Cryptography Reference
In-Depth Information
Basic Digital Signature Protocol
Alice
Bob
generate
k
pr
,
B
,
k
pub
,
B
k
pub
,
B
←−−−−−−−−−−−−
publish public key
sign message:
s
= sig
k
pr
(
x
)
(
x
,
s
)
←−−−−−−−−−−−−
send message + signature
verify signature:
ver
k
pr
,
B
(
x
,
s
)=true/false
From this set-up, the core property of digital signatures follows: A signed mes-
sage can unambiguously be traced back to its originator since a valid signature can
only be computed with the unique signer's private key. Only the signer has the abil-
ity to generate a signature on his behalf. Hence, we can
prove
that the signing party
has actually generated the message. Such a proof can even have legal meaning, for
instance, as in the Electronic Signatures in Global and National Commerce Act (ES-
IGN) in the USA or in the
Signaturgesetz
, or Signature Law, in Germany. We note
that the basic protocol above does not provide any confidentiality of the message
since the message
x
is being sent in the clear. Of course, the message can be kept
confidential by also encrypting it, e.g., with AES or 3DES.
Each of the three popular public-key algorithm families, namely integer factor-
ization, discrete logarithms and elliptic curves, allows us to construct digital signa-
tures. In the remainder of this chapter we learn about most signature schemes that
are of practical relevance.
10.1.3 Security Services
It is very instructive to discuss in more detail the security functions we can achieve
with digital signatures. In fact, at this point we will step for a moment away from
digital signature and ask ourselves in general: What are possible
security objectives
that a security system might possess? More accurately the objectives of a security
systems are called
security services
. There exist many security services, but the most
important ones which are desirable in many applications are as follows:
1.
Confidentiality:
Information is kept secret from all but authorized parties.
2.
Integrity:
Messages have not been modified in transit.
3.
Message Authentication:
The sender of a message is authentic. An alternative
term is
data origin authentication
.
4.
Nonrepudiation:
The sender of a message can not deny the creation of the mes-
sage.
Different applications call for different sets of security services. For instance, for
private e-mail the first three functions are desirable, whereas a corporate e-mail sys-
