Cryptography Reference
In-Depth Information
signed can be enforced in the same way as a conventionally signed contract. Around
the turn of the millennium, many nations introduced corresponding laws. This was at
a time that the “brave new world” of the Internet had opened up seemingly endless
opportunities for doing business online, and digital signature laws seemed to be
crucial to allow trusted business transactions via the Internet. Examples of digital
signature laws are the Electronic Signatures in Global and National Commerce Act
(ESIGN) in the US [138], or the corresponding directive of the European Union
[133]. A good online source for more information is the Digital Law Survey [167].
Even though much electronic commerce is today conducted without making use of
signature laws, there will be without doubt more and more situations where those
laws are actually needed.
One crucial issue when using digital signatures in the real world is that the private
keys, especially if used in a setting with legal significance, have to be kept strictly
confidential. This requires a secure way to store this delicate key material. One
way to satisfy this requirement is to employ smart cards that can be used as secure
containers for secret keys. A secret key never leaves the smart card, and signatures
are performed within the CPU inside the smart card. For applications with high
security requirements, so called tamper-resistant smart cards are protected against
several types of hardware attacks. Reference [141] provides excellent insight into
the various facets of the highly sophisticated smart card technology.
10.7 Lessons Learned
Digital signatures provide message integrity, message authentication and nonre-
pudiation.
One of the main application areas of digital signatures is certificates.
RSA is currently the most widely used digital signature algorithm. Competitors
are the Digital Signature Standard (DSA) and the Elliptic Curve Digital Signature
Standard (ECDSA).
The Elgamal signature scheme is the basis for DSA. In turn, ECDSA is a gener-
alization of DSA to elliptic curves.
RSA verification can be done with short public keys e . Hence, in practice, RSA
verification is usually faster than signing.
DSA and ECDSA have the advantage over RSA in that the signatures are much
shorter.
In order to prevent certain attacks, RSA should be used with padding.
The modulus of DSA and the RSA signature schemes should be at least 1024-
bits long. For true long-term security, a modulus of length 3072 bits should be
chosen. In contrast, ECDSA achieves the same security levels with bit lengths in
the range 160-256 bits.
Search WWH ::




Custom Search