Digital signatures Flashcards
How does MAC provide integrity and authentication?
Only an entity with the shared secret can generate a valid MAC tag
How does digital signatures obtain the property of MAC?
Use public key cryptography.
Only the private-key owner can generate a correct digital signature
How does digital signature provide non-repudiation?
Because a judge can decide which party formed the signature
Compare digital and physical signatures
Produced by: human-machine
Same on all documents - function of message
Easy to recognise - requires computer to check
Both must e difficult to forge
What is the flow of signatures?
Have a digital message
Hash this
Sign with private key
Verify with public key
What are the three algorithms of digital signature schemes?
Key generation (output private signing key Ks and public verification key Kv)
Signature generation
Signature verification
Describe the signature generation algorithm
Signature o = Sig(m, Ks)
m: Message
Ks: private signing key
Describe the verification algorithm
Ver(m, o, Kv) = true or false
m: Message
o: Claimed signature
Kv: public verification key
What are the required properties of verifying functions?
Correctness
Unforgeability
What is the correctness property?
If o = Sig(m, Ks) then Ver(m, o, Kv) = true, for any matching signing/verification keys
What is the unforgeability property?
It is computationally infeasible for anyone without Ks to construct m and o such that Ver(m, o, Kv) = true
What is key recovery?
Attacker tries to recover the private key from the public key and some known signatures
What is selective forgery?
Attacker chooses a message and tries to obtain a signature on that message
What is existential forgery?
The attacker attempts to forge a signature on any message not previously signed, even if it is a meaningless message
When are digital signatures considered secure?
If they can resist existential forgery under a chosen message attack