Arbitrated digital signatures Signature Verification(by B) B rbr v= ekes TTP Ekch(mIIIA
11 Arbitrated Digital Signatures • Signature Verification (by B) B IB , v = EkB(s) TTP EkB(h(m)||IA )
Digital Signature Standards RSA Digital Signature ISo 9796 ansi X9. 31 CCITTX509 El gamal NIST FIPS 186 Digital Signature Standard DSS) 12
12 Digital Signature Standards • RSA Digital Signature - ISO 9796 - ANSI X9.31 - CCITT X.509 • El Gamal • NIST FIPS 186 Digital Signature Standard (DSS)
Public Key cryptography Signature schemes p be the set of all messages a be the set of signatures k be the set of all keys
13 Public Key Cryptography Signature schemes Let • P be the set of all messages • A be the set of signatures • K be the set of all keys
Basic mechanism of Signature Schemes K: a key generation algorithm to randomly select a public key pair Sig k: A signature algorithm that takes message private key as input and generates a signature for the message as output VerK: A signature verification algorithm that takes signature public key as input and generates information bit according to whether signature is consistent as output
14 Basic Mechanism of Signature Schemes • K: A key generation algorithm to randomly select a public key pair. • Sig K : A signature algorithm that takes message + private key as input and generates a signature for the message as output • Ver K : A signature verification algorithm that takes signature + public key as input and generates information bit according to whether signature is consistent as output
Attack models Total Breaking Attack The attacker knows the public key. He tries to recover the corresponding secret key Forgery Attack The attacker knows the public key. He tries to find the signature for a given message Existential Forgery attack The attacker knows the public key. He tries to find a pair of a message and its signature Chosen Message attack(CMA The attacker is able to sign messages but does not know the key used.He tries to perform the(existential) forgery or to obtain the secret key 15
15 Attack models • Total Breaking Attack - The attacker knows the public key. He tries to recover the corresponding secret key. • Forgery Attack - The attacker knows the public key. He tries to find the signature for a given message. • Existential Forgery Attack - The attacker knows the public key. He tries to find a pair of a message and its signature. • Chosen Message Attack (CMA) - The attacker is able to sign messages but does not know the key used. He tries to perform the (existential) forgery or to obtain the secret key