Cryptography Reference
In-Depth Information
Table 7.1:
Comparison of requirements between digital signature and public-key
encryption schemes
Digital signature scheme requirements
Public-key encryption scheme requirements
Only the holder of a secret can digitally sign
some data
'Anyone' can encrypt some data
'Anyone' can verify that a digital signature
is valid
Only the holder of a secret can decrypt some
encrypted data
the basic requirements for a public-key encryption scheme that we discussed in
Section 5.1.2.
The respective requirements are so similar that it seems natural to attempt to
use a public-key cryptosystem in some way to produce a digital signature scheme.
The most naive method of trying to produce a digital signature scheme would be
to start with a public-key cryptosystem and for each user to:
• somehow use the private decryption key of the public-key cryptosystem to
create digital signatures;
• somehow use the public encryption key of the public-key cryptosystem to
verify digital signatures.
This compelling approach, in some cases, almost works. However, there are several
reasons why this approach is indeed 'naive':
Technical constraints
. We have to check that the technical details (the underlying
mathematics) makes sense if the roles of these two keys are reversed. In
particular, if encryption and decryption are very different operations then
it may not be possible just to swap the keys around in this manner.
Processing constraints
. In the event that the technical details do still work,
the roles may only easily reverse for 'textbook' versions of the cryptographic
primitives. Real versions, based on accepted standards, often involve additional
processing stages (adding padding, for example) that will not enable the
operations to be swapped around so easily.
Key management constraints
. It is not wise to use the same keys for two
different applications.We will discuss this issue inmore detail in Section 10.6.1,
although it can easily be addressed by having two pairs of keys, one for
decryption/encryption and one for signing/verifying.
Nonetheless, this naive approach certainly looks promising. We will see shortly
that for the 'textbook' RSA cryptosystem, the underlying mathematics does in fact
allow this role reversal of the keys. Hence this approach does form the basis for
RSA digital signature schemes.
