Presented By Asha Liza John MPhil CS3, IIITMK Digital Signature Algorithm
Presented By
Asha Liza John
MPhil CS3, IIITMK
Digital Signature Algorithm
Digital Signature Standard (DSS)
US Govt. approved signature scheme
Designed by NIST in early 90’s
Published as FIPS 186 in 1991
Revised in 1993, 1996, 2000, 2009, 2013
Uses the SHA hash algorithm
DSS is the standard. DSA is the algorithm
DSA algorithm is used for digital signature only
DSS vs. RSA Signature
Digital Signature Algorithm (DSA)
Creates a 320-bit signature
Variant of ElGamal
Security depends on difficulty in computing
discrete logarithms.
DSA Key Generation
Shared global public key values (p,q,g) :
Choose 160-bit prime number q
Choose a large prime p with 2L-1 < p < 2L
Where 512 ≤ L ≤ 1024 and L≡ 0 (mod 64)
Also, q is a 160 - bit prime factor of (p-1)
Choose g = h(p-1)/q mod p
Where 1 < h < p-1 and h(p-1)/q mod p >1
Users choose private key & compute public key :
Choose random private key x < q
Compute public key y = gx mod p
DSA Signature Generation
To sign a message M the sender :
Generates a random signature key k, k < q
Note : k is destroyed after use and never reused
Then computes signature pair :
r = (gk mod p) mod q
s = [k-1(H(M) + xr)] mod q
Sends signature (r,s) with message M
DSA Signature Verification
To verify a signature recipient
computes :
w = (s’)-1 mod q
u1 = [H(M’)w] mod q
u2 = (r’w) mod q
v = [ (gu1yu2) mod p] mod q
If v=r’ then signature is
verified
Example
Key Generation
Let q=3, x=2,k=1, H(M) = 11
q is a prime factor of p-1. So p=nq+1 = 2(3)+1 = 7
g = h(p-1)/q mod p
= 26/3 mod 7
= 22 mod 7 = 4
y = gx mod p
= 42 mod 7
= 16 mod 7 = 2
Signature Generation
Send r=1, s=1 and message M.
r = (gk mod p) mod q
= (41 mod 7) mod 3
= 4 mod 3 = 1
s = [k-1(H(M)+xr)] mod q
= [4*(11+(2*1))] mod 3
= [4*13] mod 3
= 52 mod 3 = 1
Note : k*k-1 ≡ 1 mod q
⇒ 1* k-1≡ 1 mod 3
⇒ k-1 = 4 ;
Example
Signature Verification
Receives values M’= M, s’=s, r’=r.
Calculate w, u1, u2 and v as follows and check if v=r :
Example
w = (s)-1 mod q
= (1)-1 mod 3
= 4 mod 3 = 1
u1 = [ H(M)*w] mod q
= [11*1] mod 3
= 11mod 3 = 2
u2 = (r*w) mod q
= (1*1) mod 3
= 1 mod 3 = 1
v = [(gu1yu2) mod p] mod q
= [(42*21) mod 7] mod 3
= [32 mod 7] mod 3
= 4 mod 3 = 1 Here, v=r so signature is verified.
How v = r ??
y(rw) mod q mod p = g(xrw) mod q mod p
Proof
How v = r ??
For any integer t, if g = h(p–1)/q mod p then gt mod p = gt mod q mod p
Proof
By Fermat's theorem (Chapter 8), because h is relatively prime to
p, we have Hp–1 mod p = 1. Hence, for any nonnegative integer n
How v = r ??
For any integer t, if g = h(p–1)/q mod p then gt mod p = gt mod q mod p
Proof (Cont’d…)
How v = r ??
For nonnegative integers a and b:
g(a mod q + b mod q) mod p = g(a+b) mod q mod p
Proof
How v = r ??
((H(M) + xr)w) mod q = k
Proof(Cont’d)
How v = r ??
((H(M) + xr)w) mod q = k
Proof
How v = r ??