Integratining DiffieHellman Key Exchange into the Digital Signature
- Slides: 23
Integratining Diffie-Hellman Key Exchange into the Digital Signature Algorithm (DSA) Source: IEEE Communications Letters, Vol. 8, No. 3, March 2004 Authors: Lein Harn, Manish Mehta, Wen-Jung Hsin Speaker: Yu-Wei Su Date: 1
Outline o 1. Introduction o 2. Concept & Goal o 3. Proposed protocols o 4. Conclusion 2
1. Introduction 1 -1. Key Exchange 1 -2. Diffie-Hellman Algorithm 1 -3. Digital Signature 1 -4. DSA 3
1 -1. Key Exchange ● Symmetric Encryption ● Alice & Bob calculate a session key to communicate Session Key; k EK() Alice DK() Bob 4
1 -2. Diffie-Hellman Algorithm Parameters (1/4) common parameters: g, n: two large primes private parameters: a: random number, choice by Alice b: random number, choice by Bob 5
Operating Flow (2/4) ga mod n gb mod n Alice calculate ((gb mod n)a mod n), result is (gab mod n) Bob calculate ((ga mod n)b mod n), result is (gab mod n) Session key = gab mod n 6
Example n = 11, g = 2 a=4 b=8 (3/4) => ga mod n = 24 mod 11 = 5 gb mod n = 28 mod 11 = 3 Alice : (gb mod n)a mod 11 = 34 mod 11 = 4 Bob: (ga mod n)b mod 11 = 58 mod 11 = 4 Session key = 4 7
The Computational Diffie-Hellman Assumption(CDH assumption) (4/4) ● Eve receives (ga mod n) and (gb mod n) in the channel. ● It is very hard to calculate (gab mod n). 8
1 -3. Digital Signature ● Non-repudiation ● Based on asymmetric scheme message f(message) ps: f() is a digital signature algorithm. 9
1 -4. Digital Signature Algorithm(DSA) 1 -4 -1. Preview o Used in Digital Signature Standard(DSS) o Proposed by NIST o Published in FIPS PUB 186 -x o http: //www. itl. nist. gov/fipspubs 10
Parameters (1/3) Global parameters: p: a prime number, |p| = 512 ~ 1024 (bits), multiple of 64 q: a 160 -bit prime factor of (p-1) h: 1< h < p-1 g = (h(p-1)/q) mod p H(): a hash function, ex: SHA-1 Sender’s Private Parameter: x, random integer with 0 < x < q 11
Parameters (2/3) Sender’s Public Parameter: y = gx mod p m: message Per-Message Secret Parameter: k: random integer with 0 < k < q 12
Signing & Verifying (3/3) Signing (Sender) : r = (gk mod p) mod q s = [k-1(H(m) + xr)] mod q => signature = (r, s) Verifying (Receiver) : w = (s’)-1 mod q u 1 = [H(m’)w] mod q u 2 = (r’)w mod q v = [(gu 1 yu 2) mod p] mod q Test v ? = r’ ps: s’ & r’ are received by receiver which corresponding s & r. 13
2. Concept & Goal 2 -1. DH + DSA Diffie-Hellman Algorithm + Digital Signature Algorithm = Take (ga mod p) as message in DSA 14
2 -2. Three Models 1. One-round protocol 2. Two-round protocol 3. Three-round protocol 15
3. Proposed protocol 3 -1. Parameters User A, B: two users in protocol YA, XA: a key pair, public key & private key of user A in DSA, authenticated. YA = g. XA mod p YB, XB: a key pair, public key & private key of user B in DSA, authenticated. YB = g. XB mod p Other parameters are corresponding in DSA KAB: session key from A to B 16
3 -2. One-round protocol (1/2) Step 1(User A): Select k. A Let m. A = gk. A mod p Let KAB = (YB)k. A mod p (= gx. Bk. A mod p) Calculate r. A = (gk. A mod p) mod q Calculate s. A = [k. A-1(m. A||KAB) + XAr. A] mod q Sent (m. A, s. A) to User B 17
One-round protocol (2/2) Step 2(User B): Receive m. A, s. A from User A Imply r. A = m. A mod q Imply KAB = (m. A)x. B mod p (= gk. Ax. B mod p) Verify (r. A, s. A) of (m. A||KAB) After Step 2, A & B obtain a session key: KAB = gk. Ax. B mod p 18
3 -3. Two-round protocol (1/2) Step 1, Step 2 are the same as one-round protocol. Step 3(User B): (just take B as A) Select k. B Let m. B = gk. B mod p Let KBA = (YA)k. B mod p (= gx. Ak. B mod p) Calculate r. B = (gk. B mod p) mod q Calculate s. B = [k. B-1(m. B||KBA) + XBr. B] mod q Sent (m. B, s. B) to User A 19
Two-round protocol (2/2) Step 4(User A): (just take A as B) Receive m. B, s. B from User B Imply r. B = m. B mod q Imply KBA = (m. B)x. A mod p (= gk. Bx. A mod p) Verify (r. B, s. B) of (m. B||KBA) After Step 4, A & B obtain two session keys: KAB = gk. Ax. B mod p KBA = gk. Bx. A mod p 20
3 -4. Three-round protocol (1/2) Step 1(User A): Select k. A Let m. A = gk. A mod p Sent m. A to User B Step 2(User B): Imply KAB = (m. A)x. B mod p (= gk. Ax. B mod p) Select k. B Let m. B = gk. B mod p Let KBA = (YA)k. B mod p (= gx. Ak. B mod p) Calculate r. B = (gk. B mod p) mod q Calculate s. B = [k. B-1(m. B||KBA||KAB) + XBr. B] mod q Sent (m. B, s. B) to User A 21
Three-round protocol (2/2) Step 3(User A): Let KAB = (YB)k. A mod p (= gx. Bk. A mod p) Imply r. B = m. B mod q Imply KBA = (m. B)x. A mod p (= gk. Bx. A mod p) Verify (r. B, s. B) of (m. B||KBA||KAB) Calculate r. A = (gk. A mod p) mod q Calculate s. A = [k. A-1(H(m. A||KAB||KBA) + x. Ar. A)] mod q Sent s. A to User B Step 4(User B): Imply r. A = m. A mod q Verify (r. A, s. A) of (m. A||KAB||KBA) 22
4. Conclusion o Authentication & Efficient 23
Message authentication code
Gas exchange key events in gas exchange
Dsa
Dsc enrollment in pfms
Message authentication code example
Diffie hellman digital signature
Properties of digital signature
Rsa digital signature
Digital signature
Digital signature authentication protocol
Dsa in network security
Digital signature authentication protocol
Digital signature forgery
Dss digital signature
Attack on digital signature
Digital signature algorithm
Cryptography topics crossword
Unforgeability
Digital signature authentication protocol
Do not use key signature
El gamal algorithm
Order of sharps
Key evolving signature
Real exchange rate vs nominal exchange rate
