Beruflich Dokumente
Kultur Dokumente
Cryptographic Algorithms
UNIT-III
Digital Signatures-UNIT-V
CSE 3112
Jayaprakash Kar
Digital Signature
The RSA Signature Scheme
Digital Signature Algorithm
ElGamal Signature Algorithm
Schnorr signature scheme
Table of contents
1 Digital Signature
Type of attacks on signature scheme
Basic definitions
Message attack
Notation Meaning
M a set of elements called message space
MS a set of elements called Signing space
S a set of elements called signature space
R a 1-1 mapping from M to MS , called redundancy func
MR the image of R
R −1 the inverse of R
R a set of element called indexing set for string
h a one-way function with domain M
Mh image of h i.e h : M → Mh
Digital Signature
The RSA Signature Scheme
Digital Signature Algorithm Attacks on RSA Signature
ElGamal Signature Algorithm
Schnorr signature scheme
Signature verification
Key-Only Attack
Let Alice generates her own signature using her private key.
The adversary Eve only access to Alice’s public key. Eve
intercepts the pair (m, s) and tries to create another message
0
m ≡ s e mod n. Thus Eve has to solve discrete logarithm
problem.
Digital Signature
The RSA Signature Scheme
Digital Signature Algorithm Attacks on RSA Signature
ElGamal Signature Algorithm
Schnorr signature scheme
Known-Message Attack
Chosen-Message Attack(CMA)
Signature verification
Proof of correctness
proof of correctness
Key-only Attack
Let assume that the adversary Eve has predefined message m.
She needs to forge Alice’s signatures (r, s) for this message.
This is an selective forgery.
Eve can choose r and compute s. She needs to have
y r r s ≡ αh(m) mod p
⇒ αar r s ≡ αh(m) mod p
⇒ r s ≡ α−ar · αh(m) mod p
⇒ s = logr αh(m)−ar mod p
This implies to solve discrete logarithm problem.
Digital Signature
The RSA Signature Scheme
Digital Signature Algorithm Security of ElGamal Signature
ElGamal Signature Algorithm
Schnorr signature scheme
Known-message forgery
Total forgery
Existential forgery
Proof of Correctness