中国矿业大学：《密码学》课程教学资源（PPT讲稿）认证协议（Authentication Protocol）Digital Signature

Digital signature 曹天杰 Tianjie Cao ticao@cumt.edu.cn College of Computer Science and Technology, China University of Mining and Technology, Xuzhou China 中国矿业大学计算机科学与技术学院 2003.6.6

1 Digital Signature 曹天杰 Tianjie Cao tjcao@cumt.edu.cn College of Computer Science and Technology, China University of Mining and Technology, Xuzhou, China 中国矿业大学计算机科学与技术学院 2003.6.6

Definitions Definitions Digital Signature-a data string which associates a message with some originating entity Digital Signature Generation Algorithm -a method for producing a digital signature Digital signature verification algorithm-a method for verifying that a digital signature is authentic (i. e, was indeed created by the specified entity Digital Signature Scheme-consists of a signature generation algorithm and an associated verification algorithm

2 Definitions • Definitions – Digital Signature - a data string which associates a message with some originating entity – Digital Signature Generation Algorithm – a method for producing a digital signature – Digital signature verification algorithm - a method for verifying that a digital signature is authentic (i.e., was indeed created by the specified entity). – Digital Signature Scheme - consists of a signature generation algorithm and an associated verification algorithm

Applications Digital Signatures can provide authentication Data Integrity Non-Repudiation One application Certification of public keys in large networks

3 Applications Digital Signatures can provide • Authentication • Data Integrity • Non-Repudiation One Application • Certification of public keys in large networks

Classification Digital signature schemes with appendix require the original message as input to the verification algorithm Digital signature schemes with message recovery do not require the original message as input to the verification algorithm. In this case, the original message is recovered from the signature itself

4 Classification • Digital signature schemes with appendix require the original message as input to the verification algorithm. • Digital signature schemes with message recovery do not require the original message as input to the verification algorithm. In this case, the original message is recovered from the signature itself

Classification(cont) Taxonomy of digital signatures randomized message recovery deterministic signature schemes randomized appendix deterministic

5 Classification (cont) • Taxonomy of digital signatures signature schemes message recovery appendix deterministic randomized randomized deterministic

Types of Signatures Direct digital signature involves only the communicating parties assumed that receiver knows public key of sender v Signature may be formed by(1)encrypting entire message with sender's private key or(2) encrypting hash code of message with sender's private key v Further encryption of entire message signature with receiver's public key or shared private key ensures confidentiality

6 Types of Signatures • Direct digital signature – involves only the communicating parties ✓Assumed that receiver knows public key of sender. ✓Signature may be formed by (1) encrypting entire message with sender’s private key or (2) encrypting hash code of message with sender’ s private key. ✓Further encryption of entire message + signature with receiver’s public key or shared private key ensures confidentiality

Types of Signatures Problems with direct signatures v Validity of scheme depends on the security of the sender's private key sender may later deny sending a certain message v Private key may actually be stolen from X at time T, so timestamp may not help

7 Types of Signatures • Problems with direct signatures: ✓Validity of scheme depends on the security of the sender’s private key  sender may later deny sending a certain message. ✓Private key may actually be stolen from X at time T, so timestamp may not help

Types of signatures Arbitrated digital signature involves a trusted third party or arbiter v Every signed message from sender, X,to receiver. Y, goes to an arbiter. A, first v A subjects message t signature to number of tests to check origin content v a dates the message and sends it to y with indication that it has been verified to its satisfaction

8 Types of Signatures • Arbitrated digital signature – involves a trusted third party or arbiter ✓Every signed message from sender, X, to receiver, Y, goes to an arbiter, A, first. ✓A subjects message + signature to number of tests to check origin & content ✓A dates the message and sends it to Y with indication that it has been verified to its satisfaction

Arbitrated digital signatures Requires an unconditionally ttp as part of the signature generation and signature verification Each entity shares a symmetric key with the tTP Symmetric key cryptography results in a very fast algorithm However, this speedup is overshadowed by the TtP as well as communication overhead

9 Arbitrated Digital Signatures • Requires an unconditionally TTP as part of the signature generation and signature verification. • Each entity shares a symmetric key with the TTP • Symmetric key cryptography results in a very fast algorithm • However, this speedup is overshadowed by the TTP as well as communication overhead

Arbitrated digital signatures Sign ature generation(by A) A al U= Eka (h(m)) TTP Ek(h(mIIA

10 Arbitrated Digital Signatures • Signature Generation (by A) A IA , u = EkA(h(m)) TTP s = EkT(h(m)||IA )