3.4.5. DIGITAL SIGNATURE
A digital signature is an electronic signature on an electronic document generated by cryptographic technology and used to detect whether or not the information was modified after it was signed. Without the private key used to generate the signature, it is technically impossible to falsify the signature that is generated by the security code digital signature scheme. Based on that fact, encrypted digital signatures are widely used in e-commerce applications and considered more secure than a simple generic electronic signature. Figure 1 below shows a simple digital signature algorithm between two communication parties.
The processes consist of two main phases described below.
/b Signing Process by Sender: First a message digest (MD) is generated. A message digest is a “summary of the message that is going to be transmitted,†and created by a set of hashing algorithms that were agreed to by both parties. The hashing algorithm ensures the integrity of a message by producing a completely different hash value (MD) when a single piece of the message changes. An MD encrypted with a sender’s private key and an encrypted message digest is created, which is called a digital signature (DS). A digital signature is enclosed with the message and sent to the receiver.
b Signature Verification Process by Receiver: Using the sender’s public key, a receiver decrypts the digital signature to obtain the message digest generated by the sender. Using the same hashing algorithm, the receiver calculates the MD of the received message. The acquired MD value is compared with the sender’s MD value. If they are identical, then the message is not altered and the originality is assured. At this phase, if decrypting the message using the sender’s public key results in a faulty message digest, then the message has been changed and cannot be trusted. However, it is clearly shown that the integrity of the message is maintained but not the privacy, since the message is sent plainly. This may be suited to a situation where confidentiality is not an issue. In order to ensure confidentiality in communication, the message should be encrypted. Basically, a digital signature scheme typically consists of three algorithms, namely key generation, signing and signature-verifying algorithms. The techniques are varied, and these systems are categorized based on their mathematical problems. Generally, public key systems are grouped into three main classes which are based on integer factorization (i.e. RSA), discrete logarithm (i.e. DSA), and elliptic curve discrete logarithm (i.e. ECDSA). The security degrees of all the techniques are based on the hardness of mathematical problems. Vanstone stated that the two major criteria to use in comparing these systems are security and efficiency.
The Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the Digital Signature Algorithm (DSA) that operates on elliptic curve groups. ECDSA was first proposed in 1992 by Scott Vanstone in response to the National Institute of Standards and Technology’s (NIST) request for public comments on their first proposal for DSS. It was accepted in 1998 as an International Standards Organization standard (ISO 14888-3), accepted in 1999 as an American National Standards Institute standard (ANSI X9.62), and accepted in 2000 as both an Institute of Electrical and Electronics Engineers standard (IEEE 1363-2000) and a Federal Information Processing Standards standard (FIPS 186-2).
b In order to be involved in secured and trusted communication, both parties must agree upon Elliptic Curve domain parameters. For example, Sender A and Receiver B are considered to be communicating parties, and A sends a signed message to B. Sender A has a key pair consisting of a private key, dA (a randomly selected integer less than n, where n is the order of the curve, an elliptic curve domain parameter) and a public key QA = dA * G (G is the generator point, an elliptic curve domain parameter). Sender A signs the message using the private key, and then d A and sends the message with the signature to receiver B. Since B knows the public key of A, the signature can be verified to see whether or not it originally sent by A. The two processes of signature generation and signature verification in ECDSA are described below
Signature Generation
Sender A signs the message m to be sent using A’s private key, dA.
Compute e = HASH (m), where HASH is a cryptographic hashing algorithm, (i.e. SHA-1) Select a random integer k from [1, n − 1]
Compute r = x1 (mod n), where (x1, y1) = k * G.
Compute s = k − 1(e + dAr)(mod n). The signature is the pair (r, s)
If r = 0, return to step 2 If s = 0, return to step 2 Signature Verification
Receiver B authenticates and verifies the signature using A’s public key, QA.
Verify that r and s are integers in the interval [1,n − 1]. If not, the signature is invalid. Compute e = HASH (m), where HASH is the same hashing algorithm used in signature generation. Compute w = s −1 (mod n)
Compute u1 = ew (mod n) and u2 = rw (mod n) Compute (x1, y1) = u1G + u2QA
The signature is valid if x1 = r (mod n), otherwise it is invalid.
