Cryptography Reference
In-Depth Information
the terms “encryption” and “decryption” are not quite the correct ones, so that we
shall speak rather of “generation” and “verification” of a digital signature.
A requirement for the implementation of an asymmetric encryption system
for the generation of digital signatures is that the association of D ( M ) and
M can be reliably verified. The possibility of such a verification exists if the
mathematical operations of encryption and decryption are commutative, that is,
if their execution one after the other leads to the same, original, result regardless
of the order in which they are applied:
D ( E ( M )) = E ( D ( M )) = M.
(17.2)
By application of the public key E to D ( M ) it can be checked in this case
whether D ( M ) is valid as a digital signature applied to the message M .
The principle of digital signatures has attained its present importance in two
important directions:
The laws on digital and electronic signatures in Europe and the United
States create a basis for the future use of digital signatures in legal
transactions.
The increasing use of the Internet for electronic commerce has generated a
strong demand for digital signatures for identification and authentication
of those taking part in commercial transactions, for authenticating digital
information, and for ensuring the security of financial transactions.
It is interesting to observe that the use of the terms “electronic signature” and
“digital signature” bring into focus the two different approaches to signature laws:
For an electronic signature all means of identification used by one party, such as
electronic characters, letters, symbols, and images, are employed to authenticate
a document. A digital signature, on the other hand, is realized as an electronic
authentication procedure based on information-technological processes that is
employed to verify the integrity and authenticity of a transmitted text. Confusion
arises because these two terms are frequently used interchangeably, thus mixing
up two different technical processes (see, for example, [Mied]).
While the laws on electronic signatures in general leave open just what algo-
rithms will be used for the implementation of digital signatures, most protocols
being discussed or already implemented for identification, authentication, and
authorization in the area of electronic transactions over the Internet are based
on the RSA algorithm, which suggests that it will continue to dominate the field.
The generation of digital signatures by means of the RSA algorithm is thus a
particularly current example of the application of our FLINT/C functions.
The author is aware that the following paragraphs represent a painfully brief
introduction to an enormously significant cryptographic principle. Nevertheless,
such brevity seems to be justified by the large number of extensive publications
on this topic. The reader wishing to know more is referred to [Beut], [Fumy],
 
Search WWH ::




Custom Search