Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

COSC362 > Lecture 14: Digital Signatures > Flashcards

Lecture 14: Digital Signatures Flashcards

1
Q

What do MACs allow? What data security does this provide?

A

only allow an entity with shared secrete to generate a valid tag

–> providing data integrity and data authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What do digital signatures use to provide properties of MAC and more?

A

public key cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the general idea of how digital signatures ensure data integrity and authenthication?

A

only the owner of the private signing key can generate a valid digital signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What security service do digital signatures provide?

A

1) non-repudiation

2) a judge can decide which party has formed the signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is non-repudiation?

A

Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Compare physical and digital signatures

A

<strong>Physical Signatures</strong>

1) produced by a human
2) same on all docs
3) easy to recognise

<strong>Digital Signatures</strong>

1) produced by a machine
2) function of the message
3) requiring a computer to check

Both signature types need to be difficult to forge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the relevant algorithms involved in digital signatures

A

1) key generation
2) signature generation
3) signature verification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does the key generation alg ouput?

A

2 keys:

1) a private signing key Ks
2) a public verification key Kv

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Outline the signature generation alg for digital signatures

A

See slide 8 in set 14

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the inputs to the signature generation alg?

A

1) Alice’s private signing key Ks

2) Message M

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the output of the signature generation algorithm?

A

Signature s = Sig(M, Ks)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Who should be able to generate a valid signature?

A

Only Alice, the owner of Ks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What must be message M be for the signature generation algorithm?

A

any bit string

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Comment on the size of the set of all signatures from the signature generation alg

A

Set of fixed size

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the three security properties is needed for signature generation alg?

A

only need integrity, not confidentiality –> prove to Bob signature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Outline the signature verification alg for digital signatures

A

See slide 9 in set 14

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the inputs for the signature verification alg?

A

1) Alice’s public verification key Kv
2) Message M
3) Claimed signature s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the output for the signature verification alg?

A

Boolean value Ver(M, s, Kv) = true/false

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Who should be able to verify a signature?

A

anyone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the properties of digital signatures?

A

1) correctness

2) unforgeability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Comment on the correctness property of digital signatures

A

If s = Sig(M, Ks) then Ver(M, s, Kv) = true for any matching Ks and Kv

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Comment on the unforgeability property of digital signatures

A

It is computationally infeasible for anyone without Ks to construct the pair (M,s) s.t. Ver(M, s, Kv) = true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Can the signing algorithm Sig be randomised for digital signatures?

A

yes

–> since there are many possible signatures for a single message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Give the stronger security definition for digital signatues

A

1) an attacker has access to a chosen message oracle

2) Forging a new signature should be difficult even if the attacker can obtain signatures on messages of her choice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What are the possible security attacks on digital signatures?

A

1) key recovery
2) selective forgery
3) existential forgery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Explain the key recovery i.t.o for digital signatures

A

the attacker attempts to recover the private signing key Ks from the public verification key Kv and some known signatures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Explain the selective forgery i.t.o digital signatues

A

the attacker chooses a message and attempts to obtain a signature on that message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Explain the existential forgery i.t.o digital signatures

A

The attacker attempts to forge a signature on any message not previously signed

It could be a meaningless message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What must modern digital signatures satisfy to be seen as secure?

A

if they can resist existential forgery under a chosen message attack

30
Q

What are RSA signature keys generated in the same way as?

A

RSA encryption keys

31
Q

Explain the process for generating RSA signature keys

IMPORTANT

A

<strong>Public verification key</strong>: n, e where n = pq for large primes p,q

<strong>Private signing key</strong>: p,q,d s.t. ed mod Φ (n) = 1

see slide 13 in set 14

32
Q

What else is required for RSA signature keys’ generation?

A

A hash function h is also required as a fixed public parameter

Can be a standard hash function e.g. SHA-256

33
Q

Explain the signature generation process for RSA signatures

A

1) inputs a message M, modulus n and private exponent d
2) computes s = h(M)^d mod n
3) outputs (M,s) as the signature

34
Q

Explain the signature verification process for RSA signatures

A

1) inputs are claimed signature (M,s), modulus n and public exponent e
2) compute h’ = h(M)

3) check if s^e mod n = h’?
If so, then output true; otherwise output false

–> see set 12 for correctness

35
Q

What do discrete logarithm signatures’ security rely on?

A

difficulty of discrete logarithm problem

36
Q

What are the three versions of discrete logarithm signatues?

A

1) Original Elgamal signatures in Z*p (1985)

2) Digital signature algorithm (DSA) standardised by NIST
- -> an optimized version of Elgamal signatures

3) DSA based on elliptic curve groups, known as ECDSA

37
Q

Give the Elgamal elements in Z*p

A

See slide 17 in set 14

38
Q

What are the Elgamal operations in Z*p?

A

1) signature generation

2) signature verification

39
Q

Give the process for signature generation for Elgamal in Z*p

A

See slide 18 in set 14

40
Q

Give the process for signature verification for Elgamal in Z*p

A

See slide 19 in set 14

41
Q

What does DSA stand for?

A

digital signature algorithm

42
Q

When was DSA first published?

A

1994 by NIST

43
Q

What standard is DSA in?

A

FIPS PUB 186-4 (2013)

44
Q

What is DSA based on?

A

Elgamal signatures

45
Q

What is DSA used with?

A

SHA family of hash functions

46
Q

Comment on DSA’s calculations and signature sizes

A

simpler calculations
short signatures

–> cals done in a subgroup Z*p or an elliptic curve group

47
Q

What does DSA prevent?

A

attacks that Elgamal signatures may be vulnerable to

48
Q

Explain the idea of DSA

A

See slide 20 in set 14

49
Q

What are differences that DSA has with Elgamal signatures?

A

See slide 21 in set 14

50
Q

What are the parameters for DSA

A

See slide 22 in set 14

51
Q

What are the valid combinations of the length of the prime modulus p and prime divisor q?

A

L = 1024, N = 160

L = 2048, N = 224

L = 2048, N = 256

L = 3072, N = 256

52
Q

What is the generator for DSA?

A

See slide 22 in set 14

53
Q

What is the parameter H in DSA?

A

hash function from SHA family variant such that the output is an N-bit digest

(N is the length of q, a prime devisor of p - 1 and p is the prime modulus)

54
Q

Give the key generation process for DSA

A

See slide 23 in set 14

55
Q

Give the signature generation process for DSA

A

See slide 23 in set 14

56
Q

Give the signature verification process for DSA

A

See slide 24 in set 14

57
Q

What are the differences DSA has with Elgamal signatures?

A

1) verification eqn
2) signature generation requirement
3) signature verification requirement
4) signature size

58
Q

What is the verification eqn difference between DSA and Elgamal signatures?

A

DSA’s verification eqn is that same, except that all exponents and final result are reduced modulo q

59
Q

What is the signature generation difference between DSA and Elgamal signatures?

A

DSA’s signature generation mainly requires one exponentiation with a short exponent (224 or 256 bits)

60
Q

What is the signature verification difference between DSA and Elgamal signatures?

A

DSA’s signature verification requires 1 short exponentiatoins

61
Q

What is the signature size difference between DSA and Elgamal signatures?

A

DSA’s signature size is only 2N bits:

  • -> 448 bits when N = 224
  • -> 512 bits when N = 256
62
Q

What are |p|, |q| and the hash function for DSA v1 defined as in the 2013 standard?

A

|p| –> 1024
|q| –> 160
hash func –> SHA-1

63
Q

What are |p|, |q| and the hash function for DSA v1 defined as in the 2013 standard?

A

|p| –> 2048
|q| –> 224
hash func –> SHA-224

64
Q

What are |p|, |q| and the hash function for DSA v1 defined as in the 2013 standard?

A

|p| –> 2048
|q| –> 256
hash func –> SHA-256

65
Q

What are |p|, |q| and the hash function for DSA v1 defined as in the 2013 standard?

A

|p| –> 3072
|q| –> 256
hash func –> SHA-256

66
Q

What does ECDSA stand for?

A

elliptic curve DSA

67
Q

What standard is ECDSA in?

A

FIPS PUB 186-4 (2013)

68
Q

Where are the parameters chosen from for ECDSA?

A

NIST approved curves

69
Q

Are signature generation and verification the same for DSA?

A

Yes, except that:

1) q becomes the order of the elliptic curve group
2) multiplication mod p is replaced by the elliptic curve group operation
3) after operations on group elements, only the x condition is kept (from pair(x, y))

70
Q

Compare the signature sizes of ECDSA and DSA for the same security level

A

ECDSA signatures are generally not shorter than DSA signatures for the same security level

71
Q

Compare the variation in signature sizes for ECDSA and DSA

A

ECDSA signature size varies with the underlying curve

–> Between 326 bits and 1142 bits from approved curves

72
Q

Compare the public key sizes for ECDSA and DSA

A

ECDSA public keys are shorter than DSA public keys

COSC362 (21 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions