Cryptography Reference
In-Depth Information
• an attacker persuades a verifier to use an incorrect verification key;
• a second preimage is found for the underlying hash function;
• an attacker extracts the signature key from a smart card on which it is stored;
• an attacker persuades the signer to digitally sign some fraudulent data;
• a flaw in the RSA algorithm is found that compromises the digital signature
scheme security.
6
. There are several reasons why it is good practice to separate RSA digital
signature key pairs and RSA encryption key pairs.
(a) If Alice is using the same RSA key pair for both digital signatures and
encryption, explain how Bob could forge Alice's signature on a message
of his choice if Alice is 'foolish' enough to help him.
(b) Why is this a more powerful attack than the existential forgery that we
described in Section 7.3.4?
(c) What other reasons are there for keeping these key pairs separate?
7
. The Digital Signature Algorithm (DSA) is related to ElGamal.
(a) Is the DSA a digital signature scheme with appendix or with message
recovery?
(b) Explain how to generate a DSA signature/verification key pair.
(c) Describe the process of creating a DSA signature.
(d) Describe the process of verifying a DSA signature.
(e) What is the basis for the security of DSA?
(f) Provide a short comparison of the DSA and RSA digital signature schemes.
8
. What key lengths and lengths of hash function outputs would you currently
recommend for use with digital signatures based on:
(a) RSA?
(b) DSA?
(c) ECDSA?
9
. Digital signature schemes with message recovery rely on the data being signed
having some structured redundancy added to the data prior to being input into
the signing algorithm.
(a) Explain why this redundancy is necessary.
(b) Find out how this redundancy is added for a particular digital signature
scheme with message recovery that has been standardised by a recognised
standards body.
10
.
It is possible that an application using public-key cryptography might require
both confidentiality and data origin authentication of a message to be
provided. One possible solution is to use a signcryption scheme. Prepare a
short report on signcryption schemes, which includes information about how
they work, the extent to which they are being standardised, and potential
applications.
