signature schemes (based on the discrete logarithm)
Some popular algorithms
‧RSA Digital Signature (R. L. Rivest, A. Shamir, and L. M. Adleman, 1978)
challenge c
Alice
r=Sig(KRBob, c)
Bob
If Ver(KUBob, r, c)=true then accept that “Bob is talking to me”
What security service can digital signature provide?
China Digital Signature Law have become effective
April 1 2005 China Digital Signature Law has become effective
1. Part One Overview
2. Part Two Electronic Data
第十章 数字签名与消息认证
讨论议题 ——数字签名
➢数字签名的概念 ➢基本签名算法 ➢特殊签名算法 ➢研究动向
一、数字签名的概念
Digital signature
• Goal: Use the digital technique to emulate the “hand-written signature”
3. Part Three Digital Signature and
Certification
Authority
4. Part Four Legal Responsibility
5. Part Six Supplementary Articles
Digital Signature Law is an Infrastructure of E-COM
• Data Integrity • Authentication • Non-forgeability • Non-repudiation
签名的一个重要应用 第三方信任的模型
证书认证中心(CA)
Fig. 信任的层次结构
公正的被信任者
经认定可以 被信任的中 间角色
A
B
用户群
结论
网络空间的信任建立问题是信息安全讨 论的核心问题，网络空间的信任建立 方法很大程度上借鉴了传统生活中建 立信任的方法。正如手写签名在传统 生活中的重要作用一样，数字签名是 网络空间中建立信任的一块基石。
Two Famous Digital Signature Schemes 1. RSA Digital signature scheme (based on the
factorization problem) 2. ElGamal digital signature and Meta-ElGamal
Requirements
• The signature depends on the signer and the document to be signed.
• Easy to compute: it is easy for a signer to sign a document
• Universal verifiability: every one can verify validity of a signature (with respect to the signer and the document)
• Forgery tye
– Existential forgery – Selective forgery
The Model of Digital Signature
Signer’s secret key
Байду номын сангаасMessage
Sign Function
Verification Function
Signer’s public key
• Easy to store: the signature should be short enough
Attacks on digital signature
• Attack type
– Key-only attack (ciphertext-only) – Known-message attack (known-plaintext) – Chosen-message attack (chosen-plaintext)
Supply Chain Online Payment Trading Platform
Information Exchange Platform
Digital Signature Law is Infrastructure
Credit System
二、基本签名算法
Fundamental schemes
– Signature schemes based on errorcorrecting codes
– Signature schemes based on two hard problems
– Signature schemes based on elliptic curves
Algorithm foundation
• Security requirements
– Unforgeability: one cannot create a signature that is claimed to be another’s
– Undeniability: the signer cannot later deny the validity of his signature
Signature Message
Message
Check Message=?Message
Digital signature: usage
• Off-line: Signing a document for emulating the hand-written signature
• On-line: identity authentication (+session key distribution)