Cryptography Reference
In-Depth Information
•
Generate
(1
n
)
is a probabilistic key generation algorithm that takes as input
a security parameter
1
n
and generates as output a signing key
k
−
1
and a
verification key
k
. Again, both keys represent the public key pair
(
k, k
−
1
)
.
•
Sign
(
k
−
1
,m
)
is a deterministic or probabilistic signature generation algo-
rithm that takes as input a signing key
k
−
1
and a message
m
, and that gener-
ates as output a digital signature
s
giving message recovery.
•
Recover
(
k, s
)
is a deterministic message recovery algorithm that takes as
input a verification key
k
and a digital signature
s
, and that generates as
output either the message that is digitally signed or a notification indicating
that the digital signature is invalid. This means that
Recover
(
k, s
)
must yield
m
if and only if
s
is a valid digital signature for message
m
and verification
key
k
.
So for every public key pair
(
k, k
−
1
)
and every possible message
m
,
Recover
(
k,
Sign
(
k
−
1
,m
))
must yield
m
.
Note that the
Generate
algorithms are basically the same for both a DSS with
appendix and a DSS giving message recovery, and that the
Sign
algorithms are at
least structurally the same. The major difference is with the
Verify
and
Recover
algorithms.
With the proliferation of the Internet in general, and Internet-based electronic
commerce in particular, digital signatures and the legislation thereof have become
important and very timely topics. In fact, many DSSs with specific and unique
properties have been developed, proposed, and published in the literature. The
most important examples are overviewed, discussed, and put into perspective in
Chapter 15. Unfortunately, digital signatures (and their mathematical properties) are
sometimes also overrated as proofs or pieces of evidence.
2.3.3
Key Agreement
If two or more entities want to employ and make use of secret key cryptography,
then they must share a secret parameter or cryptographic key. Consequently, in
a large system many secret keys must typically be generated, stored, managed,
and destroyed in a highly secure way. If, for example,
n
entities want to securely
communicate with each other, then there are
