L15 Digital Signatures

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/7

flashcard set

Earn XP

Description and Tags

Real-world and digital signatures. RSA signatures, attacks, and padding schemes.

Last updated 5:14 PM on 5/16/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

8 Terms

1
New cards

What does a digital signature provide that a MAC does not?

Non-repudiation.

With a MAC, either party could have generated it (since both share the key).

With a digital signature using asymmetric cryptography, only the signer’s private key could have produced the signature - so the signer cannot deny having signed

2
New cards

What are the three properties a digital signature scheme provides?

  • Authenticity - confirms who sent it

  • Integrity - message hasn’t been changed

  • Non-repudiation - sender cannot deny signing

3
New cards

How does RSA signing work (in general)?

The signer uses their private key to produce a signature from the message

The verifier uses the signer’s public key to verify it

Only the private key holder can sign, but anyone with the public key can verify

4
New cards

Why is it efficient to keep e (the public exponent) small in RSA signatures?

Verification uses the public exponent e and is performed far more than signing.

A small e makes verification fast, which is important for performance at scale

<p>Verification uses the public exponent e and is performed far more than signing.</p><p>A small e makes verification fast, which is important for performance at scale</p>
5
New cards

What is a signature forgery?

The ability to create a valid (message, signature) pair for a message that was never signed by the legitimate signer.

Replaying a previous observed (m, s) pair does not count

6
New cards

What is an existential forgery in RSA?

An attacker with the public key can pick a random s and compute m’, producing a valid (m’, s) pair - without knowing the private key.

The message m’ is meaningless, but it’s technically a valid forgery. This shows why you must hash and pad messages before signing.

7
New cards

How does padding *like adding structured bits) help prevent signature forgeries?

If valid signatures must conform to a specific format, a random formed message is extremely unlikely to match it.

The probability of a successful forgery is approximately 2^-y, where y is the number of enforced padding bits

8
New cards

What is the difference between PKCS v1.5 and PSS padding for RSA signatures?

PKCS v1.5 is a deterministic scheme - signing the same message always gives the same signature

PSS (Probabilistic Signature Scheme) adds a random salt, so repeated signings of the same message gives different signatures - providing stronger security guarantees.

<p>PKCS v1.5 is a deterministic scheme - signing the same message always gives the same signature</p><p>PSS (Probabilistic Signature Scheme) adds a random salt, so repeated signings of the same message gives different signatures - providing stronger security guarantees.</p>