SlideShare une entreprise Scribd logo

CNIT 141: 10. Digital Signatures

Sam Bowne
Sam Bowne

For a college course -- CNIT 140: "Cryptography for Computer Networks" at City College San Francisco Instructor: Sam Bowne More info: https://samsclass.info/141/141_F17.shtml Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000

Formation
1  sur  45
Télécharger pour lire hors ligne
Understanding Cryptography – A Textbook for Students and Practitioners by Christof Paar and JanPelzl www.crypto-textbook.com Chapter 10 – Digital Signatures ver. October 29, 2009 These slides were prepared by Georg Becker, Christof Paar and Jan Pelzl and modified by Sam Bowne
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl2 Some legal stuff (sorry): Terms of Use • The slides can used free of charge. All copyrights for the slides remain with Christof Paar and Jan Pelzl. • The title of the accompanying book “Understanding Cryptography” by Springer and the author’s names must remain on eachslide. • If the slides are modified, appropriate credits to the book authorsand the book title must remain within the slides. • It is not permitted to reproduce parts or all of the slides in printedform whatsoever without written consent by the authors.
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl3 Contents of this Chapter 10.1.2 Principles of Digital Signatures 10.1.3 Security Objectives 10.2 The RSA Digital Signature Scheme 10.3 The Elgamal Digital Signature Scheme 10.4 The Digital Signature Algorithm (DSA) 10.5 The Elliptic Curve Digital Signature Algorithm (ECDSA)
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl4 10.1.2 Principles of Digital Signatures
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl5 Motivation • Alice orders a pink car from the car salesman Bob • After seeing the pink car, Alice states that she never ordered it: • How can Bob prove to a judge that Alice ordered a pink car? (And that he did not fabricate the order himself) ⇒ Symmetric cryptography fails because both Alice and Bob can be malicious ⇒ Can be achieved with public-key cryptography
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl Basic Principle of Digital Signatures 6
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl7 Main idea • For a given message x, a digital signature is appended to the message (just like a conventional signature) • Only the person with the private key should be able to generate the signature • The signature must change for every document ⇒The signature is made from the message x and the private key ⇒The public key and the message x are the inputs to the verification function
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl8
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl9 10.1.3 Security Objectives
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl Core Security Objectives 1. Confidentiality: Information is kept secret from all but authorized parties. 2. Integrity: Ensures that a message has not been modified in transit. 3. Message Authentication: Ensures that the sender of a message is authentic. An alternative term is data origin authentication. 4. Non-repudiation: Ensures that the sender of a message can not deny the creation of the message. (c.f. order of a pinkcar) 10
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl11 Additional Security Objectives 5. Identification/entity authentication: Establishing and verification of the identity of an entity, e.g. a person, a computer, or a credit card. 6. Access control: Restricting access to the resourcesto privileged entities. 7. Availability: The electronic system is reliably available. 8. Auditing: Provides evidences about security relevant activities, e.g., by keeping logs about certainevents. 9. Physical security: Providing protection against physical tampering and/or responses to physical tampering attempts 10. Anonymity: Providing protection against discovery and misuse of identity.
12 1
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl13 10.2 The RSA Digital Signature scheme
Schoolbook RSA Digital Signature Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl14
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl The RSA Signature Protocol 15
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl16 Security and Performance of the RSA Signature Scheme Security: The same constrains as RSA encryption: n needs to be at least 1024 bits to provide a security level of 80 bit. ⇒ The signature, consisting of s, needs to be at least 1024 bits long Performance: The signing process is an exponentiation with the private key and the verification process an exponentiation with the public key e. ⇒ Signature verification is very efficient as a small number can be chosen for the public key.
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl17 Attacks on the RSA Signature Scheme Counterfeit public key: Attacker publishes a public key under someone else's name Countermeasure: digital certificates and PKI Factoring n: Attacker calculates private key from public key Countermeasure: n > 1024 bits Existential forgery: Attacker starts from a signature and crafts a message that matches it Countermeasure: padding
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl Existential Forgery Attack against RSA Digital Signature Alice Bob Kpr = d Kpub = (n, e)(n,e) 1. Choose signature: s Zn 2. Compute message: x ≡ se mod n (x,s) Verification: se ≡ x‘ mod n since se = (xd)e ≡ x mod n → Signature is valid Oscar (n,e) 18
• But an attack can only choose the signature s and NOT the message x ⇒ Attacker cannot generate messages like „Transfer $1000 into Oscar‘s account“ Formatting the message x according to a padding scheme can be used to make sure that an attacker cannot generate valid (x,s)pairs. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl Existential Forgery and Padding • An attacker can generate valid message-signature pairs (x,s) 19
Probabilistic Signature Standard (PSS) • Formatting rule distinguishes between valid and invalid messages • The padding includes a random salt and a hash of the message • So signing the same message twice results in different padding • Existential forgery results in a random message which is very unlikely to contain a valid hash value
23 4
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl24 10.3 The Elgamal Digital Signature Scheme
Elgamal Signatures • Generate a key pair • Choose a random ephemeral key • Calculate a signature using the private key, the ephemeral key, and the message • Receiver can verify the signature from the public key
Schoolbook Elgamal Digital Signature
Schoolbook Elgamal Digital Signature
Schoolbook Elgamal Digital Signature
Security • Verifier must have correct public key • p must be 1024 bits or longer to make the DLP (Discrete Logarithm Problem) sufficiently difficult • Signer must not re-use the ephemeral key • Otherwise attacker can easily find the private key • Attacker has two equations with two unknowns • kE and d
Existential Forgery Attack • Similar to RSA attack • Attacker can generate a valid signed message, but the plaintext is scrambled • Hashing the message before signing it makes this attack impossible
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl31 10.4 The Digital Signature Algorithm (DSA)
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl32 Digital Signature Algorithm (DSA) •Federal US Government standard for digital signatures (DSS) •Proposed by the National Institute of Standards and Technology (NIST) •DSA is based on the Elgamal signature scheme •Signature is only 320 bits long •Signature verification is slower compared to RSA •Far more popular than Elgamal signature, which are rarely used
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl33 Digital Signature Algorithm (DSA) •Uses two cyclic groups •In 1024-bit version: • Larger group is near 10**1024 • Smaller group is near 2**160 • Longer keys are possible in the standard
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl34 The Digital Signature Algorithm (DSA)
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl35 The Digital Signature Algorithm (DSA)
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl36 The Digital Signature Algorithm (DSA)
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl37 Security of DSA To solve the discrete logarithm problem in p the powerful index calculus method can be applied. But this method cannot be applied to the discrete logarithm problem of the subgroupq. Therefore q can be smaller than p. p q hash output (min) security levels 1024 160 160 80 2048 224 224 112 3072 256 256 128 Standardized parameter bit lengths and security levels for theDSA
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl38 Security of DSA Must not re-use ephemeral key Just like Elgamal signatures
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl39 10.5 The Elliptic Curve Digital Signature Algorithm (ECDSA)
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl40 Elliptic Curve Digital SignatureAlgorithm (ECDSA) • Based on Elliptic Curve Cryptography (ECC) • Bit lengths in the range of 160-256 bits provide security equivalent to 1024-3072 bit RSA (80-128 bit symmetric security level) • One signature consists of two points, hence the signature is twice the used bit length (i.e., 320-512 bits for 80-128 bit security level). • The shorter bit length of ECDSA often result in shorter processing time
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl41 Elliptic Curve Digital SignatureAlgorithm (ECDSA)
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl42 Elliptic Curve Digital SignatureAlgorithm (ECDSA)
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl43 Security of ECDSA • It's difficult to find elliptic curves with good cryptographic properties • In practice, standard curves are used, from NIST or the Brainpool consortium
Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl44 Lessons Learned • Digital signatures provide message integrity, message authentication and non- repudiation. • RSA is currently the most widely used digital signature algorithm. • Competitors are the Digital Signature Standard (DSA) and the EllipticCurve Digital Signature Standard (ECDSA). • RSA verification can be done with short public keys e. Hence, in practice, RSA verification is usually faster thansigning. • DSA and ECDSA have shorter signatures than RSA • In order to prevent certain attacks, RSA should be used withpadding. • The modulus of DSA and the RSA signature schemes should be at least 1024- bits long. For true long-term security, a modulus of length 3072 bits should be chosen. In contrast, ECDSA achieves the same security levels with bit lengthsin the range 160–256 bits.
45 4

Recommandé

CNIT 141 8. Public-Key Cryptosystems Based on the DLP
CNIT 141 8. Public-Key Cryptosystems Based on the DLPCNIT 141 8. Public-Key Cryptosystems Based on the DLP
CNIT 141 8. Public-Key Cryptosystems Based on the DLPSam Bowne
 
CNIT 141: 11. Hash Functions
CNIT 141: 11. Hash FunctionsCNIT 141: 11. Hash Functions
CNIT 141: 11. Hash FunctionsSam Bowne
 
Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSAMohamed Loey
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101n|u - The Open Security Community
 
Rsa rivest shamir adleman
Rsa rivest shamir adlemanRsa rivest shamir adleman
Rsa rivest shamir adlemanHossain Md Shakhawat
 
Rsa Crptosystem
Rsa CrptosystemRsa Crptosystem
Rsa CrptosystemAmlan Patel
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyPopescu Petre
 
Cryptography
CryptographyCryptography
CryptographyKARNAN L S
 

Recommandé

CNIT 141 8. Public-Key Cryptosystems Based on the DLP
CNIT 141 8. Public-Key Cryptosystems Based on the DLPCNIT 141 8. Public-Key Cryptosystems Based on the DLP
CNIT 141 8. Public-Key Cryptosystems Based on the DLPSam Bowne
 
CNIT 141: 11. Hash Functions
CNIT 141: 11. Hash FunctionsCNIT 141: 11. Hash Functions
CNIT 141: 11. Hash FunctionsSam Bowne
 
Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSAMohamed Loey
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101n|u - The Open Security Community
 
Rsa rivest shamir adleman
Rsa rivest shamir adlemanRsa rivest shamir adleman
Rsa rivest shamir adlemanHossain Md Shakhawat
 
Rsa Crptosystem
Rsa CrptosystemRsa Crptosystem
Rsa CrptosystemAmlan Patel
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyPopescu Petre
 
Cryptography
CryptographyCryptography
CryptographyKARNAN L S
 
Cryptography
CryptographyCryptography
CryptographyJens Patel
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream CiphersSam Bowne
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyMd. Afif Al Mamun
 
Post quantum cryptography
Post quantum cryptographyPost quantum cryptography
Post quantum cryptographySamy Shehata
 
DES
DESDES
DESNaga Srimanyu Timmaraju
 
Discrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve CryptosystemsDiscrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve CryptosystemsNIT Sikkim
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyMd. Shafiul Alam Sagor
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmIndra97065
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 
RSA algorithm
RSA algorithmRSA algorithm
RSA algorithmArpana shree
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptographydrewz lin
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithmComputer_ at_home
 
Asymmetric Cryptography.pptx
Asymmetric Cryptography.pptxAsymmetric Cryptography.pptx
Asymmetric Cryptography.pptxdiaa46
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMShashank Shetty
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Hardik Manocha
 
Cryptography
CryptographyCryptography
CryptographyTushar Swami
 
Elliptic Curve Cryptography
Elliptic Curve CryptographyElliptic Curve Cryptography
Elliptic Curve CryptographyKelly Bresnahan
 
Cryptography
CryptographyCryptography
CryptographyPratiksha Patil
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVictor Pereira
 
Modular Arithmetic: Addition and Subtraction
Modular Arithmetic: Addition and SubtractionModular Arithmetic: Addition and Subtraction
Modular Arithmetic: Addition and SubtractionSam Bowne
 
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)Sam Bowne
 

Contenu connexe

Tendances

2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream CiphersSam Bowne
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyMd. Afif Al Mamun
 
Post quantum cryptography
Post quantum cryptographyPost quantum cryptography
Post quantum cryptographySamy Shehata
 
Discrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve CryptosystemsDiscrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve CryptosystemsNIT Sikkim
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyMd. Shafiul Alam Sagor
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmIndra97065
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptographydrewz lin
 
Asymmetric Cryptography.pptx
Asymmetric Cryptography.pptxAsymmetric Cryptography.pptx
Asymmetric Cryptography.pptxdiaa46
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Hardik Manocha
 
Elliptic Curve Cryptography
Elliptic Curve CryptographyElliptic Curve Cryptography
Elliptic Curve CryptographyKelly Bresnahan
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic EncryptionVictor Pereira
 

Tendances (20)

Cryptography
CryptographyCryptography
Cryptography
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream Ciphers
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Post quantum cryptography
Post quantum cryptographyPost quantum cryptography
Post quantum cryptography
 
DES
DESDES
DES
 
Discrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve CryptosystemsDiscrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
Discrete Logarithmic Problem- Basis of Elliptic Curve Cryptosystems
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key Cryptography
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithm
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and Cryptography
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
RSA algorithm
RSA algorithmRSA algorithm
RSA algorithm
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptography
 
Diffie-hellman algorithm
Diffie-hellman algorithmDiffie-hellman algorithm
Diffie-hellman algorithm
 
Asymmetric Cryptography.pptx
Asymmetric Cryptography.pptxAsymmetric Cryptography.pptx
Asymmetric Cryptography.pptx
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES)
 
Cryptography
CryptographyCryptography
Cryptography
 
Elliptic Curve Cryptography
Elliptic Curve CryptographyElliptic Curve Cryptography
Elliptic Curve Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Homomorphic Encryption
Homomorphic EncryptionHomomorphic Encryption
Homomorphic Encryption
 

En vedette

Modular Arithmetic: Addition and Subtraction
Modular Arithmetic: Addition and SubtractionModular Arithmetic: Addition and Subtraction
Modular Arithmetic: Addition and SubtractionSam Bowne
 
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)Sam Bowne
 
CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementSam Bowne
 
Modular Arithmetic and Trap Door Ciphers
Modular Arithmetic and Trap Door CiphersModular Arithmetic and Trap Door Ciphers
Modular Arithmetic and Trap Door CiphersJoshua Holden
 
Unit i basic concepts of algorithms
Unit i basic concepts of algorithmsUnit i basic concepts of algorithms
Unit i basic concepts of algorithmssangeetha s
 
Modular arithmetic
Modular arithmeticModular arithmetic
Modular arithmeticsangeetha s
 
CNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsCNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsSam Bowne
 
Cloud Foundry Monitoring How-To: Collecting Metrics and Logs
Cloud Foundry Monitoring How-To: Collecting Metrics and LogsCloud Foundry Monitoring How-To: Collecting Metrics and Logs
Cloud Foundry Monitoring How-To: Collecting Metrics and LogsAltoros
 
TCPdump-Wireshark
TCPdump-WiresharkTCPdump-Wireshark
TCPdump-WiresharkHarsh Singh
 
CNIT 141: 9. Elliptic Curve Cryptosystems
CNIT 141: 9. Elliptic Curve CryptosystemsCNIT 141: 9. Elliptic Curve Cryptosystems
CNIT 141: 9. Elliptic Curve CryptosystemsSam Bowne
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 
CNIT 124 Ch 13: Post Exploitation (Part 1)
CNIT 124 Ch 13: Post Exploitation (Part 1)CNIT 124 Ch 13: Post Exploitation (Part 1)
CNIT 124 Ch 13: Post Exploitation (Part 1)Sam Bowne
 
CNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersCNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersSam Bowne
 
Navigating the Ecosystem of Pivotal Cloud Foundry Tiles
Navigating the Ecosystem of Pivotal Cloud Foundry TilesNavigating the Ecosystem of Pivotal Cloud Foundry Tiles
Navigating the Ecosystem of Pivotal Cloud Foundry TilesAltoros
 

En vedette (17)

Modular Arithmetic: Addition and Subtraction
Modular Arithmetic: Addition and SubtractionModular Arithmetic: Addition and Subtraction
Modular Arithmetic: Addition and Subtraction
 
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
 
CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access Management
 
Modular Arithmetic and Trap Door Ciphers
Modular Arithmetic and Trap Door CiphersModular Arithmetic and Trap Door Ciphers
Modular Arithmetic and Trap Door Ciphers
 
Unit i basic concepts of algorithms
Unit i basic concepts of algorithmsUnit i basic concepts of algorithms
Unit i basic concepts of algorithms
 
Modular arithmetic
Modular arithmeticModular arithmetic
Modular arithmetic
 
CNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis ToolsCNIT 50: 6. Command Line Packet Analysis Tools
CNIT 50: 6. Command Line Packet Analysis Tools
 
Tcpdump
TcpdumpTcpdump
Tcpdump
 
Cloud Foundry Monitoring How-To: Collecting Metrics and Logs
Cloud Foundry Monitoring How-To: Collecting Metrics and LogsCloud Foundry Monitoring How-To: Collecting Metrics and Logs
Cloud Foundry Monitoring How-To: Collecting Metrics and Logs
 
TCPdump-Wireshark
TCPdump-WiresharkTCPdump-Wireshark
TCPdump-Wireshark
 
CNIT 141: 9. Elliptic Curve Cryptosystems
CNIT 141: 9. Elliptic Curve CryptosystemsCNIT 141: 9. Elliptic Curve Cryptosystems
CNIT 141: 9. Elliptic Curve Cryptosystems
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance tools
 
Tcpdump hunter
Tcpdump hunterTcpdump hunter
Tcpdump hunter
 
CNIT 124 Ch 13: Post Exploitation (Part 1)
CNIT 124 Ch 13: Post Exploitation (Part 1)CNIT 124 Ch 13: Post Exploitation (Part 1)
CNIT 124 Ch 13: Post Exploitation (Part 1)
 
CNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersCNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web Servers
 
Wireshark - presentation
Wireshark - presentationWireshark - presentation
Wireshark - presentation
 
Navigating the Ecosystem of Pivotal Cloud Foundry Tiles
Navigating the Ecosystem of Pivotal Cloud Foundry TilesNavigating the Ecosystem of Pivotal Cloud Foundry Tiles
Navigating the Ecosystem of Pivotal Cloud Foundry Tiles
 

Similaire à CNIT 141: 10. Digital Signatures

computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationAlex Punnen
 
Cryptography - A Brief History
Cryptography - A Brief HistoryCryptography - A Brief History
Cryptography - A Brief Historyprasenjeetd
 
Rothke Info Security Canada 2007 Final
Rothke Info Security Canada 2007 FinalRothke Info Security Canada 2007 Final
Rothke Info Security Canada 2007 FinalBen Rothke
 
Encryption technology
Encryption technologyEncryption technology
Encryption technologyNeha Bhambu
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.pptUskuMusku1
 
Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryptionphanleson
 
digital signature for SMS security
digital signature for SMS securitydigital signature for SMS security
digital signature for SMS securityNilu Desai
 
aacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptxaacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptxImXaib
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Saif Kassim
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI TechnologySylvain Maret
 
A Survey on Generation and Evolution of Various Cryptographic Techniques
A Survey on Generation and Evolution of Various Cryptographic TechniquesA Survey on Generation and Evolution of Various Cryptographic Techniques
A Survey on Generation and Evolution of Various Cryptographic TechniquesIRJET Journal
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryPriyank Kapadia
 
Cryptography - An Overview
Cryptography - An OverviewCryptography - An Overview
Cryptography - An Overviewppd1961
 
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxSecret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxukd789555
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityNagendra Um
 

Similaire à CNIT 141: 10. Digital Signatures (20)

computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
 
Cryptography - A Brief History
Cryptography - A Brief HistoryCryptography - A Brief History
Cryptography - A Brief History
 
Rothke Info Security Canada 2007 Final
Rothke Info Security Canada 2007 FinalRothke Info Security Canada 2007 Final
Rothke Info Security Canada 2007 Final
 
Encryption technology
Encryption technologyEncryption technology
Encryption technology
 
Data encryption
Data encryptionData encryption
Data encryption
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
 
Ch12 Encryption
Ch12 EncryptionCh12 Encryption
Ch12 Encryption
 
digital signature for SMS security
digital signature for SMS securitydigital signature for SMS security
digital signature for SMS security
 
aacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptxaacyberessential3cryptography-131067585699078884.pptx
aacyberessential3cryptography-131067585699078884.pptx
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve Lamb
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
A Survey on Generation and Evolution of Various Cryptographic Techniques
A Survey on Generation and Evolution of Various Cryptographic TechniquesA Survey on Generation and Evolution of Various Cryptographic Techniques
A Survey on Generation and Evolution of Various Cryptographic Techniques
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto library
 
Cryptography - An Overview
Cryptography - An OverviewCryptography - An Overview
Cryptography - An Overview
 
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxSecret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
 
Pki Training V1.5
Pki Training V1.5Pki Training V1.5
Pki Training V1.5
 
Encryption
EncryptionEncryption
Encryption
 
Data encryption
Data encryptionData encryption
Data encryption
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 

Plus de Sam Bowne

3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities Sam Bowne
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the ApplicationSam Bowne
 
3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)Sam Bowne
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic CurvesSam Bowne
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-HellmanSam Bowne
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1Sam Bowne
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android ApplicationsSam Bowne
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)Sam Bowne
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3Sam Bowne
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard ProblemsSam Bowne
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)Sam Bowne
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis MethodologySam Bowne
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated EncryptionSam Bowne
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)Sam Bowne
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)Sam Bowne
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream CiphersSam Bowne
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data CollectionSam Bowne
 

Plus de Sam Bowne (20)

Cyberwar
CyberwarCyberwar
Cyberwar
 
3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development Security
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the Application
 
3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic Curves
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-Hellman
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android Applications
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)
 
10 RSA
10 RSA10 RSA
10 RSA
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard Problems
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis Methodology
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated Encryption
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream Ciphers
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection
 

Dernier

This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfChris Hunter
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIShubhangi Sonawane
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 

Dernier (20)

This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 

CNIT 141: 10. Digital Signatures

  • 1. Understanding Cryptography – A Textbook for Students and Practitioners by Christof Paar and JanPelzl www.crypto-textbook.com Chapter 10 – Digital Signatures ver. October 29, 2009 These slides were prepared by Georg Becker, Christof Paar and Jan Pelzl and modified by Sam Bowne
  • 2. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl2 Some legal stuff (sorry): Terms of Use • The slides can used free of charge. All copyrights for the slides remain with Christof Paar and Jan Pelzl. • The title of the accompanying book “Understanding Cryptography” by Springer and the author’s names must remain on eachslide. • If the slides are modified, appropriate credits to the book authorsand the book title must remain within the slides. • It is not permitted to reproduce parts or all of the slides in printedform whatsoever without written consent by the authors.
  • 3. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl3 Contents of this Chapter 10.1.2 Principles of Digital Signatures 10.1.3 Security Objectives 10.2 The RSA Digital Signature Scheme 10.3 The Elgamal Digital Signature Scheme 10.4 The Digital Signature Algorithm (DSA) 10.5 The Elliptic Curve Digital Signature Algorithm (ECDSA)
  • 4. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl4 10.1.2 Principles of Digital Signatures
  • 5. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl5 Motivation • Alice orders a pink car from the car salesman Bob • After seeing the pink car, Alice states that she never ordered it: • How can Bob prove to a judge that Alice ordered a pink car? (And that he did not fabricate the order himself) ⇒ Symmetric cryptography fails because both Alice and Bob can be malicious ⇒ Can be achieved with public-key cryptography
  • 6. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl Basic Principle of Digital Signatures 6
  • 7. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl7 Main idea • For a given message x, a digital signature is appended to the message (just like a conventional signature) • Only the person with the private key should be able to generate the signature • The signature must change for every document ⇒The signature is made from the message x and the private key ⇒The public key and the message x are the inputs to the verification function
  • 8. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl8
  • 9. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl9 10.1.3 Security Objectives
  • 10. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl Core Security Objectives 1. Confidentiality: Information is kept secret from all but authorized parties. 2. Integrity: Ensures that a message has not been modified in transit. 3. Message Authentication: Ensures that the sender of a message is authentic. An alternative term is data origin authentication. 4. Non-repudiation: Ensures that the sender of a message can not deny the creation of the message. (c.f. order of a pinkcar) 10
  • 11. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl11 Additional Security Objectives 5. Identification/entity authentication: Establishing and verification of the identity of an entity, e.g. a person, a computer, or a credit card. 6. Access control: Restricting access to the resourcesto privileged entities. 7. Availability: The electronic system is reliably available. 8. Auditing: Provides evidences about security relevant activities, e.g., by keeping logs about certainevents. 9. Physical security: Providing protection against physical tampering and/or responses to physical tampering attempts 10. Anonymity: Providing protection against discovery and misuse of identity.
  • 12. 12 1
  • 13. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl13 10.2 The RSA Digital Signature scheme
  • 14. Schoolbook RSA Digital Signature Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl14
  • 15. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl The RSA Signature Protocol 15
  • 16. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl16 Security and Performance of the RSA Signature Scheme Security: The same constrains as RSA encryption: n needs to be at least 1024 bits to provide a security level of 80 bit. ⇒ The signature, consisting of s, needs to be at least 1024 bits long Performance: The signing process is an exponentiation with the private key and the verification process an exponentiation with the public key e. ⇒ Signature verification is very efficient as a small number can be chosen for the public key.
  • 17. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl17 Attacks on the RSA Signature Scheme Counterfeit public key: Attacker publishes a public key under someone else's name Countermeasure: digital certificates and PKI Factoring n: Attacker calculates private key from public key Countermeasure: n > 1024 bits Existential forgery: Attacker starts from a signature and crafts a message that matches it Countermeasure: padding
  • 18. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl Existential Forgery Attack against RSA Digital Signature Alice Bob Kpr = d Kpub = (n, e)(n,e) 1. Choose signature: s Zn 2. Compute message: x ≡ se mod n (x,s) Verification: se ≡ x‘ mod n since se = (xd)e ≡ x mod n → Signature is valid Oscar (n,e) 18
  • 19. • But an attack can only choose the signature s and NOT the message x ⇒ Attacker cannot generate messages like „Transfer $1000 into Oscar‘s account“ Formatting the message x according to a padding scheme can be used to make sure that an attacker cannot generate valid (x,s)pairs. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl Existential Forgery and Padding • An attacker can generate valid message-signature pairs (x,s) 19
  • 20. Probabilistic Signature Standard (PSS) • Formatting rule distinguishes between valid and invalid messages • The padding includes a random salt and a hash of the message • So signing the same message twice results in different padding • Existential forgery results in a random message which is very unlikely to contain a valid hash value
  • 21.
  • 22.
  • 23. 23 4
  • 24. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl24 10.3 The Elgamal Digital Signature Scheme
  • 25. Elgamal Signatures • Generate a key pair • Choose a random ephemeral key • Calculate a signature using the private key, the ephemeral key, and the message • Receiver can verify the signature from the public key
  • 29. Security • Verifier must have correct public key • p must be 1024 bits or longer to make the DLP (Discrete Logarithm Problem) sufficiently difficult • Signer must not re-use the ephemeral key • Otherwise attacker can easily find the private key • Attacker has two equations with two unknowns • kE and d
  • 30. Existential Forgery Attack • Similar to RSA attack • Attacker can generate a valid signed message, but the plaintext is scrambled • Hashing the message before signing it makes this attack impossible
  • 31. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl31 10.4 The Digital Signature Algorithm (DSA)
  • 32. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl32 Digital Signature Algorithm (DSA) •Federal US Government standard for digital signatures (DSS) •Proposed by the National Institute of Standards and Technology (NIST) •DSA is based on the Elgamal signature scheme •Signature is only 320 bits long •Signature verification is slower compared to RSA •Far more popular than Elgamal signature, which are rarely used
  • 33. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl33 Digital Signature Algorithm (DSA) •Uses two cyclic groups •In 1024-bit version: • Larger group is near 10**1024 • Smaller group is near 2**160 • Longer keys are possible in the standard
  • 34. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl34 The Digital Signature Algorithm (DSA)
  • 35. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl35 The Digital Signature Algorithm (DSA)
  • 36. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl36 The Digital Signature Algorithm (DSA)
  • 37. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl37 Security of DSA To solve the discrete logarithm problem in p the powerful index calculus method can be applied. But this method cannot be applied to the discrete logarithm problem of the subgroupq. Therefore q can be smaller than p. p q hash output (min) security levels 1024 160 160 80 2048 224 224 112 3072 256 256 128 Standardized parameter bit lengths and security levels for theDSA
  • 38. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl38 Security of DSA Must not re-use ephemeral key Just like Elgamal signatures
  • 39. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl39 10.5 The Elliptic Curve Digital Signature Algorithm (ECDSA)
  • 40. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl40 Elliptic Curve Digital SignatureAlgorithm (ECDSA) • Based on Elliptic Curve Cryptography (ECC) • Bit lengths in the range of 160-256 bits provide security equivalent to 1024-3072 bit RSA (80-128 bit symmetric security level) • One signature consists of two points, hence the signature is twice the used bit length (i.e., 320-512 bits for 80-128 bit security level). • The shorter bit length of ECDSA often result in shorter processing time
  • 41. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl41 Elliptic Curve Digital SignatureAlgorithm (ECDSA)
  • 42. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl42 Elliptic Curve Digital SignatureAlgorithm (ECDSA)
  • 43. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl43 Security of ECDSA • It's difficult to find elliptic curves with good cryptographic properties • In practice, standard curves are used, from NIST or the Brainpool consortium
  • 44. Chapter 10 of Understanding Cryptography by Christof Paar and Jan Pelzl44 Lessons Learned • Digital signatures provide message integrity, message authentication and non- repudiation. • RSA is currently the most widely used digital signature algorithm. • Competitors are the Digital Signature Standard (DSA) and the EllipticCurve Digital Signature Standard (ECDSA). • RSA verification can be done with short public keys e. Hence, in practice, RSA verification is usually faster thansigning. • DSA and ECDSA have shorter signatures than RSA • In order to prevent certain attacks, RSA should be used withpadding. • The modulus of DSA and the RSA signature schemes should be at least 1024- bits long. For true long-term security, a modulus of length 3072 bits should be chosen. In contrast, ECDSA achieves the same security levels with bit lengthsin the range 160–256 bits.
  • 45. 45 4