Cryptography Reference
In-Depth Information
Message
Signature
1
2
hash
function
Verification
algorithm
verification key
= ?
3
Decision
Figure 7.4.
Verification of an RSA digital signature with appendix
Note again that this use of the signer's 'public' key for 'decryption' contrasts
with the use of RSA for providing confidentiality. The result of this should be
the hashed data, since the verification key should 'undo' the 'encryption' using
the signature key.
3. The verifier now compares the two results. If the hash of the received data from
step 1 matches the hashed data recovered in step 2 then the verifier accepts
the digital signature as valid, otherwise the verifier rejects the digital signature.
REASONS FOR HASHING
The only 'surprising' part of the RSA digital signature scheme with appendix is
the involvement of a hash function. The use of the hash function is essential for a
number of reasons, which we now outline:
Efficiency
. Recall that RSA operates on 'blocks' of bits, where each block is
of approximately the same size as the RSA modulus. If the data to be
signed is longer than one block then, without first hashing the data, we will
need to split the data into separate blocks, each of which will need to be
signed separately. As discussed in Section 5.4.2, RSA signature creation and
verification processes are relatively computationally expensive since they rely
on modular exponentiation. It is thus inefficient to sign (and verify) a large
amount of data using RSA. However, when using a digital signature scheme
with appendix the verifier is sent the data anyway, so it is sufficient to sign a
'representative' of the data. The hash of the data is a relatively small digest of
the data that depends on the whole data. Assuming that the hash function has
all the security properties that we discussed in Section 6.2.1, digitally signing a
hash of the data is as good as digitally signing the data itself.
