Ds over

140580702005 DIGITAL SIGNATURE
1
1. Introduction
The authenticity of many legal, financial, and other documents is determined by the presence or
absence of an authorized handwritten signature. The recipient of the signed document can verify
the claimed identity of the sender using the signature. Also, if the sender later repudiates the
contents of the document, then recipient can use the signature to prove the validity of the document.
With the computerized message systems replacing the physical transport of paper and ink
documents, an effective solution for authentication of the electronic data is necessary. Various
methods have been devised to solve this problem, but the use of ‘digital signature’ is definitely the
best solution amongst them.
A digital signature is nothing but an attachment to any piece of electronic information, which
represents the content of the document and the identity of the originator of that document uniquely.
The digital signature is intended for use in electronic mail, electronic funds transfer, electronic
data interchange, software distribution, data storage, and other applications which require data
integrity assurance and data origin authentication.
When a message is received, the recipient may desire to verify that the message has not been
altered in transit. Furthermore, the recipient may wish to be certain of the originator's identity.
Both of these services can be provided by the digital signature. A digital signature is an electronic
analogue of a written signature in that the digital signature can be used in proving to the recipient
or a third party that the message was, in fact, signed by the originator. Digital signatures may also
be generated for stored data and programs so that the integrity of the data and programs may be
verified at any later time.
Although there are various approaches to implement the digital signature, this report discusses the
‘Digital Signature Standard’. The Digital Signature Standard, created by the NIST, specifies DSA
as the algorithm for digital signatures and SHA-1 for hashing. It specifies the Digital Signature

2
Algorithm (DSA) which is appropriate for applications requiring a digital rather than written
signature. The DSA is considered as the standard procedure to generate and verify digital
signatures. A DSA digital signature is a pair of large numbers represented in a computer as strings
of binary digits.
The first section of this report deals with the basic requirements for using the digital signature. The
next sections contain detailed explanation of the process of generation and verification of the
digital signature. In addition to this the applications of the digital Signature are also discussed. The
report also focuses on some legal aspects of digital signature, with reference to the Information
Technology Act. The use of digital signature has been illustrated with an example in a practical
scenario.
This report is an attempt to make the readers familiar with the concepts related to the digital
signature and give them an idea of usefulness of a digital signature in the world of electronic
information exchange.

3
2.Digital Signature
2.1 Why Digital Signature?
Message authentication protects two parties who exchange messages from any third party.
However it does not protect two parties against each other. Several forms of disputes between the
two are possible.
For example suppose that john sends an authenticated message to Mary,using one of the
schemes.Following dispute that could arise :
1. Mary may forge a different message and claim that it can come from John.Mary would simply
have to create a message and append an authentication code using the key that John and Mary
share.
2. John can deny sending the message.Because it is possible for Mary to forge a message there
is no way to prove that John did in fact send the message.
Both scenarios are of legitmate concern.Here is an example of the first scenario:An electronic fund
transfer take place and the receiver increases the amount of fund transferred and claims that larger
amount had arrived from the sender.An example of the second scenarios is that an electronic mail
message contains instruction to a stockbroker for a transdaction that subsequently turns out
badly.The sender pretend that the message never sent.
In situation where there is not complete trust between sender and receiver,something more than
authentication is needed .The most attractive solution to this problem is the digital signature .The
digital signature is analogus to the handwritten signature

4
2.2 What Is Digital Signature?
Basically, the idea behind digital signatures is the same as your handwritten signature. You use it
to authenticate the fact that you promised something that you can't take back later. A digital
signature doesn't involve signing something with a pen and paper then sending it over the Internet.
But like a paper signature, it attaches the identity of the signer to a transaction. Having a digital
certificate is like using your driver's license to verify your identity. You may have obtained your
license from Maryland, for example, but your Maryland license lets you drive in Nevada and
Florida. Similarly, your digital certificate proves your online identity to anybody who accepts it.
The term digital signature encompasses a great many variety of ”signatures”. Electronic signat ures
are simply an electronic confirmation of identity. This definition is deliberately broad enough to
encompass all forms of electronic identification, from biometric signatures such as iris scans and
fingerprints to non-biometric signatures, such as digital signatures.
A digital signature can also be used to verify that information has not been altered after it was
signed. A digital signature is an electronic signature to be used in all imaginable type of electronic
transfer. Digital signature significantly differs from other electronic signatures in term of process
and results. These differences make digital signature more serviceable for legal purposes.
Digital signatures are based on mathematical algorithms. These require the signature holder to
have two keys (one private and the public) for signing and verification .A verifiable trustworthy
entity called certification authority creates and distributes signatures. A digital signature is a
cryptographic means through which many of these may be verified. The digital signature of a
document is a piece of information based on both the document and the signer’s private key. It is
typically created through the use of a hash function and a private signing function (encrypting with
the signer’s private key).
Digital Signatures and hand – written signatures both rely on the fact that it is very hard to find
two people with the same signature. People use public –key cryptography to compute digital
signatures by associating something unique with each person. When public-key cryptography is

5
used to encrypt a message, the sender encrypts the message with the public key of the intended
recipient.
When public -key cryptography is used to calculate a digital signature, the sender encrypts the
“digital fingerprint” of the document with his or her own private key. Anyone with access to the
public key of the signer may verify the signature.
In practice, public-key algorithms are often too inefficient for signing long documents. To save
time, digital signature protocols use a cryptographic digest, which is a one-way hash of the
document. The hash is signed instead of the document itself. Both the hashing and digital signature
algorithms are agreed upon beforehand.
Here is a summary of the process:
1. A one-way hash of the document is produced.
2. The hash is encrypted with the private key, thereby signing the document.
3. The document and the signed hash are transmitted.
4. The recipient produces a one-way hash of the document.
5. Using the digital signature algorithm, the recipient decrypts the signed hash with the sender's
public key.
2.2.1 Adding key to the digital signature Process

6
2.2 Signing the digest
If the signed hash matches the recipient's hash, the signature is valid and the document is intact.
There is a potential problem with this type of digital signature. Alice not only signed the message
she intended to but also signed all other messages that happen to hash to the same message digest.
When two messages hash to the same message digest it is called a collision; the collision- free
properties of hash functions are a necessary security requirement for most digital signature
schemes. A hash function is secure if it is very time consuming, if at all possible, to figure out the
original message given its digest.
However, there is an attack called the birthday attack that relies on the fact that it is easier to find
two messages that hash to the same value than to find a message that hashes to a particular value.
Its name arises from the fact that for a group of 23 or more people the probability that two or more
people share the same birthday is better than 50%.
When software (code) is associated with publisher’s unique signature, distributing software on the
Internet is no longer an anonymous activity. Digital signatures ensure accountability, just as a
manufacturer’s brand name does on packaged software.
If an organization or individual wants to use the Internet to distribute software, they should be
willing to take responsibility for that software. This is based on the premise that accountability is
a deterrent to the distribution of harmful code.

7
3. Basic Requirements
Any individual who wishes to use the digital signature must have a unique private key for
generation of the signature. The recipients who receive digitally signed messages must have the
public key, corresponding to the private key used for the generation of the digital signature, for
verification of the signature. Also the recipients must obtain the digital signature certificate which
acts as a proof of the association between the public key and the private key. Once all these
requirements are satisfied, then only the subscriber can use the digital signature.
3.1 Scenario
Private Key:
The private key is one which is accessible only to the signer. It is used to generate the digital
signature which is then attached to the message. It is very important to have a unique private key
for each user, so that the signature generated by that key for a given message can not be duplicated
by any other key.
The security of a digital signature system is dependent on maintaining the secrecy of users' private
keys. Users must therefore guard against the unauthorized acquisition of their private keys.

8
Public Key:
The public key is made available to all those who receive the signed messages from the sender. It
is used for verification of the received message. Although the public key is uniquely associated
with the private key, there is no recognizable similarity between them. This is done purposefully
to avoid discovery of the private key from the public key. Thus the holder of a public key can just
verify the message received from the sender. Any person who digitally signs his messages must
distribute the public key to the recipients of his messages, so that they can verify the validity of these
messages.
Digital Signature Certificate:
A subscriber of the private key and public key pair makes the public key available to all those who
are intended to receive the signed messages from the subscriber. But in case of any dispute between
the two sides, there must be some entity with the receiver which will allow the receiver of the
message to prove that the message was indeed sent by the subscriber of the key pair.
This can be done with the Digital Signature Certificate. This certificate lists the subscriber’s public
key. So, it acts as a binding between the private and public keys. Any message verified by the
public key listed on the certificate is implicitly assumed to be signed and sent by the corresponding
subscriber.
A digital signature certificate is issued by the Certifying Authority to the applicants. For obtaining
this certificate the applicant must produce the private key and public key pair before the certifying
authority. After checking the functioning of the key pair the certifying authority issues a certificate
to the applicant.

9
3.2 Digital Signature Certificate

10
4.HOW THE TECHNOLOGY WORKS
Digital signatures require the use of public-key cryptography .If you are going to sign something,
digitally, you need to obtain both a public key and a private key. The private key is something you
keep entirely to yourself.
Generating a Private and Public Key
For digitally sign documents, David needs to obtain a Private and Public Key – a one-time process
, it’s done by Secured Signing Service while user registered. The Private Key isn’t shared and is
used only by David sign documents. The Public Key is available for all, used for validate the
signatory’s digital signature. [9]
Digitally Signing Document
Create a digital signature
A unique document’s hash that represent the document is created using a math scheme.
Added the signature to the document
The hash result and the user’s digital certificate that includes user’s Public Key are mixed into a
digital signature; it’s done by using the user’s Private Key to encrypt the document hash. The
Certificate
Authority
Private &
Public keys
Certificate Users

11
resulting signature is unique to both the document and the user. Finally, the digital signature is
embedded to the document.
David sends the signed document to Donna. Donna uses David’s public key (which is included
in the signature within the Digital Certificate) to authenticate David’s signature and to ensure the
document didn’t alter after it was signed.
Donna:
1. Document validation process starts
2. Decrypts David’s digital signature with his Public Key and gets sent document
3. Compares David’s document hash with Donna calculated Has –Donna calculates the
document hash of the received document and compares it with the hash document in the
digital signature. If both hashes are same, the signed document has not been altered.[9]
Fig.4.1 Signing document
Signing the document:

12
Fig.: 4.2 verifying Document
Certificate Authority (CA)
CA issued certificates to ensure the authenticity of the signatories. Certificates are similar to ID
Document. When you want to identify a user in the system you check his certificate. This
certificate issued in registration process once all require information filled in. In PKI world the CA
uses the CA’s certificate for authenticating user’s identity. [9]
Verify Signed Document

13
5.APPROACHES
A variety of approaches have been proposed for digital signature function. These approaches fall
into two categories:
 Direct approach
 Arbitrated approach
5.1 Direct digital signature:
A direct digital signature involves only the communication parties (source and destination). It is
assumed that the destination knows the public key of the source. A digital signature may be formed
by encrypting the entire message with the sender’s private key or by encrypting the hash code of
the message with the sender’s private key.
Confidentiality can be provided by further encrypting the entire message plus signature with either
the receiver’s public key or a shared secret key. It is important to perform the signature function
first and then an outer confidentiality function.
In case of dispute some third party must view the message and signature. If the signature is
calculated on an encrypted message, the third party also needs access to the decryption key to read
the original message.
All direct schemes described so far have a common flaw:[4]
The validity of the scheme depends on the security of the sender’s private key. If a sender later
wishes to deny sending a particular message, he can claim that the private key was lost or stolen
and that someone else forged his signature.

14
Administrative controls relating to the security of private keys can be employed to thwart or at
least weaken this ploy. One example is to require every signed message to include a timestamp
(date and time) and to require prompt reporting to compromise keys by a central authority.c
Another threat is that the private key might be stolen from sender X at time T. The opponent can
then send a message signed with X’s signature and stamped with a time before or equal to T.
5.2 Arbitrated digital signature:
The problems associated with direct digital signatures can be addressed by using an arbiter. As
with direct signature schemes, there are a variety of arbitrated signature schemes. In general terms,
these all operate as follows: every signed message from sender X to the receiver Y goes first to the
arbiter A, who subjects the message and its signature to the number of tests to check its origin and
content.
The message is then dated and sends to Y with an indication that it has been verified to the
satisfaction of the arbiter. With the presence of arbiter A, there are no chances of a sender X to
disowning the message, as is the case with the direct digital signatures.
The arbiter plays a crucial role in arbitrated digital signatures and all parties must have a great deal
of trust that the arbitration mechanism working properly. The use of a trusted system might satisfy
this requirement. An arbitrated digital-signature scheme has advantages over a direct digital-
signature scheme such as the trust in communications between the parties provided by the trusted
arbiter and in the arbitration of later disputes if any.[7]

15
6. Digital Signature Standard
The National Institute of Standards and Technology has published Federal Information processing
standards Publications (FIPS PUBS), known as digital signature standard. This Standard specifies
algorithms for applications requiring a digital signature, rather than a written signature. A digital
signature is represented in a computer as a string of bits. A digital signature is computed using a
set of rules and a set of parameters that allow the identity of the signatory and the integrity of the
data to be verified. Digital signatures may be generated on both stored and transmitted data.
Signature generation uses a private key to generate a digital signature; signature verification uses
a public key that corresponds to, but is not the same as, the private key. Each signatory possesses
a private and public key pair. Public keys may be known by the public; private keys are kept secret.
Anyone can verify the signature by employing the signatory’s public key. Only the user that
possesses the private key can perform signature generation.
A hash function is used in the signature generation process to obtain a condensed version of the
data to be signed; the condensed version of the data is often called a message digest. The message
digest is input to the digital signature algorithm to generate the digital signature. The hash functions
to be used are specified in the Secure Hash Standard (SHS), FIPS 180. FIPS approved digital
signature algorithms shall be used with an appropriate hash function that is specified in the SHS.
The digital signature is provided to the intended verifier along with the signed data. The verifying
entity verifies the signature by using the claimed signatory’s public key and the same hash function
that was used to generate the signature. Similar procedures may be used to generate and verify
signatures for both stored and transmitted data.[8]

16
6.1 using SHA with DSA

17
7.PURPOSE OF DIGITAL SIGNATURE
 Signer authentication :
If public and private keys are associated with an identified signer, the digital signature attributes
the message to the signer. The digital signature cannot be forged, unless the signer loses control
of the private key.
 Message authentication :
Digital signature identifies the signed message with far greater certainty and precision than paper
signatures. Verification reveals any tempering since the comparison of hash result shows whether
the message is the same as when signed.
 Non-repudiation :
Creating a digital signature requires the signer to use his private key. This alters the signer that he
is consummating a transaction with legal consequences, decreasing the chances of litigation later
on.
 Integrity :
Digital signature creation and verification processes provide a high level of assurance that the
digital signature is that of the signer. Compared to tedious and labor intensive paper methods,
such as checking signature cards, digital. Signatures yield a high degree of assurance without
adding resources for processing.

18
8. Digital Signature Algorithm
A digital signature is computed using a set of parameters and authenticates the integrity of the
signed data and the identity of the signatory. An algorithm provides the capability to generate and
verify signature. Signature generation makes use of a private key to generate a digital signature.
Signature verification makes use of a public key, which corresponds to, but is not the same as, the
private key. Each user possesses a private and public key pair. Public keys are assumed to be
known to the public in general. Private keys are never shared. Anyone can verify the signature of
a user by employing that user public key. Only the possessor of the user private key can perform
signature generation.
A hash function is used in the signature generation process to obtain a condensed version of data,
called a message digest. The message digest is then input to the digital signature algorithm to
generate the digital signature. The digital signature is sent to the intended verifier along with the
message. The verifier of the message and signature verifies the signature by using the sender’s
public key.
DSA Parameters:
 p = a prime modulus, where 2L-1 < p < 2L for 512 ≤ L ≤ 1024 and L is a multiple of 64. So
L will be one member of the set {512, 576, 640, 704, 768, 832, 896, 960, 1024}
 q = a prime divisor of p-1, where 2159 < q < 2160
Generation of Prime p and q
The prime generation scheme starts by using the SHA and a user supplied SEED to
construct a prime, q, in the range 2159 < q < 2160 . Once this is accomplished, the same
SEED value is used to construct an X in the range 2L-1 < X < 2L . The prime, p, is then
formed by rounding X to a number congruent to 1 mod 2q as described below. An integer

19
x in the range 0 ≤ x < 2 g may be converted to a g-long sequence of bits by using its binary
expansion as shown below:
x = x1* 2g-1 + x2* 2g-2 + ... + xg-1* 2 + xg -> { x1,..., xg }.
Conversely, a g-long sequence of bits { x1,..., xg } is converted to an integer by the rule
{ x1,..., xg } -> x1* 2g-1 + x2* 2g-2 + ... + xg-1* 2 + xg.
Note that the first bit of a sequence corresponds to the most significant bit of the
corresponding integer and the last bit to the least significant bit.
Let L -1 = n* 160 + b, where both b and n are integers and 0 ≤ b < 160.
Step 1. Choose an arbitrary sequence of at least 160 bits and call it SEED. Let g be the
length of SEED in bits.
Step 2. Compute
U = SHA-1[ SEED] XOR SHA-1[( SEED+ 1) mod 2 g ].
Step 3. Form q from U by setting the most significant bit (the 2159 bit) and the least
significant bit to 1. In terms of Boolean operations, q = U OR 2159 OR 1. Note that 2159
< q < 2160 .
Step 4. Use a robust primality testing algorithm to test whether q is prime 1 .
Step 5. If q is not prime, go to step 1.
Step 6. Let counter = 0 and offset = 2.
Step 7. For k = 0,..., n let
Vk = SHA-1[( SEED + offset + k) mod 2g ].
1 A robust primality test is one where the probability of a non-prime number passing the
test is at
most 2-80
Step 8. Let W be the integer
W = V0 + V1* 2160 + ... + Vn-1* 2(n-1)* 160 + (Vn mod 2b ) * 2n* 160
and let X = W + 2L-1 . Note that 0 ≤ W < 2L-1 and hence 2L-1 ≤ X < 2L .
Step 9. Let c = X mod 2q and set p = X -(c -1). Note that p is congruent to 1 mod 2q.
Step 10. If p < 2L-1 , then go to step 13.
Step 11. Perform a robust primality test on p.
Step 12. If p passes the test performed in step 11, go to step 15.
Step 13. Let counter = counter + 1 and offset = offset + n + 1.

20
Step 14. If counter ≥ 212 = 4096 go to step 1, otherwise (i. e. if counter < 4096) go to step
7.
Step 15. Save the value of SEED and the value of counter for use in certifying the proper
generation of p and q.
 g = h(p-1)/ q mod p, where h is any integer with 1 < h < p -1 such that h(p-1)/ q mod p>1
(g has order q mod p)
 x = a randomly or pseudo randomly generated integer with 0 < x < q
 y = gx mod p
 k = a randomly or pseudo randomly generated integer with 0 < k < q
The parameters p, q, and g are made public. The users will have the private key, x, and the public key y.
The parameters x and k are used for signature generation and must be kept private and k will be randomly
or pseudorandomly generated for each signature. This part seems to be straightforward so far.
The signature of the message M will be a pair of the numbers r and s which will be computed from the
following equations.
r = (gk
mod p) mod q
s = (k-1
(SHA(M) + xr)) mod q
k-1
is the multiplicative inverse of k (mod q). The value of SHA(M) is a 160-bit string which is converted
into an integer according to the SHS standard. Then the signature is sent to the verifier.
Verification:
Before getting the digitally signed message the receiver must know the parameters p,q, g, and the sender’s
public key y.
We will let M′, r′, s′ be the received versions of M, r, and s. To verify the signature the verifying program
must check to see that 0 < r′ < q and 0 < s′ < q and if either fails the signature should be rejected. If both
of the conditions are satisfied then we will compute
w = (s′)-1
mod q
u1 = ((SHA(M′))w) mod q

21
u2 = ((r′)w) mod q
v = (((g)u1
(y)u2
) mod p) mod q
Then if v = r′ then the signature is valid and if not then it can be assumed that the data may have been
changed or the message was sent by an impostor.[11]
8.1 RSA Digital Signature Algorithm
8.1.1 Key generation:
Key generation in the RSA digital signature scheme is exactly the same as key generation in the
RSA. RSA involves a public key and a private key. The public key can be known by everyone and
is used for encrypting messages. Messages encrypted with the public key can only be decrypted in
a reasonable amount of time using the private key.
The keys for the RSA algorithm are generated the following way:
 CHOOSE two distinct prime numbers p and q. For security purposes, the integers p and q
should be chosen at random, and should be of similar bit-length. Prime integers can be
efficiently found using a primarily test.
 COMPUTE n = pq. n is used as the modulus for both the public and private keys. Its length,
usually expressed in bits, is the key length.
 COMPUTE (n) = (p)(q) = (p 1)(q 1) = n - (p + q -1), where is Euler’s totient function.
 CHOOSE an integer e such that 1 ¡ e ¡(n) and gcd(e, (n)) = 1; i.e., e and (n) are co-prime.
e is released as the public key exponent. e having a short bit-length and small Hamming
weight results in more efficient encryption most commonly 216 + 1 = 65,537. However,
much smaller values of e (such as 3) have been shown to be less secure in some settings.

22
 Determine d as d e1 (mod (n)); i.e., d is the multiplicative inverse of e (modulo (n)). This
is more clearly stated as: solve for d given de 1 (mod (n)) This is often computed using
the ex- tended Euclidean algorithm. Using the pseudo code in the Modular integers
section, inputs a and n correspond to e and (n), respectively. d is kept as the private key
exponent.
8.1.2 Encryption:
Alice transmits her public key (n, e) to Bob and keeps the private key secret. Bob then wishes to
send message M to Alice. He first turns M into an integer m, such that 0 m ¡ n by using an agreed-
upon reversible protocol known as a padding scheme. He then computes the cipher text c
corresponding to
This can be done quickly using the method of exponentiation by squaring. Bob then transmits c to
Alice. Note that at least nine values of m will yield a cipher text c equal to but this is very unlikely
to occur in practice.
8.1.1 RSA Digital Signature Scheme
8.1.3 Decryption
Alice can recover m from c by using her private key exponent d via computing.

23
Given m, she can recover the original message M by reversing the padding scheme.
Example:
As a trivial example, suppose that Alice chooses p = 823 and q = 953, and calculates n = 784319.
The value of f(n) is 782544. Now she chooses e = 313 and calculates d = 160009. At this point key
generation is complete. Now imagine that Alice wants to send a message with the value of M =
19070 to Bob. She uses her private exponent, 160009, to sign the message:
Alice sends the message and the signature to Bob. Bob receives the message and the signature. He
Calculates
accepts the message because he has verified Alices signature
8.1.2The RSA signature on the message digest
When the digest is signed instead of the message itself, the susceptibility of the RSA digital
signature scheme depends on the strength of the hash algorithm.

24
8.2 ElGamal Digital Signature Algorithm
8.2.1 Key generation
The key generator works as follows:
Alice generates an efficient description of a cyclic group G of order q with generator g. See below
for a discussion on the required properties of this group.
 Alice chooses a random x from (1,(q-1)).
 Alice computes h=gx.
 Alice publishes h, along with the description of G,p,g, as her public key. Alice retains x as
her private key which must be kept secret.
8.2.2 Encryption
 The encryption algorithm works as follows: to encrypt a message to Alice under her public
key(G,q,g,h),
 Bob chooses a random x from1..,q-1, then calculates c1=gy.
 Bob calculates the shared secret s=hy.
 Bob converyts his secret message m into an element m of G.
 Bob calculates c2=m.s.
 Bob sends the cipher text (c1,c2)= (gy,m.hy)= (gy;m:(gx)y) to Alice.
Note that one can easily find hy if one knows m. Therefore, a new y is generated for every message
to improve security. For this reason, is also called an ephemeral key.
8.2.3 Decryption
The decryption algorithm works as follows: to decrypt a cipher text with her private key x, Alice
calculates the shared secret s=c1x and then computes m=c2.s�1 which she then converts back into
the plaintext message m, wheres�1 is the inverse of s in the group G. (E.g. modular multiplicative

25
inverse if G is a subgroup of a multiplicative group of integers modulo n). The decryption
algorithm produces the intended message, since m’=c2.s-1 = (m.hy. (gx.y)-1) = (m.g – xy.g(xy))
8.2.1 ElGamal digital signature scheme

26
9.Attacks and Forgeries
If the digital signing process is not secure, attackers can create fake signatures or misuse authentic
signatures, bringing the system and potentially the organization into disrepute. Failure to maintain
adequate documentation and certification for policies and practices associated with digital signing
and key management could result in signatures failing to be accepted in any given jurisdiction,
thereby negating their value to the organization. Some digital signing processes can be
computationally intensive, slowing down business processes and limiting their ability to scale.
Here A denotes the user whose signature method is being attacked, and C denotes the attacker.
9.1 Attack Types[4]
 Key-Only Attack: C only knows A’s public key..
 Known-Message Attack: C is given access to a set of messages and their signatures.
 Generic Chosen-Message Attack: C chooses a list of messages before attempting to
breaks A’s signature scheme, independent of A’s public key. C then obtains from A valid
signatures for the chosen messages. The attack is generic, because it does not depend on
A’s public key; the same attack is used against everyone.
 Directed chosen message attack: Similar to the generic attack, except that the list of
messages to be signed is chosen after C knows A’s public key but before any signatures
are seen.
 Adaptive chosen message attack: C is allowed to use A as an “oracle.” This means that
C may request from A signatures of messages that depend on previously obtained message-
signature pairs.
9.2 Forgery Types[4]
C can do any of the following with a non-negligible probability.
 Total break: C determines A’s private key.

27
 Universal forgery: C finds an efficient signing algorithm that provides an equivalent way
of constructing signatures on arbitrary messages.
 Selective forgery: C forges a signature for a particular message chosen by C.
 Existential forgery: C forges a signature for at least one message. C has no control over
the message. Consequently, this forgery may only be a minor nuisance to A.

28
10.APPLICATIONS OF DIGITAL
SIGNATURES
10.1 APPLICATIONS
The scope of Digital Signature is not just limited to exchange of messages. The handwritten
signature is commonly used in all kinds of applications to prove the identity of the signer
.
In the same way, a digital signature can be used for all kinds of electronic records. Any field in
which the integrity and validity of the data is crucial, can make use of a Digital Signature. Here
we discuss a few of these applications.
Digital Signature is a process that guarantees that the contents of a message have not been altered
in transit. When you, the server, digitally sign a document, you add a one-way hash (encryption)
of the message content using your public and private key pair.Your client can still read it, but the
process creates a ”signature” that only the server’s public key can decrypt. The client, using the
server’s public key, can then validate the sender as well as the integrity of message contents.
Whether it’s
 an email
 an online order
 or a watermarked photograph on eBay
if the transmission arrives but the digital signature does not match the public key in the digital
certificate, then the client knows that the message has not been altered.
10.1.1 Electronic Mail

29
When we send an e-mail to a mailbox, it is desired that the owner of the mailbox should get the e-
mail in its original form. If during transport, the content changes either accidentally or due to
intrusion by a third party, then the receiving end should be able to recognize this change in the
content.
Also no person should be able to send e-mail in the disguise of another person. Both these factors
are taken care of by the Digital signature. Any change in the e-mail will affect the message digest
generated by the SHA and thus the digital signature will be marked as unverified. So the recipient
will reject that message.
10.1.2 Data storage
This is one more interesting application of Digital Signature. Suppose a large amount of data is
stored on a computer. Only authorized people are allowed to make changes to the data. In such
case, along with the data, a signature can also be stored as an attachment.
This signature is generated from the data digest and the private key. So if any changes are made in
the data by some unauthorized person, then they will get easily recognized at the time of signature
verification and thus that copy of data will be discarded.
10.1.3 Electronic funds transfer
Applications like online banking, e-commerce come under this category. In these applications the
information being exchanged by the two sides is vital and thus extreme secrecy and authenticity must
be maintained.
A digital signature can ensure the authentication of the information but, the secrecy should be
maintained by using some encryption techniques. So before generating the message digest, the message
should be encrypted.
Then the digital signature is generated and attached to the message. At the receiving end after
verification of signature, the message is decrypted to recover the original message

30
10.1.4 Software Distribution
Software developers often distribute their software using some electronic media, for example, the
internet. In this case, in order to ensure that the software remains unmodified and its source is genuine,
Digital Signature can be used.
The developer signs the software and the users verify the signature before using it. If signature gets
verified, then only the users can be sure about the validity of that software.
10.1.5 SMART CARDS
A smart card is a plastic card, the size and shape of a credit card, with an embedded computer chip.
Its an old idea the first patents were filed 20 years ago but practical limitations made them feasible
only five or so years ago. Since then they have taken off, mostly in Europe. Many countries use
smart cards for pay telephones. There are also smart credit cards, smart cash cards, smart
everything cards. The U.S. credit-card companies are looking at the technology, and within a few
years even backwards Americans will have smart cards in their wallets.
A smart card contains a small computer (usually an 8-bit microprocessor), RAM (about a quarter
kilobyte), ROM (about 6 or 8 kilobytes), and either EPROM or EEPROM (a few kilobytes). Future
generation smart cards will undoubtedly have more capacity, but some physical limitations on
smart cards make expansion difficult. The card has its own operating system, programs, and data.
(What it doesn’t have is power; that comes when the card is plugged in to a reader.) And it is
secure. In a world where you might not trust someone else’s computer or telephone or whatever,
you can still trust a card that you keep with you in your wallet. Smart cards can have different
cryptographic protocols and algorithms programmed into them. They might be configured as an
electronic purse, and be able to spend and receive digital cash. They may be able to perform zero-
knowledge authentication protocols; they may have their own encryption keys. They might be able
to sign documents, or unlock applications on a computer. Some smart cards are assumed to be

31
tamperproof; this often protects the institution that issues the cards. A bank wouldn’t want you to
be able to hack their smart card to give yourself more money.
10.1.6 MITRENET
One of the earliest implementations of public-key cryptography was the experimental system
MEMO (MITRE Encrypted Mail Office). MITRE is a DoD contractor, a government think tank,
and an al laround bunch of smart guys. MEMO was a secure electronic mail system for users in
the MITRENET network, using public-key cryptography for key exchange and DES for file
encryption. In the MEMO system, all public keys are stored in a Public Key Distribution Center,
which is a separate node on the network. They are stored in an EPROM to prevent anyone from
changing them. Private keys are generated by users or by the system. For a user to send secure
messages, the system first establishes a secure communications path with the Public Key
Distribution Center. The user requests a file of all public keys from the Center. If the user passes
an identification test using his private key, the Center sends this list to the users workstation. The
list is encrypted using DES to ensure file integrity.
10.1.7 ISDN
Bell-Northern Research developed a prototype secure Integrated Services Digital Network (ISDN)
telephone terminal [499, 1192, 493, 500]. As a telephone, it was never developed beyond
prototype. The resulting product was the Packet Data Security Overlay. The terminal uses Diffie-
Hellman key exchange, RSA digital signatures, and DES data encryption; it can transmit and
receive voice and data at 64 kilobits per second.
10.1.8 TIME STAMPED SIGNATURES

32
Sometimes a signed document needs to be time stamped to prevent it from being replaced by an
adversary. This is called time-stamped digital signature scheme.
10.1.9 BLIND SIGNATURES
Sometimes we have a document that we want to get signed without revealing the contents of the
document to the signer.
10.2 Benefits of digital signatures
These are common reasons for applying a digital signature to communications: Authentication
Although messages may often include information about the entity sending a message, that
information may not be accurate. Digital signatures can be used to authenticate the source of
messages. When ownership of a digital signature secret key is bound to a specific user, a valid
signature shows that the message was sent by that user. The importance of high confidence in
sender authenticity is especially obvious in a financial context. For example, suppose a bank’s
branch office sends instructions to the central office requesting a change in the balance of an
account. If the central office is not convinced that such a message is truly sent from an authorized
source, acting on such a request could be a grave mistake. Integrity
In many scenarios, the sender and receiver of a message may have a need for confidence that the
message has not been altered during transmission. Although encryption hides the contents of a
message, it may be possible to change an encrypted message without understanding it. (Some
encryption algorithms, known as nonmalleable ones, prevent this, but others do not.) However, if
a message is digitally signed, any change in the message will invalidate the signature. Furthermore,
there is no efficient way to modify a message and its signature to produce a new message with a
valid signature, because this is still considered to be computationally infeasible by most
cryptographic hash functions.

33
10.3 Drawbacks of digital signatures
Although the digital signature technique is a very effective method of maintaining integrity and
authentication of data, there are some drawbacks associated with this method. They are discussed
in this section.
1. The private key must be kept in a secured manner. The loss of private key can cause severe
damage since, anyone who gets the private key can use it to send signed messages to the public
key holders and the public key will recognize these messages as valid and so the receivers will feel
that the message was sent by the authentic private key holder.
2. The process of generation and verification of digital signature requires considerable amount of
time. So, for frequent exchange of messages the speed of communication will reduce.
3. When the digital signature is not verified by the public key, then the receiver simply marks the
message as invalid but he does not know whether the message was corrupted or the false private
key was used.
4. For using the digital signature the user has to obtain private and public key, the receiver has to
obtain the digital signature certificate also. This requires them to pay additional amount of money.
5.If a user changes his private key after every fixed interval of time, then the record of all these
changes must be kept. If a dispute arises over a previously sent message then the old key pair needs
to be referred. Thus storage of all the previous keys is another overhead.

34
11. Challenges and Opportunities
The prospect of fully implementing digital signatures in general commerce presents both benefits
and costs. The costs consist mainly of:
 Institutional overhead: The cost of establishing and utilizing certification authorities,
repositories, and other important services, as well as assuring quality in the performance
of their functions.
 Subscriber and Relying Party Costs: A digital signer will require software, and will
probably have to pay a certification authority some price to issue a certificate. Hardware to
secure the subscriber's private key may also be advisable. Persons relying on digital
signatures will incur expenses for verification software and perhaps for access to
certificates and certificate revocation lists (CRL) in a repository.
On the plus side, the principal advantage to be gained is more reliable authentication of messages.
Digital signatures if properly implemented and utilized offer promising solutions to the problems
of:
 Imposters, by minimizing the risk of dealing with imposters or persons who attempt to
escape responsibility by claiming to have been impersonated
 Message integrity, by minimizing the risk of undetected message tampering and forgery,
and of false claims that a message was altered after it was sent.

35
Conclusion
Digital signatures are difficult to understand. Digital signatures will be championed by many
players that the public distrusts, including national security agencies, law enforcement agencies,
and consumer marketing companies. Digital signatures will inevitably be associated with cards.
Digital signatures will inevitably be associated with biometric identifiers.
As a result, it appears that digital technology is rapidly becoming pervasive, the public not find
this comforting. They will demand explicit privacy protections, far more substantial than the weak
and patchy regime that is presently in place.
The protections are also quite inadequate, though promising in some respects. Successful
implementation of digital signatures will require far more attention to privacy issues by policy-
makers and business interests.

36
References
1. Digital Signature Algorithm Based on Hash Round Function and Self-Certified Public
Key System; Chen Hai-peng, Education Technology and Computer Science, 7-8 March
2009
2. ISO/IEC 29192-3. Information technology Security techniques Lightweight cryptography
Part 3: Stream ciphers. International Organization for Standardization, 2012.
3. Computer network by Andrew S. Tanenbaum
4. Cryptography and Network security by William Stallings
5. www.google.com
6. www.yahoo.com
7. IEEE POTENTIALS by S.R. Subramanya and Byung K. Yi , 2006
8. FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION ,Digital
Signature Standard (DSS),2013
9. http://www.securedsigning.com/resources/intro-to-digital-signatures
10. www.studymafia.com
11. www.iup.edu/WorkArea/DownloadAsset.aspx?id=61199

Ds over

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (19)

En vedette

En vedette (9)

Similaire à Ds over

Similaire à Ds over (20)

Dernier

Dernier (20)

Ds over