Digital Signature (RSA and DSS) Cryptography and

Computer Security

1.ALGORITHMS

Two algorithms are used in digital signature: RSA ,in which the production of the key is obtained by
an algorithm (deterministic) and ElGamal, in which the key is randomly obtain (random)

1.1 RSA

RSA can be used with and without generating a hash function, when using a hash function the
message results in a fixed length. Moreover, any change produced in the input will result in a
completely different output. For that reason RSA is always used for digital signature with appendix
using a hash function.

Use without a hash function:

Alice wants to send a signed message to Bob:
1.Alice creates a public key e ( K uA ) and a private key d ( K vA )

2.Alice encrypts M with her private key F=D RSA (M, d) (signature
generation)

3.Alice sends F to Bob

4.Bob gets M from Alice’s public key M=E RSA (M, e) (signature
verification)

Use with hash function (provides confidentiality):

1. A gets R = H(M) from M

2. A signs R with her private key: F=D RSA (R, K vA )
3. A encrypts M with B’s public key: C = E RSA (M, K uB )
4. A sends to B: (C, F) = (E RSA (M, K uB ) , D RSA (R, K vA ))
5. B verifies the signature
1.Decrypting F with the signer’s public key, getting R
2.Decrypting C with his private key, and getting M
3.From M obtained in step 2, computes R’
4.Comparing R with R’

1.2 DSA

DSA, which combines ElGamal and Schnoor algorithms, was proposed by the NIST in 1991 and in
1994 its standard was established.

When signing with ElGamal you have to previously select a prime p with 300 digits and a primitive
generator g of it. In addition, the signer chooses a private key XA, 1< XA<p-1 and publishes y A
≡g XA (mod. p).
Signature Generation (by A)

A, uses x A and y A =g xA mod. p as keys to sign M. First, she

chooses a random integer k (coprime with p-1) and calculates
the signature (r,s) as follows:
 r =g k (mod. p) r =g k (mod. p)
 r =g k (mod. p) s=(H(M) - x A . r) k -1 mod. (p -1)
 r =g k (mod. p) A sends to B: (M, r, s)

Signature verification (by B)

Once B has received M and (r, s), it will accept the signature if
the following expressions match:
 r =g k (mod. p) V 1 = y Ar r s (mod. p)
 r =g k (mod. p) V 2 =g H(M) (mod. p)

2.Digital Signature formats

Some of the most common formats for digital signature are : Privacy-Enhanced Mail (PEM) – RFC
1421, PKCS#7, S/MIME – RFC 2634, ISO 9796-2, XMLDsig, XadES.

In XML we have different possibilities for signature( doesn’t need certificate) :

• “Wrapped”, the signature format includes the content
• “Detached”, the signature and the content are given separately
• “Embedded”, the signature is part of the signed content

3. International recommendations
eCRYPT I and eCRYPT II in Europe, CRYPTREC in Japan and the NIST in the United States are
responsible to determine are the best and research for new methods in their respective zones.

4. Graphical representation of the digital signature combined with hash

functions
The Elliptic Curve Digital Signature Algorithm (ECDSA) offers a variant of the Digital
Signature Algorithm (DSA) which uses elliptic curve cryptography.

Probabilistic Signature Scheme (PSS) is a cryptographic signature scheme designed by Mihir

Bellere and Phillip Rogaway. It combines RSA Signature Scheme with Appendix-Probabilistic
Signature. It uses the PSS codification method.

5.Digital signature. Legal framework

Due to the entrance of this new type of technology a legal framework is needed to approve legally
the use of this method if it fulfills the requirements for hand-written signatures.

Nowdays, this method is incorporated in our e-DNIs.