ch13 Digital Signatures 密码编码学与 及网络安全：原理与 及实践 第四版英文课件.pptVIP

* Recall from Chapter 10, that in 1984, T. Elgamal announced a public-key scheme based on discrete logarithms, closely related to the Diffie-Hellman technique [ELGA84, ELGA85]. The ElGamal encryption scheme is designed to enable encryption by a users public key with decryption by the users private key. The ElGamal signature scheme involves the use of the private key for encryption and the public key for decryption. The ElGamal cryptosystem is used in some form in a number of standards including the digital signature standard (DSS) and the S/MIME email standard. As with Diffie-Hellman, the global elements of ElGamal are a prime number q and a, which is a primitive root of q. User A generates a private/public key pair as shown. The security of ElGamal is based on the difficulty of computing discrete logarithms, to recover either x given y, or k given K (next slide). * To sign a message M, user A first computes the hash m = H(M), such that m is an integer in the range 0 = m = q – 1. A then forms a digital signature as shown. The basic idea with El Gamal signatures is to again choose a temporary random signing key, protect it, then use it solve the specified equation on the hash of the message to create the signature (in 2 pieces). Verification consists of confirming the validation equation that relates the signature to the (hash of the) message (see text for proof). Again note that El Gamal encryption involves 1 modulo exponentiation and multiplications (vs 1 exponentiation for RSA). * Here is an example of creating and verifying an ElGamal signature from the text using the prime field GF(19); that is, q = 19. It has primitive roots {2, 3, 10, 13, 14, 15}, as shown in Table 8.3. We choose a = 10. Alice generates a key pair as shown, which is = {19, 10, 4}. Alice can sign a message with hash m = 14 as shown to compute the signature pair (3,4). Any user B can verify the signature by computing confirming the validation equation as shown. * As with the ElGamal digita