07: Digital Signatures

DON'T provide PK cryptograhpy, AUTHENTICATION

Bob Signs a message: Digital Signature Generation Algorithm

Message + Bob's PK --> signature

Alice Verify's signature: Verification Algorithm

Message + Bob's PU + signature --> valid or naw?

To get the key to verify the signature you need a public key certificate which is verified by another PU certificate,…and so on... Til you get the root certificate. If anyone knows your private signing key by your private root certificate you can be MIM’d D:

Digital Signature Properties

Digital signatures provide authentication between parties:

1. Must verify the author, date and time of the signature

2. Must authenticate the contents at the time of the signature

3. Verifyable by third parties to resolve disputes

Attacks

A = user whose signature method is being attacked

C = attacker

Forgeries (Adversarial Goals)

Breaking a digital signature scheme successfully

Digital Signature Requirements

Satisfied by a secure hash function:

• The signature must be a bit pattern that depends on the message being signed

• The signature must use some information unique to the sender to prevent both forgery and denial

• It must be relatively easy to produce the digital signature

• It must be relatively easy to recognize and verify the digital signature

• It must be computationally infeasible to forge a digital signature, either by constructing a new message for an existing digital signature or by constructing a fraudulent digital signature for a given message

• It must be practical to retain a copy of the digital signature in storage