The Background Of The Digital Signature

Published Date: 02 Nov 2017

DIGITAL SIGNATURE

Abstract-Digital signature are used in message transmission to verify the identity of the sender and ensure that a message has not been modified after signing. RSA algorithm is extensively used in the popular implementations of Public Key Infrastructures. In this paper, we have develop a new algorithm for generating signature that overcomes the shortcomings of the RSA system (longer processing time & computational overheads ).In addition, the new algorithm achieve high security for digital signature. The performance of the two public key cryptosystem ( RSA and DSS) and the new algorithm has been implemented and compared. The results obtained show that signing and verification operations are faster in the case of using new algorithm than in the case of RSA and DSS . Also it can forbid any one from reaching the sender's message because with the new algorithm an intruder cannot pose the message sent since the sender’s private key is unknown for him. Accordingly, the sender can not be impersonated. On the receiver part, the message is verified by using sender’s public key and his private key to decrypt the message successfully.

APPLICATIONS SUCH AS banking, stock trading, and the sale and purchase of merchandise are increasingly emphasizing electronic transactions to minimize operational costs and provide enhanced services. This has led to phenomenal increases in the amounts of electronic documents that are generated, processed, and stored in computers and transmitted over networks. This electronic information handled in these applications is valuable and sensitive and must be protected against tampering by malicious third parties (who are neither the senders nor the recipients of the information). Sometimes, there is a need to prevent the information or items related to it (such as date/time it was created, sent, and received) from being tampered with by the sender (originator) and/or the recipient.

Key words-Cryptography, RSA, DSS, PKC and DSA.

Introduction

Data communication is an important aspect of our living. So, protection of data from misuse is essential. A cryptosystem defines a pair of data transformations called encryption and decryption. Encryption is applied to the plain text i.e. the data to be communicated to produce cipher text (encrypted data) using encryption key. Decryption uses the decryption key to convert cipher text to plain text (the original data). Now, if the encryption key and the decryption key is the same or onecan be derived from the other then it is said to be symmetric cryptography. This type of cryptosystem can be easily broken if the key used to encrypt or decrypt can be found. To improve the protection mechanism Public Key Cryptosystem was introduced in 1976 by Whitfield Diffe and Martin Hellman of

Stanford University . It uses a pair of related keys one for encryption and other for decryption. One key, which is called the private key, is kept secret and other one known as public key is disclosed .

Basic idea of digital signatures is each signer has a unique key called private key. There is also other part of key called public key. Whenever singer has to authenticate a document it creates a bit string called signature by applying his private key on the message or some hashed image of message.

In cryptology, RSA is an algorithm for public-key encryption Based on integer factorization system. It was the first known algorithm suitable for signing as well as encryption, and is considered a one of the first great advances in public key cryptography. RSA is still widely used in electronic commerce protocols, and is believed to be secure if and only if long keys strategy is kept.

DSS defines the Digital Signature Algorithm (DSA), which functions in a manner similar to RSA.

Digital signatures, which are nothing but a string of ones and zeroes generated by using a digital signature algorithm, serve the purpose of validation and authentication of electronic documents . Validation refers to the process of certifying the contents of the document, while authentication refers to the process of certifying the sender of the document.

A digital signature, as shown in fig 1, takes the concept of traditional paper-based signing and turns it into a digital "fingerprint". Digital signature software enables you to easily migrate from cumbersome paperbased processes to a secure and efficient paper-free environment

Fig.1 Signature on the document

Conventional and digital signature characteristics

A conventional signature has the following salient characteristics: relative ease of establishing that the signature is authentic, the difficulty of forging a signature, the nontransferability of the signature, the difficulty of altering the signature, and the nonrepudiation of signature to ensure that the signer cannot later deny signing. A digital signature should have all the aforementioned features of a conventional signature plus a few more as digital signatures are being used in practical, but sensitive, applications such as secure e-mail and credit card transactions over the Internet. Since a digital signature is just a sequence of zeroes and ones, it is desirable for it to have the following properties: the signature must be a bit pattern that depends on the message being signed (thus, for the same originator, the digital signature is different for different documents); the signature must use some information that is unique to the sender to prevent both forgery and denial; it must be relatively easy to produce; it must be relatively easy to recognize and verify the authenticity of digital signature.

Identify applicable sponsor/s here. If no sponsors, delete this text box. (sponsors)Basic notions and terminology

Digital signatures are computed based on the documents (message/ information) that need to be signed and on some private information held only by the sender. In practice, instead of using the whole message, a hash function is applied to the message to obtain the message digest. A hash function, in this context, takes an arbitrary- sized message as input and produces a fixed-size message digest as output. Among the commonly used hash functions in practice are MD-5 (message digest 5) and SHA (secure hash algorithm).

These algorithms are fairly sophisticated and ensure that it is highly improbable for two different messages to be mapped to the same hash value.

There are two broad techniques used in digital signature computationâ€"symmetric key cryptosystem and public-key cryptosystem (cryptosystem broadly refers to an encryption technique). In the symmetric key system, a secret key known only to the sender and the legitimate receiver is used. However, there must be a unique key between any two pairs of users. Thus, as the number of user pairs increases, it becomes extremely difficult to generate, distribute, and keep track of the secret keys.

A public key cryptosystem, on the other hand, uses a pair of keys: a private key, known only to its owner, and a public key, known to everyone who wishes to communicate with the owner.

For confidentiality of the message to be sent to the owner, it would be encrypted with the owner’s public key, which now could only be decrypted by the owner, the person with the corresponding private key. For purposes of authentication, a message would be encrypted with the private key of the originator or sender, who we will refer to as A. This message could be decrypted by anyone using the public key of A. If this yields the proper message, then it is evident that the message was indeed encrypted by the private key of A, and thus only A could have sent it.

Creating and verifying a digital signature

A hash function is applied to the message that yields a fixed-size message digest. The signature function uses the message digest and the sender’s private key to generate the digital signature. A very simple form of the digital signature is obtained by encrypting the message digest using the sender’s private key. The message and the signature can now be sent to the recipient. The message is unencrypted and can be read by anyone. However, the signature ensures authenticity of the sender (something similar to a circular sent by a proper authority to be read by many people, with the signature attesting to the authenticity of the message). At the receiver, the inverse signature function is applied to the digital signature to recover the original message digest. The received message is subjected to the same hash function to which the original message was subjected . The resulting message digest is compared with theone recovered from the signature. If they match, then it ensures that the message has indeed been sent by the (claimed) sender and that it has not been altered.

PROBLEM STATEMENT

RSA is a highly secure algorithm .The only known

way to attack it is to perform a "brute-force" attack on

the modulus. This attack can be easily defeated by

simply increasing the key size [10]. However, this

approach can lead to a number of problems:

• Increased processing time â€" as a rough guide ,

decryption time increases 8-fold as key sizes

double .

• Computational Overheads â€" the computation

required to perform the public key and private key

transformations.

Equations

KEY GENERATION

Suppose a user A wishes to allow B sends a private

message over an insecure transmission medium. A & B

take the following algorithm to generate a public key

and a private key.

INPUT : Bit length of modulus, k.

OUTPUT: Public key (E; N), and private key (D; N).

1) Generate prime numbers ( Pa )and ( P b )of bit

length [k/2]

2) Generate prime numbers ( Q a ) and ( Q b )of bit

length k â€" [k/2]

3) Compute N 􀃅 P . Q for both a & b

4) Select E to be an integer, where GCD(e ; (P - 1) .

(Q - 1)) = 1

5) Compute D such that E . D ≡ 1 (mod (P - 1) . (Q -

1))

6) Return ((Ea; Na ); (D a ;Na) for A And (( E b; N b );

(D b ;N b)) for B

SIGNATURE GENERATION

INPUT : Private Key (Da ; Na) for the sender, Public key (Eb ; Nb) for the receiver , and message to be signed, M.

OUTPUT: s, signature of M

1) A 􀃅 h(M) E b (mod N b)

2) S 􀃅 A D a mod Na.

3) Return (s)

A common hash algorithm used is SHA-1

SIGNATURE VERIFICATION

INPUT : Private Key (Db; N b) for the receiver, Public

key (E a ;N a)for

the sender , message(M) and signature (S).

OUTPUT: VALID or INVALID.

1) B 􀃅 SEa mod Na

2) Q 􀃅 BDb mod N b

3) If Q = h(M), Return VALID

Else, Return INVALID

EXPERIMENTAL RESULTS

To test and compare the performance characteristics of the RSA, DSS, and proposed signature algorithms, we developed three programs using C++ language to implement them . Then we test each of the three main components (key generation, signature generation and signature verification) in each program independently.

A public versus a private approach to digital signatures

Another way of classifying digital signature schemes is based on whether a private-key system or a public-key system is used. The public-key system based digital signatures have several advantages over the private-key system based digital signatures. The two most popular and commonly used public-key system based digital signature schemes are the RSA (named after Rivest, Shamir, and Aldeman, the inventors of the RSA public-key encryption scheme) and the digital signature algorithm (DSA) approaches. The DSA is incorporated into the Digital Signature Standard (DSS),

which was published by the National Institute of Standards and Technology as the Federal Information Processing Standard. It was first proposed in 1991, revised in 1993, and further revised with minor changes in 1996. RSA is a commonly used scheme for digital signatures. In a broad outline of the RSA approach, the message to be signed is input to a hash function that produces a secure hash code of fixed length. This hash code is then encrypted using the sender’s private key to form the signature. Both the signature and the message are then concatenated and transmitted.

The recipient takes the message and produces a hash code. The recipient also decrypts the signature using the sender’s public key. If the calculated hash code matches the decrypted signature, the signature is accepted as valid. This is because only the sender knows the private key, and thus only the sender could have produced a valid signature. The signature generation and verification using RSA is identical to the schemes shown in Figs. 1 and 2, respectively.

The signing process in DSS (using DSA) is shown in Fig. 7. The DSA approach also makes use of a hash function. The hash code is provided as input to a signature function together with a random number generated for this particular signature. The signature function also uses the sender’s private key and a set of parameters known to a group of communicating parties, referred to as global public key. The output signature consists of two components. The signature verification process is shown in Fig. 8. At the receiving end, the hash code of the incoming message is generated and input to a verification function, together with the two components of the signature.

The verification function uses the global public key as well as sender’s public key and recreates (one of the two components of) the original digital signature. A match between the recreated and the original signature indicates the authenticity of the signature. The signature function is such that it assures the recipient that only the sender, with the knowledge of the private key, could have produced the valid signature. The basis of the RSA scheme is the difficulty of factoring of large prime numbers. That of the DSA scheme is the difficulty of computing discrete logarithms. The DSA provides only the signature function where as the RSA scheme could additionally provide encryption and key exchange. The signature verification using the RSA scheme is about 100 times faster than a DSA scheme. The signature generation is slightly faster in the DSA scheme.

Digital signatures in real applications

Increasingly, digital signatures are being used in secure e-mail and credit card transactions over the Internet. The two most common secure e-mail systems using digital signatures are Pretty Good Privacy and Secure/Multipurpose Internet Mail Extension. Both of these systems support the RSA as well as the DSS-based signatures. The most widely used system for the credit card transactions over the Internet is Secure Electronic Transaction (SET). It consists of a set of security protocols and formats to enable prior existing credit card payment infrastructure to work on the Internet. The digital signature scheme used in SET is similar to the RSA scheme.

Conclusions

Many traditional and newer businesses and applications have recently been carrying out enormous amounts of electronic transactions, which have led to a critical need for protecting the information from being maliciously altered, for ensuring the authenticity, and for supporting nonrepudiation. Just as signatures facilitate validation and verification of the authenticity of paper documents, digital signatures serve the purpose of validation and authentication of electronic documents. This technology is rather new and emerging and is expected to experience growth and widespread use in the coming years. The results obtained show that RSA signature generation is significantly slower than the developed signature generation algorithm. The cost of signature generation can be considered as a factor in the choice of signature systems. Thus, the proposed signature cost is lower than RSA signature. With the proposed algorithm achieve high security for digital signature in addition to decrease processing time and computational overheads. And an intruder cannot pose the message sent since the sender’s private key is unknown for him. Accordingly, the sender can not be impersonated. On the receiver part, the message is verified by using sender’s public key and his private key to decrypt the message successfully. General speaking, in RSA, signature generation is faster than signature verification, and in DSS, signature verification is faster than signature generation. The proposed algorithm is overall faster than both RSA and DSS.