![ElGamal Digital Signatures
• T. Elgamal announced a public-key scheme based on discrete
logarithms, closely related to the Diffie-Hellman technique [ELGA84,
ELGA85].
• The ElGamal encryption scheme is designed to enable encryption by a
user's public key with decryption by the user's private key.
• The ElGamal signature scheme involves the use of the private key for
encryption and the public key for decryption.
• The ElGamal cryptosystem is used in some form in a number of
standards including the digital signature standard (DSS) and the
S/MIME email standard.](https://image.slidesharecdn.com/informationandnetworksecurity44directdigitalsignatures-210723174902/85/Information-and-network-security-44-direct-digital-signatures-7-320.jpg)
Information and network security 44 direct digital signatures
- 1. Information and Network Security:44 Direct Digital Signatures Prof Neeraj Bhargava Vaibhav Khanna Department of Computer Science School of Engineering and Systems Sciences Maharshi Dayanand Saraswati University Ajmer
- 2. Digital Signature Requirements must depend on the message signed must use information unique to sender to prevent both forgery and denial must be relatively easy to produce must be relatively easy to recognize & verify be computationally infeasible to forge with new message for existing digital signature with fraudulent digital signature for given message be practical save digital signature in storage
- 3. Direct Digital Signatures • involve only sender & receiver • assumed receiver has sender’s public-key • digital signature made by sender signing entire message or hash with private-key • can encrypt using receivers public-key • important that sign first then encrypt message & signature • security depends on sender’s private-key
- 4. Direct Digital Signatures • The term direct digital signature refers to a digital signature scheme that involves only the communicating parties (source, destination). • It is assumed that the destination knows the public key of the source. Direct Digital Signatures involve the direct application of public-key algorithms involving only the communicating parties. • A digital signature may be formed by encrypting the entire message with the sender’s private key, or by encrypting a hash code of the message with the sender’s private key.
- 5. Direct Digital Signatures • Confidentiality can be provided by further encrypting the entire message plus signature using either public or private key schemes. • It is important to perform the signature function first and then an outer confidentiality function, since in case of dispute, some third party must view the message and its signature. But these approaches are dependent on the security of the sender’s private-key. • Will have problems if it is lost/stolen and signatures forged. The universally accepted technique for dealing with these threats is the use of a digital certificate and certificate authorities.
- 6. ElGamal Digital Signatures • signature variant of ElGamal, related to D-H • so uses exponentiation in a finite (Galois) • with security based difficulty of computing discrete logarithms, as in D-H • use private key for encryption (signing) • uses public key for decryption (verification) • each user (eg. A) generates their key • chooses a secret key (number): 1 < xA < q-1 • compute their public key: yA = a xA mod q
- 7. ElGamal Digital Signatures • T. Elgamal announced a public-key scheme based on discrete logarithms, closely related to the Diffie-Hellman technique [ELGA84, ELGA85]. • The ElGamal encryption scheme is designed to enable encryption by a user's public key with decryption by the user's private key. • The ElGamal signature scheme involves the use of the private key for encryption and the public key for decryption. • The ElGamal cryptosystem is used in some form in a number of standards including the digital signature standard (DSS) and the S/MIME email standard.
- 8. ElGamal Digital Signature • Alice signs a message M to Bob by computing • the hash m = H(M), 0 <= m <= (q-1) • chose random integer K with 1 <= K <= (q-1) and gcd(K,q-1)=1 • compute temporary key: S1 = a k mod q • compute K-1 the inverse of K mod (q-1) • compute the value: S2 = K-1(m-xAS1) mod (q-1) • signature is:(S1,S2) • any user B can verify the signature by computing • V1 = a m mod q • V2 = yA S1 S1 S2 mod q • signature is valid if V1 = V2
- 9. ElGamal Digital Signature • To sign a message M, user A first computes the hash m = H(M), such that m is an integer in the range 0 <= m <= q – 1. A then forms a digital signature as shown. • The basic idea with El Gamal signatures is to again choose a temporary random signing key, protect it, then use it solve the specified equation on the hash of the message to create the signature (in 2 pieces). • Verification consists of confirming the validation equation that relates the signature to the (hash of the) message
- 10. ElGamal Signature Example • use field GF(19) q=19 and a=10 • Alice computes her key: • A chooses xA=16 & computes yA=10 16 mod 19 = 4 • Alice signs message with hash m=14 as (3,4): • choosing random K=5 which has gcd(18,5)=1 • computing S1 = 10 5 mod 19 = 3 • finding K-1 mod (q-1) = 5-1 mod 18 = 11 • computing S2 = 11(14-16.3) mod 18 = 4 • any user B can verify the signature by computing • V1 = 10 14 mod 19 = 16 • V2 = 43.34 = 5184 = 16 mod 19 • since 16 = 16 signature is valid
- 11. Assignment • What are the properties and requirements for a digital signature? • Explain ElGamal Digital Signature