Ch. 13 Digital Signatures

13.1 Digital Signatures

Properties
- Must verify author, date, and time
- must authenticate contents at the time of the signature
- must be verifiable by third parties to resolve disputes
Attacks and Forgeries (C is the attacker, A is the user whose signature is being attacked)
- Key-only attack: C only knows A’s public key
- Known message attack: C has a set of messages and their signatures
- Generic chosen message attack: C chooses a list of messages independent from A’s public key. C then obtains valid signatures from A
- Directed chosen message attack: Same as generic chosen but C already knows A’s public key
- Adaptive chosen message attack: C can use A as an “oracle” meaning C may request from A signatures of messages that depend on previously obtained message-signature pairs
Requirements
- Signature must be a bit pattern that depends on the message being signed
- Signature must use some information known only to the signer to prevent forgery
- It must be easy to produce the signature
- it must be easy to recognize and verify the signature
- it must be infeasible to forge a signature
- it must be practical to retain a copy of a signature in storage
Direct Digital Signature
- A Digital Signature that only involves the source and destination

13.2 ElGamal Digital Signature Scheme

13.3 Schnorr Digital Signature Scheme

13.4 NIST Digital Signature Algorithm

The DSA Approach
- hash code and a random number are taken as inputs as well as the user’s private key. At the receiving end, the hash code is generated. The hash and the signature are used as inputs to the verification function. The output is a value equal to the signature component if the signature is valid
The Digital Signature Algorithm
- DSA is based on the difficulty of computing discrete logarithms

13.5 Elliptic Curve Digital Signature Algorithm

13.6 RSA-PSS Digital Signature Algorithm