Digital signature

Presented by
Sandeep kr. Vishwakarma
M.Tech. (Computer Sc.&Engg.)
NITTTR, Chandigarh
April 7, April
2015

7, 2015

11

Contents
Introduction
What is digital signature ?
Message digest
Digital signature standard
Digital signature algorithm
References
April 7, April
2015

7, 2015

22

Introduction
Digital signature is a sort of Cryptography.
Cryptography is known as Secret Writing.

There are two types of cryptography1) Symmetric (Secret Key) Cryptography

2) Asymmetric (Public Key) Cryptography
Public Key Cryptography is mostly used in digital signature.

April 7, 2015

Introduction cont
Let us discuss the security measures applied to each
single message. We can say that security provides four
services:

Message
security

Privacy

April 7, April
2015

7, 2015

Authentication

Integrity

Non-repudiation

44

Introduction cont
Privacy:- Means that the sender and receiver expect
confidentiality.
Privacy with Symmetric-Key Cryptography
Shared key
Bob

Alice

Plain
text

Encryption

network

Decryption

Plain
text

cipher text

April 7, April
2015

7, 2015

55

Introduction cont
Privacy with public-key cryptography
Bob
Public key
Bob Private
key

Bob

Alice

plain
text

Encryption

network

Decryption

plain
text

cipher text

April 7, April
2015

7, 2015

66

Introduction cont
Message authentication: It means that the receiver needs
to be sure the senders identity.

Integrity: It means that the data must arrive at the receiver

exactly as they were sent.

Non repudiation: It means that a receiver must be able to

prove that a received message came from specific sender.

April 7, April
2015

7, 2015

77

What is digital signature ?

We have already discussed privacy. The other three
can be achieved by using what is called digital signature.
We have two choices of signing document:
1. We can sign the entire document
2. We can sign a digest of the document

Signing the whole document:

Public-key encryption can be used to sign a document.
However, the role of the public and private keys are different
here. The sender uses her private key to encrypt the message.
The receiver, on other hand use the public key to decrypt the
message. In digital signature the encryption and decryption
possible using DSA algorithm.
April 7, April
2015

7, 2015

88

Signing the whole document: cont.

Digital signature does not provide privacy.
Public
key
Private key

Bob

Alice

plain
text

Encryption

Network

Decryption

plain
text

Ciphertext

April 7, April
2015

7, 2015

99

Signing the whole document: cont...

Here the sender creates a miniature version or digest
of document and sign it. To create a digest of message, we use a
hash function. The hash function create a fixed- size digest
from a variable-length message as shown in fig.
Hash function

Message (variable length)

Message digest
( fixed length)

The two most common hash function are called MD5 and SHA-1.
April 7, April
2015

7, 2015

10
10

Signing the digest of document

After the digest has been created.
The sender side shown as:
Alice

Message

message

Send to bob

Message +digest
Hash

Digest

Alice Private key

Encryption
Sign
digest

April 7, April
2015

7, 2015

11
11

Signing the digest of document cont

Receiver side
bob

From Alice

Message

Alice public key

Hash

Decrypt

Digest

April 7, April
2015

7, 2015

compare

Digest

12
12

Message digest
A message digest is a fingerprint or the summary of
message. It is similar to the concept of Longitudinal
Redundancy Check (LRC) or Cyclic Redundancy Check
(CRC). That is used to verify the integrity of data.

April 7, April
2015

7, 2015

13
13

Message digest cont

The two most common hash function are called MD5 and
SHA-1.

MD5:

The National Institute of Standards and Technology

(NIST) along with NSA developed the Secure Hash Algorithm
(SHA).
How MD5 Works?
Step1: Padding - The first step in MD5 is to add padding bits to the
original message.
The aim of this step to make the length of original message equal to a
value, which is 64 bit less than exact multiple of 512.
for example, if the length of original message is 1000 bits we add the
padding of 472 bits to make the length of message 1472 bits.
April 7, April
2015

7, 2015

14
14

Message digest cont

Original message

Original message

Padding (1-512) bit

Padding

The total length of this should be 64 bits less than a multiple of 512.
For example, it can be 448 bits (448=512-64), or 960 bits (960=2*512-64)
or 1472=(3*512-64)

April 7, 2015

15

Message digest cont

Step2:Append length

after padding bits are added, the

next step is to calculate the original length of the message and
add it to the end of the message after padding
The length of message is calculated, excluding the padding. so
the length is considered as 1000.
This length of the original message is now expressed as a 64
bit value and appended to end of the original message +
padding.

April 7, April
2015

7, 2015

16
16

Message digest cont

April 7, April
2015

7, 2015

17
17

Message digest cont

Step3: Divide the input into 512-bit blocks
Now we divide the input message into blocks each of length
512 bits

block1

April 7, April
2015

7, 2015

block2

block3

block4

Block n

18
18

Message digest cont

Step4: Initialize chaining variables
In this step 5 variables are initialized. They are called A,B,C,D
and E each of these 32 bit number. The initial hexadecimal
values of these chaining variables are shown bellow:
A
B
C
D
E
April 7, April
2015

hex
hex
hex
hex
hex
7, 2015

01
89
FE
76
C3

23
AB
DC
54
D2

45
CD
BA
32
E1

67
EF
98
10
F0

32*5=
160
bits

19
19

Message digest cont

Step5: Process blocks
Now the actual algorithm begins. It is complicated and we shall discuss it
step-by- step to simplify it to maximum extent possible.
There is a loop that runs for as many 512-bit blocks as in the message.
Step5.1
copy all the five variable into five corresponding variable a,b,c,d and e.
Thus we have a=A, b=B, c=C, d=D, e=E
A

Copying chaining variables into temporary variables

April 7, April
2015

7, 2015

20
20

Message digest cont...

Actually the algorithm considers the combination of a,b,c,d
and e as a 160 bit single resister.
abcde
a

Abstracted view

Internal view

Abstracted view of the chaining variables

April 7, April
2015

7, 2015

21
21

Message digest cont...

Step 5.2: Divide the current 512-bit block into 16 sub-blocks.
Thus each sub block contains 32 bits.
Block 1 (512 bit)

Sub-block1 Sub-block2 Sub-block3

32 bit

32 bit

32 bit

Sub-block16
32 bit

Sub- blocks within a block

April 7, April
2015

7, 2015

22
22

Message digest cont...

Step 5.3 : SHA has four round ,each round consisting of 20
steps .Each round takes the current 512 bit block, The resister
abcde and a constant K[t] (t= 0 to 79) as the three input .
.

512 bit block

K[t]

One round
a

April 7, April
2015

7, 2015

23
23

Message digest cont...

It then updates the constant of the resister abcde using SHA
algorithm step.
Here we have only four constant defined for K[t], one used in
each of the four round

April 7, 2015

24

Message digest cont...

Step5.4: SHA consist four round, each round containing 20
iteration. This makes it a total of 80 iteration .the logical
operation of a single HAS iteration looks as shown in fig.

S^30

April 7, April
2015

7, 2015

Single SHA-1 iteration

25
25

Message digest cont

Mathematically an iteration consist of following:
abcde = (e + process p + s^5(a) + W[t] + K[t]), a , s^30(b), c , d
Where
abcde
Process p
S^t
W[t]
K[t]
April 7, April
2015

= the resister made up

= the logical operation ,we shall study later
= circular-left shift of 32 bit sub- block by t bits
= A 32 bit derived from the current 32 bit subblock, study later
= one of the four additive constant .
7, 2015

26
26

Message digest cont

We will see the meaning of process p and W[t] in the
above equation.
Round

Process p
1

(bANDc) OR ((NOTb) AND(d))

BXORcXORd

(bANDc)OR(bANDd )OR (c AND d)

BXOR c XORd

April 7, April
2015

7, 2015

27
27

Message digest cont

The value of W[t] are calculated as follows:
For first 16 words of W (i.e. t=0 to 15),the content of the input
message sub-block M[t] becomes the contents of W[t]
straightway.
The remaining 64 values of W are derived using the equation :
W[t]= s^1(W[t-16]XOR W[t-14] XOR W[t-8] XOR W[t-3])
S^1 indicate circular-left shift by 1 bit position.

April 7, April
2015

7, 2015

28
28

Digital signature standard

The National Institute of Standards and Technology has
published Federal Information Processing Standards
Publications (FIPS PUBS), known as digital signature
standard.
The DSS makes use of the Secure Hash Algorithm (SHA) and
present a new digital signature technique called the Digital
Signature Algorithm (DSA)
Appropriate for applications requiring a digital rather than
written signature.
The DSA digital signature is a pair of large numbers
represented in a computer as strings of binary digits.
The digital signature is computed using a set of rules (i.e., the
DSA) and a set of parameters such that the identity of the
signatory and integrity of the data can be verified.
April 7, April
2015

7, 2015

29
29

Digital signature standard cont

The DSA provides the capability to generate and verify
signatures.
Signature generation makes use of a private key to generate a
digital signature.
Signature Verification makes use of a public key, which
corresponds to, but is not the same as, the private key.
Each user possesses a private and public key pair.
Public keys are assumed signatures for stored as well as
transmitted data. Anyone can verify the signature of a user by
employing that user's public key.
Signature generation can be performed only by the possessor of
the
user's
private
key.

April 7, April
2015

7, 2015

30
30

Digital signature standard cont...

signature generation and signature verification

April 7, April
2015

7, 2015

31
31

Digital signature algorithm

DSA algorithm makes use of the following variables:
p= A prime number of length L bits. L=A multiple of 64 between
512 and 1024 (i.e. L= 512 or 576 .1024)
q= A 160 bit prime factor of (p-1)
g= h^((p-1)/q) mod p, where h is the number less than (p-1) such
that
h^((p-1)/q) is greater than 1.
x= A numper less than q. (privet key)
y= g^x mod p. (public key)
H= message digest algorithm (SHA-1) .
April 7, April
2015

7, 2015

32
32

Digital signature algorithm cont

The first thee variables p, q, g are public in nature.
let us assume that sender wants to sign a message m and send the
signed message to receiver. Then the following step take
place.
1. The sender generate the random number key which is less
than q.
2. The sender now calculate
a. r= (g^k mod p) mod q
b. s= (k^-1 (H(m)+xr)) mod q.
The values r and s are the signature of the sender. The sender
sends these values to receiver.
April 7, April
2015

7, 2015

33
33

Digital signature algorithm cont

To verify the signature the receiver calculates:
3. w=s^-1 mod q
u1=(H(m) *w)modeq
u2= (rw) mod q
v= ((g^u1 * y^u2)mod p) mod q.
If v=r ,the signature is said to be verified. Otherwise it is rejected.

April 7, April
2015

7, 2015

34
34

References
1.Cryptography and network security By Atul Kahate .
2.Data Communication and Networking by B.A. Forouzen.
3.Federal Information Processing Standards Publication: (Digital
Signature Standard) IEEE paper.

April 7, 2015

35

April 7, 2015

36