60 likes | 170 Views
Digital Signatures. CSCI381 Fall 2005 GWU. Definition. P : set of plaintext S : set of signatures K : keyspace private function: sig k : P S public function: ver K : P X S {true, false} ver K (m, s) = true iff sig K (m) = s; else ver K (m, s) = false
E N D
Digital Signatures CSCI381 Fall 2005 GWU
Definition • P: set of plaintext • S: set of signatures • K: keyspace • private function: sigk: P S • public function: verK: P X S {true, false} • verK(m, s) = true iff sigK(m) = s; else verK(m, s) = false • {m, sigK(m)} is a signed message CS284/Spring05/GWU/Vora/Signatures
El Gamal Digital Signature • For a key K= (p, , , a); = a mod p; a private • Choose random k invertible in Zp-1 • sigK(x, k) = (=k mod p, =(x-a)k-1 mod p-1) • verK(x, (G, D)) = true GGD=x mod p • Depends on security of the DL problem: Find a given p, , CS284/Spring05/GWU/Vora/Signatures
Digital Signature Example • K= (p=11, =2, =5, a=4); = a mod p; a private • Choose random k=3 invertible in Zp-1 • sigK(x=7, k=3) = (=k mod p, =(x-a)k-1 mod p-1) = (8, 5) • verK(x, (G, D)) = true GGD=x mod p (7 mod 11) CS284/Spring05/GWU/Vora/Signatures
DSA Uses SHA(x) instead of X CS284/Spring05/GWU/Vora/Signatures
Discrete Log in Elliptic Curves As before, only group is no longer Zp* The problem is to determine a given P and Q = aP in the elliptic curve group The best-known algorithm for breaking DL over Zp* takes less time than that for breaking DL over an elliptic curve group of the same size CS284/Spring05/GWU/Vora/Signatures