Download
1 / 6
60 likes | 181 Views
This document provides a comprehensive overview of digital signatures as discussed in CSCI 381 during Fall 2005 at GWU. It includes definitions of key components such as the plaintext set, signature set, keyspace, and functions for signing and verification. The ElGamal digital signature algorithm is detailed, along with an example demonstrating its application with specific values. Additionally, it highlights the security implications of the discrete logarithm problem in both traditional and elliptic curve contexts. This resource is invaluable for understanding the foundations and applications of digital signatures in cryptography.
E N D
Digital Signatures CSCI381 Fall 2005 GWU
Definition • P: set of plaintext • S: set of signatures • K: keyspace • private function: sigk: P S • public function: verK: P X S {true, false} • verK(m, s) = true iff sigK(m) = s; else verK(m, s) = false • {m, sigK(m)} is a signed message CS284/Spring05/GWU/Vora/Signatures
El Gamal Digital Signature • For a key K= (p, , , a); = a mod p; a private • Choose random k invertible in Zp-1 • sigK(x, k) = (=k mod p, =(x-a)k-1 mod p-1) • verK(x, (G, D)) = true GGD=x mod p • Depends on security of the DL problem: Find a given p, , CS284/Spring05/GWU/Vora/Signatures
Digital Signature Example • K= (p=11, =2, =5, a=4); = a mod p; a private • Choose random k=3 invertible in Zp-1 • sigK(x=7, k=3) = (=k mod p, =(x-a)k-1 mod p-1) = (8, 5) • verK(x, (G, D)) = true GGD=x mod p (7 mod 11) CS284/Spring05/GWU/Vora/Signatures
DSA Uses SHA(x) instead of X CS284/Spring05/GWU/Vora/Signatures
Discrete Log in Elliptic Curves As before, only group is no longer Zp* The problem is to determine a given P and Q = aP in the elliptic curve group The best-known algorithm for breaking DL over Zp* takes less time than that for breaking DL over an elliptic curve group of the same size CS284/Spring05/GWU/Vora/Signatures
