Cryptography Reference
In-Depth Information
privatekey
, for the private key given either as a positive integer or a hexadecimal
string,
seed
, used to specify a random seed required for the generation of the 'per-
message secret number' and, finally,
message
, for the message to be signed given
either as a hexadecimal string or as an ordinary text string (i.e., an ASCII-8 string
without null characters). The optional keyword parameters are
messagetype
,used
to specify whether the message is hexadecimal or ordinary text and
H
for the hash
function. The output is the signature given as a two-element list
[
r
,
s
]
, where
r
and
s
are hexadecimal strings.
> DSASign := proc(domain::list, privatekey::{posint, string}, message::string,
seed::{posint,string}, {messagetype::identical(hex,text):= hex, H::name:='SHA256'})
local r, d, k, p, q, g, sec, z, invk, x, s;
d := stringposint
∼
(domain);
x := stringposint(privatekey);
p := d[1];
q := d[2];
g := d[3];
r:=0;
while r=0ors=0do
sec := DSASecretGen(domain, seed);
k := sec[1];
invk := sec[2];
r := (Power(g, k) mod p) mod q;
z := OS2IP(H(message, messagetype));
s := invk*(z+x*r) mod q
end do;
I2OSP
∼
([r, s])
end proc:
Remark 9.2
The random seed is necessary because, as mentioned when discussing
the security of Elgamal signatures, the value of
k
must remain secret in order to
prevent forgeries. Moreover, it is also important that the values of
k
used for different
messages are not repeated. Because of these requirements, a random seed of at least
128 bits should be used.
Exercise 9.12
Modify the function
DSASign
so that it does not need an external
seed supplied as input. The seed can be automatically generated within the procedure
by one of the methods used by Maple for this purpose but one should bear in mind
that the use of automatic seeding will make the scheme much less secure.
[
,
]
Exercise 9.13
The function
DSASign
outputs the signature as a list
where
r
and
s
are given as hexadecimal strings for convenience and brevity. Modify the
function in order that it gives the choice to output the signature as a list of two decimal
numbers.
r
s
We next give the function that implements the DSA verification algorithm. The
required input parameters are
domain
,
publickey
,
message
(all of which are
similar to those in the signing function, only replacing the private key by the public
key) and
signature
, used to specify the signature pair in the format output by
DSASign
. The optional keyword parameters are the same as those in the signing
function. The output of the function is
"Valid"
in case the signature is accepted
and
"Invalid"
otherwise.
