Beruflich Dokumente
Kultur Dokumente
Digital Signatures
!"#$%&'()*%$*+%,-+.
! !"#$%$&'(")$%*'&+,-"$)"'"*+./-,"#-0-*#-*&"1*"!"#$%!$&'$(%
)*"+*%"*,-%("%(.$%!/0*$' '*#2"'##$&$1*'((32"1*"(.$%&"*($*(%"1%
(.$%#$!!20$%3$/*0%!/0*$4
! !"#$%$&'(")$%*'&+,-".+)&"/-"5$'/1/23,$2"$4-42"$5"'"#$)0+&-"',$)-)"
'*"6*3/2!$4%(./'4%72'(- .+)&"/-"'/(-"&1")1(6-"&7-"#$)0+&-"
$86/(23,-9%+/(."6(%'$86/'/*0%2&&$!!%("%(.$%!/0*$':!%!$&'$(
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
/('..-#-0',-$"
! ;/0/(2,%!/0*2(6'$!%+/(.%277$*4/<
! ,-8+$,-"&7-"1,$%$*'(".-))'%-"')"$*0+&"&1"&7-"6-,$5$9'&$1*"'(%1,$&7.:
! +)-"7')7"5+*9&$1*)
! ;<'.0(-)="=,>2#2,9%;?@9%;??2">97*1,,
! ;/0/(2,%!/0*2(6'$!%+/(.%#$!!20$%'$&"5$'! #1"*1&",-8+$,-"&7-"1,$%$*'(".-))'%-"')"$*0+&"&1"&7-"6-,$5$9'&$1*"
'(%1,$&7.:"
! &7-"1,$%$*'(".-))'%-"$)",-916-,-#"5,1."&7-")$%*'&+,-"$&)-(5:
! ;<'.0(-)="A?@2"?'/$*2"@3/-,%A?+-00-(
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
1-2-,'().-2"',3%+.)4-,5)'**+"6-7
;$1/*/(/"*!
!
! $)"&7-".-))'%-")0'9-
" $)"'"7')7"5+*9&$1*"B$&7"#1.'$*"!
!" $)"&7-"$.'%-"15""
# $)"&7-")$%*'&+,-")0'9-
B$-%0$*$'2(/"*
!
!($9-")-(-9&)"'"0,$6'&-"C-3"B7$97"#-5$*-)"'"$%&'%'&()*&+,%-". #/ B7$97"$)"'"1*-A&1A1*-"
.'00$*%"#/0(!" ! #
!($9-"#-5$*-)"&7-"91,,-)01*#$*%"0+/($9"C-3"#-5$*$*%"&7-"12,%3%4)-%+'()*&+,%-".(D! )+97"&7'&"
D!E.F2")G"H"&,+-"$5">!E.FG"H")"'*#"5'()-"1&7-,B$)-2"51,"'((".F I7 '*#") >2"B7-,-".F"H"
7E.G"51,"." I4"D! $)"91*)&,+9&-#")+97"&7'&"$&".'3"/-"91.0+&-#"B$&71+&"C*1B(-#%-"15"
"#$%&'()$*+&%,*'-."$%/$0
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
1-2-,'().-2"',3%+.)4-,5)'**+"6-7
The signing process
M
Mh
SA
m*
!"#$%&'()*#)$)(%&"+$*,(+-)..
! J1.0+&-"#C%D%.E#F2"!%D%?@E#CF
! >-*#"E#9%!F
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
1-2-,'().-2"',3%+.)4-,5)'**+"6-7
(m*,s)
VA
true
false
Boolean
Mh S
!"#$%&'()*/)("0"-%&"+$*,(+-)..
! 12".')%3+&%,425'6%/$0%G@
! J1.0+&-"#C%D%.E#F2"6%D%G@E#C9%!F
! !99-0&"&7-")$%*'&+,-"$55"6%D%('6$
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
1-2-,'().-2"',3%+.)4-,5)'**+"6-7
1(+,)(&").*+0*!2 %$3*42
! >! )71+(#"/-"-55$9$-*&"&1"91.0+&! D! )71+(#"/-"-55$9$-*&"&1"91.0+&-
! K&")71+(#"/-"&"#76(2(/"*2,,-%/*1$2!/3,$ 51,"'*"-*&$&3"1&7-,"
&7'*"!"&1"5$*#"'*". I"'*#"'*") >")+97"&7'&"
D!E.F2")G"H"&,+-2"B7-,-".F"H"7E.G
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
1-2-,'().-2"',3%+)4-,5)&+..'2+)%+0$8+%9
Definitions
!
Key generation
!
SA /.*61.*20/34,'*"'57*8A /.*61.*29:&/;*"'5
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
1-2-,'().-2"',3%+)4-,5)&+..'2+)%+0$8+%9
The signing process
MR
R
m
SA
m*
MS
!Compute 5C%D%6E5F, 6 is a redundancy function (invertible)
!Compute .*7*!2859:
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
1-2-,'().-2"',3%+)4-,5)&+..'2+)%+0$8+%9
The signing process
MR
R
m
SA
m*
MS
!
!
!
!
L/&'$*"'+&7-*&$9"0+/($9"C-3"5/
J1.0+&-".F"H"5E$G"
D-,$53"$5".6( !# E$5"*1&2",-M-9&"&7-")$%*'&+,-G
?-916-,"&7-".-))'%-". H"789E.FG
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
1-2-,'().-2"',3%+.)4-,5)&+..'2+)%+0$8+%9
1(+,)(&").*+0*!2 %$3*42
! >! )71+(#"/-"-55$9$-*&"&1"91.0+&! D! )71+(#"/-"-55$9$-*&"&1"91.0+&! K&")71+(#"/-"91.0+&'&$1*'((3"$*5-')$/(-"51,"'*"-*&$&3"1&7-,"
&7'*"!"&1"5$*#"'*")" >")+97"&7'&"D!E)G" I?
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
::
1-2-,'().-2"',3%+.)4-,5)&+..'2+)%+0$8+%9
H.$%'$46*42*&-%16*&(/"*
! ?"'*#"?AN ',-"0+/($9(3"C*1B*
! >-(-9&$*%"'*"'00,10,$'&-"?"$)"4,%-%4)* &1"&7-")-9+,$&3"15"&7-")3)&-.
2*;%3*()3'$3%$-<*0'$-&"+$
! O-&"+)")+001)-"&7'&"I?
I>
! ?"'*#">! ',-"/$M-9&$1*)2"&7-,-51,-"I"'*#">"7'6-"&7-")'.-"*+./-,"15"
-(-.-*&)
! P7-,-51,-2"51,"'((")" >2"D!E)G" I?7%8#$*$9:*$;%'"%'&%<$.&0=%":%9')>%.)%?%
51,"B7$97")"$)"&7-")$%*'&+,-2"."H"?ANED!E)GG
! )"$)"'"6'($#")$%*'&+,-"51,"."E2:%$-2'-%)*(3+,&2,;G
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
:4
1-2-,'().-2"',3%+.)4-,5)&+..'2+)%+0$8+%9
2*#++3*()3'$3%$-<*0'$-&"+$
! ;<'.0(! I"H"Q."="." QR2"NS*S2"I> H"Q."="." QR2"NST*S
! ?="I"! I>2"?E.G"H".!.
! I?
I>
!"#$%&'()%"*$&$
:5
1-2:).-2":)4-,5)'**+"6-7)#%$&)&+..'2+)%+0$8+%9
! ?/0*2(6'$%0$*$'2(/"*
! J1.0+&-"#C%D%6E=E5FF9%. D%!2E5CF
! 3+&%>'('".5%&'()."4*$%9:*%5 $)".
59%. ',-".'#-"'6'$('/(-"&1"'*31*-"B71".'3"B$)7"&1"6-,$53"&7-")$%*'&+,-
! ?/0*2(6'$%5$'/1/&2(/"*
! 12".')%3+&%,425'6%/$0%42
! J1.0+&-"5F"H"6E=E5FF2"5 H"42E.F2"'*#"' D%E5 DD%5CF
! !99-0&"&7-")$%*'&+,-"$55"'*D%('6$
! L"##$*(
! 6 $)"*1&")-9+,$&3"9,$&$9'("'*3.1,-"'*#"9'*"/-")';(+'28-+8+'2(.)<<%'&
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
:6
;9*+.)$#)',,'0<.
BREAKING A SIGNATURE
1. Total break < 4(3'0.405*/.*4:&'*,$*;$=29,'*,-'*./)#'01.*
private key
2. Selective forgery < adversary controls the messages
whose signature is forged
3. Existential forgery < adversary has no control on the
messages whose signature is forged
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
:;
;9*+.)$#)',,'0<.
BASIC ATTACKS
!
!
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
:7
=,,'0<.>)0$".-6+%',-$".
! @427(/5$%&."!$*P#$!!20$%2((2&)
! K&"$)"&7-".1)&"#$55$9+(&"'&&'9C"&1"0,-6-*&
! !(&71+%7"'*"'#'0&$6-"971)-*A.-))'%-"'&&'9C".'3"/-"$*5-')$/(-"&1".1+*&"$*"0,'9&$9-2"'"
B-((A#-)$%*-#")$%*'&+,-")97-.-")71+(#"*1*-&7-(-))"/-"#-)$%*-#"&1"0,1&-9&"'%'$*)&"&7-"
01))$/$($&3
! H.$%,$5$,%"1%!$&6'/(-%#2-%52'-%2&&"'4/*0%("%(.$%277,/&2(/"*%
! =<2#7,$%QR U7-*"'*"'#6-,)',3"$)"1*(3"9'0'/(-"15".1+*&$*%"'"C-3A1*(3"'&&'9C2"$&".'3"
)+55$9-"&1"#-)$%*"&7-")97-.-"&1"0,-6-*&"&7-"'#6-,)',3"5,1."/-$*%")+99-))5+("'&")-(-9&$6-"
51,%-,34"
! =<2#7,$%S4"U7-*"&7-"'#6-,)',3"$)"9'0'/(-"15"'".-))'%-"'&&'9C2"$&"$)"($C-(3"*-9-))',3"&1"
%+',#"'%'$*)&"&7-"01))$/$($&3"15"-<$)&-*&$'("51,%-,34
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
:8
=,,'0<.>)0$".-6+%',-$".
! >%.=*0'$-&"+$.*%$3*3"#"&%?*."#$%&'()*,(+-)..).
! U7-*"'"7')7"5+*9&$1*"= $)"+)-#"$*"'"#$%$&'(")$%*'&+,-")97-.-"E')"$)"15&-*"
&7-"9')-G2"= !."6,4%3$%2%1/<$4%72'(%"1%(.$%!/0*2(6'$%7'"&$!!
)1"&7'&"'*"'#6-,)',3"$)"+*'/(-"&1"&'C-"'"6'($#")$%*'&+,-2",-0('9-"= B$&7"'"
B-'C"7')7"5+*9&$1*2"'*#"&7-*".1+*&"'")-(-9&$6-"51,%-,3"'&&'9C4
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
:9
@"#"&%?*."#$%&'().*;%.)3*+$*6!2
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
:<
Introductory comments
! >$*9-"&7-"-*9,30&$1*"&,'*)51,.'&$1*"$)"'"/$M-9&$1*2"#$%$&'("
)$%*'&+,-)"9'*"/-"9,-'&-#"/3",-6-,)$*%"&7-",1(-)"15"
-*9,30&$1*"'*#"#-9,30&$1*
! W$%$&'(")$%*'&+,-"B$&7"#$!!20$%'$&"5$'! I>
>" !*
! !",-#+*#'*93"5+*9&$1*"?="I"! !* $)"971)-*"'*#"$)"0+/($9"
C*1B(-#%-
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
4=
?+9)2+"+%',-$"
1. Generate two large, distinct primes p, q (100 200
decimal digits)
2. Compute n = p q and
= (p-1) (q-1)
such that
!"#$%&'()%"*$&$
4:
@-2"',3%+)2+"+%',-$")'"6)8+%-#-0',-$"
Signature generation. In order to sign a message m, A does
the following
1. Compute m* = R(m) an integer in [0, n<1]
Signature verification>*?#*$0('0*,$*3'0/+5*61.*./)#4,90'*.*4#(*
recover message m, B does the following
1. @:,4/#*61.*49,-'#,/;*29:&/;*"'5*Ae, n)
2. Compute m* = se mod n
3. Verify that m* is in MR; if not reject the signature
4. Recover m = R-1(m*)
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
44
A%$$#),5',)8+%-#-0',-$")4$%<.
! If s is a signature for a message m, then s = m*d mod n
where m* = R(m).
! Since ed = 1 (mod ), se = m*ed = m* (mod n). Finally,
R-1(m*) = R-1(R(m)) = m.
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
45
A$..-B(+)',,'0<.
! I*($0$'%12&("'/T2(/"*
! X'9&1,$Y'&$1*"15"$ (-'#"&1"&1&'("/,-'C4"
! U6,(/7,/&2(/5$%7'"7$'(-%"1%A?@V%'$86/'$#$*(%"*%A
! !"*-9-))',3"91*#$&$1*"51,"'61$#$*%"-<$)&-*&$'("51,%-,3"$)"&7'&"6
.+)&"*1&")'&$)53"&7-".+(&$0($9'&$6-"0,10-,&34"
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
46
C@=).-2"',3%+)-")*%'0,-0+
6);?+-B"$#*,(+;?)54"K5"!($9-"B'*&)"&1")-*#"Z1/"'")-9,-&"'*#")$%*-#"
.-))'%-"&1"Z1/"&7-*"$&".+)&"/-"*! ["*Z
! P7-,-"',-"6',$1+)"B'3)"&1")1(6-"&7-"0,1/(-.
! '$"'4$'/*0="&7-"10-,'&$1*"B$&7"&7-").'((-,".1#+(+)"$)"
0-,51,.-#"5$,)&:""+=212,(-"2(<,232,,2>(+,>2,(%$()*=);$(-+($%&'(
3%,$-()'>(2'4,;<-(*)-2,
! (+"%#"46,/%1"'%$*(/(-="-'97"-*&$&3"7')"&B1".1#+($:".1#+($"51,"
)$%*$*%"E-4%42"&A/$&)G"',-"'(B'3)").'((-,"15"'(("01))$/(-".1#+($"
51,"-*9,30&$1*"E-4%42"&\NA/$&)G
! 24P."&%1"'#2(%"1%(.$%#"46,/
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
4;
C@=).-2"',3%+)-")*%'0,-0+
! Redundancy function
! A suitable redundancy function is necessary in order to avoid
existential forgery
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
47
C@=).-2"',3%+)-")*%'0,-0+
! Performance characteristics
! Let
p = q = k then
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
48
C@=).-2"',3%+)-")*%'0,-0+
! Parameter selection
! bitsize of the modulus: miminum 768; at least 1024 for signatures of
longer lifetime or critical for overall security of a large network (i.e.,
the private key of a certification authority)
! No weaknesses have been reported when the public exponent e is
chosen to be a small number such as 3 or 216+1.
! It is not recommended to restrict the size of the private exponent d in
order to improve the efficiency of signature generation
! Bandwidth efficiency
! By definition, BWE = log2 ( MS ) / log2 ( MR )
! For (RSA, ISO/IEC 9796), BWE = 0.5, that is, with a 1024-bits
modulus can be signed 512-bits messages
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
49
C@=).-2"',3%+)-")*%'0,-0+
! System wide parameters
! Each entity must have a distinct RSA modulus; it is insecure to
use a system-wide modulus
! The public exponent e can be a system-wide parameter, and is
in many applications. In this case, the low exponent attack must
be considered
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
*>#>?@A"2>#+@?BCD2"
E@2D*"F+"DA#@G@A
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
4<
!"#$%$"&'()*+*,$"('*+-$,./0
;/!&'$($%W"02'/(.#%?-!($#!
! O-&"< /-"'"0,$.-2"? '"0,$.-"#$6$)1,"15"<!N"'*#"& ]N2"<@N^"
7')"1,#-,"8
! O-&": /-"&7-"<,%1)-2(@2; )-(-9&-#"'&",'*#1."5,1."]N2"?@N^
! O-&"; /-"&7-"91,,-)01*#$*%"<AB*%4(@2; ; H"&: .1#"<
;/!&'$($%W"02'/(.#%X'"3,$#%E;WXF
! _$6-*"E<2"?2"&G"'*#";2"#-&-,.$*-":
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
5:
!"#$%$"&'()*+*,$"('*+-$,./0
! Signature
! select k
Zp<1* randomly
! Verify that 1
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
54
!"#$%$"&'()*+*,$"('*+-$,./0
Proof
! If the digital signature (r, s) has been produced by Alice
then s = (h(m)!xr)k!1 mod (p<1).
gar+ks
(gx)rrs mod p
! Thus v1 = v2 as required.
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
55
!"#$%$"&'()*+*,$"('*+-$,./0
?$&6'/(! K*"1,#-,"&1"51,%-"'")$%*'&+,-2"'*"'#6-,)',3""9'*")-(-9&"B '&",'*#1.2"
91.0+&-",(H &@ .1#"<4"P7'*"7-"7')"&1"91.0+&-")"H"E"E.G!:,G@!9 .1#"E0@
NG4"K5"&7-"WO`"$)"91.0+&'&$1*'((3"$*5-')$/(-2"&7-"'#6-,)',3"9'*"#1"*1"/-&&-,"
&7'*"&1"9711)-"'*"$ '&",'*#1.:"&7-")+99-))"0,1/'/$($&3"$)"NV< B7$97"$)"
*-%($%$/(-"51,"(',%-"<C
! !"#$55-,-*&"@ .+)&"/-")-(-9&-#"51,"#$55-,-*&".-))'%-)"1&7-,B$)-"&7-")-9,-&"
C-3": 9'*"/-",-6-'(-#
! K5"*1"7')7"5+*9&$1*"" $)"+)-#2"'*"'#6-,)',3"9'*"-')$(3".1+*&"'*"-<$)&-*&$'("
51,%-,3"'&&'9C4
! K5"&7-"97-9C"1*", $)"*1&"#1*-2"'*"'#6-,)',3"9'*")$%*".-))'%-)"15"$&)"
971$9-"0,16$#-#"$&"7')"1*-"6'($#")$%*'&+,-"0,1#+9-#"/3"!($9+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
56
@B?HD+?>I@?>F+"J2
+F+KCDLB*>@?>F+
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
D$"E%+*36-',-$"
! @1*A,-0+#$'&$1*"0,-6-*&)"'")$%*-,"5,1.")$%*$*%"'"#19+.-*&"'*#"
)+/)-8+-*&(3"/-$*%"'/(-"&1")+99-))5+((3"#-*3"7'6$*%"#1*-")14
! C+$D(),'3"%&"+$*/.*%'&=)$&"-%&"+$*+0*+("#"$
! !+&7-*&$9'&$1*"E/')-#"1*")3..-&,$9"930&1%,'073G"'((1B)"'"0',&3"&1"
91*6$*9-"/(!$,1%1,"'"#6(62,,-%('6!($4%72'(- 15"&7-"$*&-%,$&3V'+&7-*&$9$&3"
15"'"%$6-*".-))'%-"'&"'"%$6-*"&$.-"-R
! @1*A,-0+#$'&$1*"E/')-#"1*"0+/($9AC-3"930&1%,'073G""'((1B)"'"0',&3"&1"
91*6$*9-""(.$'! '&"'*3"&$.-"-N -R 15"&7-"$*&-%,$&3V'+&7-*&$9$&3"15"'"%$6-*"
.-))'%- '&"&$.-"-R
35'6$+&%>'('".5%&'()."4*$%9:*%.%('-$)%?$&&.($%>$,$)>&%:)%"#$%?$&&.($%.)>%
'")-9,-&")*"+*%("%@,/&$%"*,-%E(.$%7'/52($%)$-F
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
57
D$"E%+*36-',-$"
! W'&'"1,$%$*"'+&7-*&$9'&$1*"')"0,16$#-#"/3"'"#$%$&'(")$%*'&+,-"$)"6'($#"1*(3"
B7$(-"&7-"$24,24; :9%"#$%&'()$*+&%<,%1)-2(@2; $)".'$*&'$*-#"
! !"&7,-'&"&7'&".+)&"/-"'##,-))-#"$)"'")$%*-,"B71"%'-2'-%+')**; #$)9(1)-)"
7$)"0,$6'&-"C-32"'*#"&7-,-'5&-,"9('$.)"&7'&"'"<,21%+A$*; 6'($#")$%*'&+,-"
B')"51,%-#
! P7$)"&7,-'&".'3"/-"'##,-))-#"/3
! ,()/)$&"$#*3"()-&*%--)..*&+*&=)*B)<
! '.)*+0*%*&('.&)3*&"5).&%5,*%#)$&
! '.)*+0*%*&('.&)3*$+&%(<*%#)$&
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
58
+,-./01"2,)(0$-3
!"#$%&'()%"*$&$
59