Digital Signature - PowerPoint PPT Presentation

About This Presentation
Title:

Digital Signature

Description:

Digital Signature. You want to sign a document. Three conditions. ... Digital Signature. If Alice later denies she sent the message P, Bob can show P and D_A(P) ... – PowerPoint PPT presentation

Number of Views:3122
Avg rating:3.0/5.0
Slides: 10
Provided by: zhen6
Learn more at: http://www.cs.fsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Digital Signature


1
Digital Signature
  • You want to sign a document.
  • Three conditions.
  • 1. The receiver can verify the identity of the
    sender.
  • 2. The sender cannot later repudiate the content
    of the message.
  • 3. The receiver cannot make the message up.

2
Using Public key / Private Key
  • To send P, Alice send E_B(D_A(P)).
  • Bob receives, decode it with his private key to
    get D_A(P), encode it with Alices public key to
    get P.

3
Digital Signature
  • If Alice later denies she sent the message P, Bob
    can show P and D_A(P). A third party can check if
    he can get P with D_A(P) and Alices private key.
    If yes, Alice is lying because bob does not know
    Alices private key and have no way to make up
    D_A(P).

4
Is problem solved?
  • How can Alice and Bob know each others public
    key?
  • Can Alice send a message to Bob to ask him to
    send her pkB?
  • No. Tom may intercept this message and return
    Alice a message with his key or some junk.

5
Solution?
  • Ask someone with authority, say, C.
  • Alice asks C can you tell me the public key of
    Bob?
  • C replies Here you are, pkB.
  • Will this work?
  • No. Because how can Alice be sure that this
    message is from C and not from Tom?

6
Solution
  • Because C is well-known, Alice remembers his
    public key.
  • So when C sends Alice the reply, he signs it
    with his private key D_skC(pkB, I am sending you
    the public key of Bob as you requested).
  • When Alice gets this message, she knows that this
    must be from C and can be trusted.

7
Problems?
  • If everyone must contact C before the session
    begins, can C still handle it?
  • Note that the RSA algorithm involves
    multiplications of large numbers and is slow.

8
Solution
  • In fact, C does not have to answer the reply in
    real time.
  • He can send Bob a certificate like D_skCI
    hereby certificate that this key
    belongs to Bob. Bobs IP address is and
    his email is _at__at__at__at_.
  • Later, when Bob wants to prove he is indeed Bob,
    he can just present this to Alice.
  • Actually, it is D_skCSHA_1I hereby certificate
    that this key belongs to Bob. Bobs
    IP address is and his email is _at__at__at__at_. and
    C is called Certificate Authority (CA).

9
Optimizations
  • Still, signing all these certificates is too much
    for a single machine.
  • There is PKI (Public Key Infrastructure) as a
    tree. You have a root, Regional Authorities, and
    CAs.
  • A node certifies the nodes under it by signing.
  • Chain of trust.
Write a Comment
User Comments (0)
About PowerShow.com