PKS and its Security Models Definition – Public-Key Signature An PKS scheme consists of three PPT algorithms {K.

Schnorr Signature. Preliminaries Hardness Assumption Hardness Assumption: Discrete-log Assumption Discrete-log problem for a group G = hg i and | G |= p (G. p. g α ) DLP DLP C A α . g .

ElGamal Digital Signature .

Signature Generation .

Verification .

at most one message. otherwise signature can be forged. One-Time Signatures • Definition: digital schemes used to sign. • Most one-time signature schemes have the property that signature generation and verification are both very efficient . A new public key is required for each signed message.

i [1.y2n).k2nK.... – private key is (k1.. Rabin One-Time Signatures • Key generation – Select a symmetric key encryption scheme E (e. DES) – Generate 2n random secret strings k1. – Public key is (y1... each of bit length l – Compute yi=Eki(M0(i)).2n]..k2.k2. .g.y2.k2n)..

does yrj= Ekr (M0(rj))? j – Verify all srj = Ekr (h(m)).2n] – signature is (s1. rj[1.s2n) • Verification: – Compute h(m) – Select n distinct random number rj.. i [1. j: 1 j n – Verify received n keys ie.s2.. Rabin One-Time Signatures • Signature Generation: – compute si=Eki(h(m)).. the keys krj. j .2n] – Request from signer.

If n+1 or more values match. it is forgery. Rabin One-Time Signatures • Resolution of disputes: signer A. If ui = si for at most n values of i. verifier B and TTP – B provides m and the signature to TTP – TTP gets private key k1..k2n from A – TTP verifies authenticity of the private key – TTP computes ui=Eki(h(m))... it is valid signature • Rationale for dispute resolution 1 protocol – A can disavow with Pr = 2n n . 1 i n.

• Application: e-cash . nor the signature associated with it. B signs and returns the signature to A. B knows neither m. A can compute B’s signature on a priori message m of A’s choice. Blind signature scheme • Definition: A sends a piece of information to B. At the completion of the protocol. From this signature.

to A • (unblinding) A: computes s = k-1s* mod n . satisfying 0 k<n – Protocol actions • (blinding) A: comp m* = mke mod n. Blind signature scheme • Chaum – Sender A. Signer B – B’s RSA public and private key are as usual. k is a random secret integer chosen by A. to B Note: (mke)d = mdk • (signing) B comp s* = (m*)d mod n.

- IMAGE ENCRYPTION TECHNIQUES USING FRACTAL FUNCTION: A REVIEWUploaded byAnonymous Gl4IRRjzN
- p1486-davtyanUploaded byTarun Goyal
- Digital SignatureUploaded bySomeshwar Singh
- intro2e_ch10.ppt.pdfUploaded byLim Cia Chien
- An Approach to Provide Safety over cloud using Efficient EncryptionUploaded byEditor IJRITCC
- joliUploaded byjoolie123456789
- NETW4006-1Uploaded bySalah Al-Farsi
- paperUploaded byKriti Arora
- Towards Secure Data Distribution Systems in Mobile Cloud Computing: A SurveyUploaded byIRJET Journal
- Requirements Model.rtfUploaded bypraveen555
- Elliptic Curve Cryptography TheoryUploaded byKefa Rabah
- wuetalUploaded byالطيبحموده
- Cloud Assisted Health Care PDFUploaded bydfgdg
- Digital SignatureUploaded byrahulsaini031
- 159Uploaded byMhackSahu
- Sec NetUploaded byPradeep Tomar
- Implementation of Des AlgorithmUploaded byambrish_pandey_1
- 30 MW Tender_Document 1st March 2017Uploaded byjaiprakashgupta1947
- Elliptical CurveUploaded byMahesh Chandrappa
- r3-99b55.pdfUploaded bykala-majka
- Project Complete Without ScalingUploaded byAnonymous V9E1ZJtwoE
- Configuring E-mail Channels in SAP C4CUploaded byAbhijeet Daniel
- 130101001.pdfUploaded byPulkit Mittal
- Interopeability_e16098Uploaded byvinayak_w1953
- 23.Hybrid Attribute- and Re-Encryption-Based.pdfUploaded byAnonymous BI8OVw2
- IEEE project topics and abstracts 2016Uploaded byaswin
- Final KerberosUploaded byAkshat Vyas
- Cyber LawsUploaded byDhruv Beniwal
- d c Question_bankUploaded byhajafarook
- User ManualUploaded byAshish Kumar

- Capacity PlanningUploaded byAnonymous TMCyhJoI
- Fin Acc Local Close 1Uploaded byMoMo Sakhr
- Synopse MORMot Framework SAD 1.18Uploaded byDominik Henning
- Codificador Rottweil I-jetUploaded byCarlos Arraya Aban Abs
- Vacon NXP AFE ARFIFF02 Application Manual DPD00905Uploaded byTanuTiganu
- Infrastructure Monitoring Market by TechnologyUploaded byjoannas2016998
- Programming the Arduino LeonardoUploaded byoliwek
- Lecture 5Uploaded byKeith Tanaka Magaka
- 47732 Note - SaplcsioUploaded byWellington Rodrigues Lopes
- DocuUploaded byviraivil9417
- ReadmeUploaded bymi4natabj
- sap batch management overviewUploaded byErvin Castillo
- List Spring 2013 MidtermUploaded byFarhan Ul Haq
- Abhinav c Program FileUploaded byAnonymous xeUcweHs3
- PLPDF Upgrade From v2 to v4Uploaded byBlizard80
- A Mini Project reportUploaded byPosi Namdam
- Database Management SystemsUploaded byramkumar273
- cfd1-pt3Uploaded bySeyfullahYıldız
- nzappnoteUploaded byFilippo Costanzo
- UC Probe for UC/OS-II and US/OS-IIIUploaded byadityaoza
- Java Easy Steps Covers Java 9Uploaded byA. M. Anisul Huq
- Java Struts Spring Hibernate Tutorial - github.com/ chrishulbert/ JavaTutorialUploaded bychris_hulbert
- lab_1_1_5Uploaded byLohith Coreel
- KyoPal X7083-X7043-X7023Uploaded bykristechnik
- 10.1.1.19.3403Uploaded byRahul Soni
- Engineering Mathematics Topic 5Uploaded bycyclopsoctopus
- Case Study Americas CupUploaded byAmornrat Ting-Ting Sriprajittichai
- Frame Design and EconomyUploaded byMarakan Maran
- Tutorial CnnUploaded byJacopo Acquarelli
- KM_LIBR 287 - Research Paper - Libraries CybersecurityUploaded byArcane_Cowboy