1 / 13

第四章 數位簽章

第四章 數位簽章. 數位簽章. ‧ RSA Digital Signature (R. L. Rivest, A. Shamir, and L. M. Adleman, 1978) ‧ElGamal Digital Signature (T. ElGamal, 1985) ‧ Schnorr’s Digital Signature (C. P. Schnorr, 1989) ‧ Blind Signature (D. Chaum, 1983). Introduction.

vallee
Télécharger la présentation

第四章 數位簽章

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 第四章 數位簽章

  2. 數位簽章 ‧RSA Digital Signature (R. L. Rivest, A. Shamir, and L. M. Adleman, 1978) ‧ElGamal Digital Signature (T. ElGamal, 1985) ‧Schnorr’s Digital Signature (C. P. Schnorr, 1989) ‧Blind Signature (D. Chaum, 1983)

  3. Introduction • Three Basic Services of Cryptography • 1. Secrecy (provided by cryptosystems) • 2. Authenticity (provided by digital signature scheme) • 3. Integrity (provided by digital signature scheme) • Two Famous Digital Signature Schemes • 1. RSA Digital signature scheme (based on the factorization problem) • 2. ElGamal digital signature scheme (based on the discrete logarithm)

  4. Introduction • Applications: • Blind signature (for electronic commerce)

  5. Introduction The Model of Digital Signature Signer’s public key Signer’s secret key Verification Function Sign Function Message Signature Message Message Check Message=?Message

  6. RSA Public Key Cryptosystem and Digital Signature Scheme • Rivest, Shamir, and Adleman proposed in 1978 • RSA Public Key Cryptosystem ◆ Security Basis: Factorization Problem. ◆ Construction: 1. Choose two large prime numbers P and Q, then compute N=P×Q. 2. Select an integer e such that gcd(e, (N))=1. 3. Compute d such that e×d mod (N)=1. 4. Public key = (N, e). 5. Private key = (P, Q, d).

  7. RSA Public Key Cryptosystem and Digital Signature Scheme • RSA Digital Signature Scheme • Sign Function: Signature S=Md mod N. • Verification Function: M=Se mod N. • Example • P=11,Q=13, N=143, and (143)=120. • e=103, then d=7 (for 103×7 mod 120=1 ). • Sign for M=3: S=37 mod 143=42. • Verification: M= Se mod N = 42103 mod 143=3.

  8. ElGamal Public Key Cryptosystem and Digital Signature Scheme • ElGamal proposed in 1985 • ElGamal Public Key Cryptosystem ◆ Security Basis: Discrete Logarithm Problem 1. If P is a large prime and g and y are integers, find x such that y=gx mod P. 2. The security restriction on P: P-1 must contain a large prime factor Q. ◆ Construction: 1. Choose a large prime number P and a generator g of GF(P). 2. Private key: a random integer x between 1 and P-1. 3. Public key: y=gx mod P.

  9. ElGamal Public Key Cryptosystem and Digital Signature Scheme • ElGamal Digital Signature Scheme • Sign Function: Signature (r, s) for message M. 1. Select a random integer k between 1 and P-1 such that gcd(k, P-1)=1. 2. Compute r=gk mod P. 3. Compute s=k-1(M-xr) mod (P-1). • Verification Function: • Verify by checking whether gM mod P = (rs) ×(yr) mod P. • (rs) ×(yr)=g(M-xr) × gxr = g(M-xr)+xr=gM mod P.

  10. ElGamal Public Key Cryptosystem and Digital Signature Scheme • Example • P=23, g=5. • x=3, then y=10 (for 53 mod 23=10 ). • Sign for the message M=8. • Select k=5 between 1 and 22 (P-1). • Compute r = gk mod P = 55 mod 23 = 20. • Compute s = k-1(M-xr) mod (P-1) = 5-1(8-3×20) mod 22 = 9×14 mod 22 = 16. • Verification: • gM= 58 mod 23 =16 • (rs)(yr) mod P = 2016 × 1020 mod 23= 13×3 mod 23 = 16.

  11. Schnorr’s Digital Signature Scheme • Schnorr’s Digital Signature Scheme • Sign Function: Signature (r, s) for message M. 1. Select a random integer k between 1 and P-1. 2. Compute r = h(M, gk mod P). 3. Compute s = k + x*r mod (P-1). , where the secret key x  the public key y= g-x mod P 4. Send (M, r, s) to the receiver. • Verification Function: • Compute gk mod P=gsyr mod P. • Verify by checking whether r = h(M, gk mod P).

  12. Blind Signature • D. Chaum proposed in 1983 • D. Chaum’s Blind Signature Scheme ◆ It uses the RSA algorithm. Security Basis: Factorization Problem ◆ Construction: Bob has a public key, e, a private key, d, and a public modulus, N. Alice wants Bob to sign message M blindly. 1. Alice chooses a random integer k between 1 and N. Then she blinds M by computing t = Mke mod N. 2. Bob signs t, td=(Mke)d mod N. 3. Alice unblinds td by computing s=td/k mod N = Md mod N. s is the signature of message M.

  13. Blind Signature Property: Untraceable Applications: Blind signature can be used in electronic cash system. • signs coins • database Bank 1. t=SN×ke mod N SN: Serial # k: random number 2. t 7. Coin 3. td mod N Consumer Merchant 5. Coin 4. s=(td)/k mod N=SNd mod N 6. Verify the signature s Coin: (SN, s)

More Related