Cryptography Reference
In-Depth Information
Signer
Verifier
Message
Message
Add
padding/
redundancy
Remove
padding/
redundancy
1
4
signatur
e
key
verification
key
Signature
algorithm
Verification
algorithm
2
3
Signature
Figure 7.5.
Signing and verifying using an RSA digital signature scheme with message
recovery
SIGNING AND VERIFYING USING A DIGITAL SIGNATURE SCHEME WITH
MESSAGE RECOVERY
We assume that each potential user of the scheme is equipped with an RSA
signature/verification key pair. Figure 7.5 illustrates the process of creating and
verifying an RSA digital signature with message recovery.
1. Some predefined redundancy is added to the data prior to signing. This has no
content value and will primarily be used as a means for the verifier to identify
that the recovered data is correct.
2. The formatted data (data plus redundancy) is signed using RSA. In other words,
the formatted data is 'encrypted' using the signature key of the signer. The
result of this 'encryption' is the digital signature. The digital signature is sent on
its own to the verifier (there is no need to send the data this time).
3. The verifier checks the digital signature by 'decrypting' it with the signer's
verification key. If all is well, the result is the correct formatted data.
4. The verifier removes the redundancy to extract the data from the formatted
data. If the redundancy has the expected format then the verifier accepts the
digital signature on the data as valid, otherwise the verifier rejects it.
To see why this works, suppose that an attacker intercepts the digital signature on
its way to the verifier and modifies it before sending it on to the verifier. When
the verifier 'decrypts' this modified digital signature with the signer's verification
key, for the same error propagation reasons that we discussed in Section 4.3.2
for block ciphers, the result should have no apparent relationship to the original
