Digital Signatures - Understanding Cryptography

Cryptography Reference

In-Depth Information

Table 10.3 Bit lengths and security levels of ECDSA

q

Hash output (min) Security levels

192

96

224

112

256

128

384

192

512

256

10.6 Discussion and Further Reading

Digital Signature Algorithms The first practical realization of digital signatures

was introduced in the original paper by Rivest, Shamir and Adleman [143]. RSA

digital signatures have been standardized by several bodies for a long time, see,

e.g., [95]. RSA signatures were, and in many cases still are, the de facto standard

for many applications, especially for certificates on the Internet.

The Elgamal digital signature was published in 1985 in [73]. Many variants of

this scheme are possible and have been proposed over the years. For a compact

summary, see [120, Note 11.70].

The DSA algorithm was proposed in 1991 and became a US standard in 1994.

There were two possible motivations for the government to create this standard as an

alternative to RSA. First, RSA was patented at that time and having a free alternative

was attractive for US industry. Second, an RSA digital signature implementation

can also be used for encryption. This was not desirable (from the US government

viewpoint) since there were still rather strict export restrictions for cryptography

in the US at that time. In contrast, a DSA implementation can only be used for

signing and not for encryption, and it was easier to export systems that only included

signature functionality. Note that DSA refers to the digital signature algorithm , and

the corresponding standard is referred to as DSS, the digital signature standard .

Today, DSS includes not only the DSA algorithm but also ECDSA and RSA digital

signatures [126].

In addition to the algorithms discussed in this chapter, there exist several other

schemes for digital signatures. These include, e.g., the Rabin signature [140], the

Fiat-Shamir signature [76], the Pointcheval-Stern signature [134] and the Schnorr

signature [150].

Using Digital Signatures With digital signatures, the problem of authentic public

keys is acute: How can Alice (or Bob) assure that they possess the correct public

keys for each other? Or, phrased differently, how can Oscar be prevented from in-

jecting faked public keys in order to perform an attack? We discuss this question in

detail in Chap. 13, where certificates are introduced. Certificates are based on digital

signatures and are one of the main applications of digital signatures. They bind an

identity (e.g., Alice's e-mail address) to a public key.

One of the more interesting interactions between society and cryptography is

digital signature laws. They basically assure that a cryptographic digital signature

has a legally binding meaning. For instance, an electronic contract that was digitally

Understanding Cryptography

Search WWH ::

Custom Search

Home