Digital Signature 曹天杰 Tianjie Cao ticao(cumt. edu. cn College of Computer science and echnology, China University of Mining and Technology Xuzhou, China 中国矿业大学计算机科学与技术学院 2003.6.6
1 Digital Signature 曹天杰 Tianjie Cao tjcao@cumt.edu.cn College of Computer Science and Technology, China University of Mining and Technology, Xuzhou, China 中国矿业大学计算机科学与技术学院 2003.6.6
Definitions Definitions Digital Signature -a data string which associates a message with some originating entity Digital Signature Generation Algorithm -a method for producing a digital signature Digital signature verification algorithm-a method for verifying that a digital signature is authentic i.e., was indeed created by the specified entity) Digital Signature Scheme-consists of a signature generation algorithm and an associated verification algorithm
2 Definitions • Definitions – Digital Signature - a data string which associates a message with some originating entity – Digital Signature Generation Algorithm – a method for producing a digital signature – Digital signature verification algorithm - a method for verifying that a digital signature is authentic (i.e., was indeed created by the specified entity). – Digital Signature Scheme - consists of a signature generation algorithm and an associated verification algorithm
pplications Digital Signatures can provide Authentication Data Integrity Non-Repudiation One application Certification of public keys in large networks
3 Applications Digital Signatures can provide • Authentication • Data Integrity • Non-Repudiation One Application • Certification of public keys in large networks
Classification Digital signature schemes with appendix require the original message as input to the verification algorithm Digital signature schemes with message recovery do not require the original message as input to the verification algorithm. In this case, the original message is recovered fro om the signature itself
4 Classification • Digital signature schemes with appendix require the original message as input to the verification algorithm. • Digital signature schemes with message recovery do not require the original message as input to the verification algorithm. In this case, the original message is recovered from the signature itself
Classification(cont) Taxonomy of digital signatures randomized message recovery deterministic sIgnature schemes randomized appendix deterministic
5 Classification (cont) • Taxonomy of digital signatures signature schemes message recovery appendix deterministic randomized randomized deterministic
Types of Signatures Direct digital signature involves only the communicating parties v Assumed that receiver knows public key of sender Signature may be formed by(1)encrypting entire message with sender's private key or(2 encrypting hash code of message with senders private key. Y Further encryption of entire message signature with receiver's public key or shared private key ensures confidentiality
6 Types of Signatures • Direct digital signature – involves only the communicating parties ✓Assumed that receiver knows public key of sender. ✓Signature may be formed by (1) encrypting entire message with sender’s private key or (2) encrypting hash code of message with sender’ s private key. ✓Further encryption of entire message + signature with receiver’s public key or shared private key ensures confidentiality
Types of signatures Problems with direct signatures Validity of scheme depends on the security of the sender's private key sender may later deny sending a certain message Y Private key may actually be stolen from X at time T, so timestamp may not help
7 Types of Signatures • Problems with direct signatures: ✓Validity of scheme depends on the security of the sender’s private key sender may later deny sending a certain message. ✓Private key may actually be stolen from X at time T, so timestamp may not help
Types of signatures Arbitrated digital signature - involves a trusted third party or arbiter v Every signed message from sender. X, to receiver, Y, goes to an arbiter, A, first v A subjects message signature to number of tests to check origin content v a dates the message and sends it to y with indication that it has been verified to its satisfaction
8 Types of Signatures • Arbitrated digital signature – involves a trusted third party or arbiter ✓Every signed message from sender, X, to receiver, Y, goes to an arbiter, A, first. ✓A subjects message + signature to number of tests to check origin & content ✓A dates the message and sends it to Y with indication that it has been verified to its satisfaction
Arbitrated Digital Signatures Requires an unconditionally Ttp as part of the signature generation and signature verification Each entity shares a symmetric key with the TtP Symmetric key cryptography results in a very fast algorithm However, this speedup is overshadowed by the TTP as well as communication overhead
9 Arbitrated Digital Signatures • Requires an unconditionally TTP as part of the signature generation and signature verification. • Each entity shares a symmetric key with the TTP • Symmetric key cryptography results in a very fast algorithm • However, this speedup is overshadowed by the TTP as well as communication overhead
Arbitrated Digital Signatures Signature Generation(by A) A al u= ek( h(m) TTP s=Ek(h(mIIA)
10 Arbitrated Digital Signatures • Signature Generation (by A) A IA , u = EkA(h(m)) TTP s = EkT(h(m)||IA )