DTTFNB 479 Dszquphsbqiz Announcements 1 2 3 Pass

DTTF/NB 479: Dszquphsbqiz Announcements: 1. 2. 3. Pass in HW 7 now. Project rubrics posted (peruse together) Teams choose presentation dates now Questions? This week: n Birthday attacks, Digital signatures, DSA Day 31

Why are digital signatures important? Compare with paper signatures Danger: Eve would like to use your signature on other documents! Solution: sig = f(document, user) n Let m be the message/document Algorithms we’ll study: n n n RSA El. Gamal DSA (Digital Signature Algorithm)

RSA Signatures Alice chooses: n n n p, q, n=pq, e: gcd(n, (p-1)(q-1))=1, d: ed = 1(mod ((p-1)(q-1)) Publishes n, e Alice’s signature: n y = md(mod n). Delivers (m, y) Bob’s verification: n Does m = ye (mod n)? Show the verification works. Note that given the signature y, Bob can compute the message, m.

RSA Signatures Alice chooses: n n n p, q, n=pq, e: gcd(n, (p-1)(q-1))=1, d: ed = 1(mod ((p-1)(q-1)) Publishes n, e Alice’s signature: n y = md(mod n). Delivers (m, y) Bob’s verification: n Does m = ye (mod n)? Show the verification works. Note that given the signature y, Bob can compute the message, m. Eve wants to use Alice’s signature on a different document, m 1 n Why doesn’t this work? Eve wants to choose a new y 1, then compute m 1 = y 1 e n Why doesn’t this work?

Blind Signature Alice chooses: n n n p, q, n=pq, e: gcd(n, (p-1)(q-1))=1, d: ed = 1(mod ((p-1)(q-1)) Publishes n, e Bob wants m signed Bob chooses: n k: random, gcd(k, n)=1 Bob sends: t=kem Alice’s signature: n s = td(mod n). Bob’s verification: n Computes sk-1 Bob wants Alice to sign a document as a method of time-stamping it, but doesn’t want to release the contents yet. Why can’t Alice read m? Verification: n n Find sk-1 in terms of m What is the significance of this? What’s the danger to Alice of a blind signature?