Abstract
One of the main goals of modern cryptography is to guarantee the authenticity and the integrity of the messages received, which is of the utmost importance in fields like ecomerce and e-banking, where physical protection of exchanged data is impossible. A reasonable guarantee of data authenticity in the private-key setting can be obtained by using a MAC. However, the requirement that the parties share a secret key severely limits the applicability of these schemes and, moreover, MACs do not provide non-repudiation and allow the possibility that the sender of an authenticated message might later repudiate it. These problems are solved with the use of digital signatures, that serve to guarantee authenticity in the public-key setting, and are studied in this chapter.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Observe that the term ‘decrypt’ must not be taken literally here and that this terminology is often used even when the signing algorithm is not a decryption algorithm like in the RSA case; an alternative terminology is “hash-then-sign” and we may also speak of “hash-then-invert” when—as happens with RSA—signing is carried out by applying the inverse of a (candidate) trapdoor permutation.
- 2.
There is a theorem that ensures that if the underlying (not hashed) signature scheme is secure and \(H\) is collision resistant, then the hashed signature scheme is also secure, but this is hardly of any help in our examples because both plain RSA signatures and Elgamal signatures are insecure.
- 3.
We are not going to elaborate on the details of these ‘security strengths’ and refer the reader to [11] instead.
- 4.
As is done in Sect. 9.3.1, we assume that \(H\) maps \(\{0,1\}^*\) to \(\mathbb{Z }_n\) by identifying a bit string with the integer it defines.
- 5.
A tighter reduction, which depends on the number of signing oracle queries rather than on the number of hash oracle queries, was found by J.S. Coron but a still tighter reduction is desirable.
- 6.
In practice, the certificate contains additional information such as, for example, the name of the entity \(C\) signing it, the names of the algorithms in which the public key is used, start and end of validity period, etc.
- 7.
X.509 is a standard for network authentication widely used by Internet standards such as SSL/TLS and S/MIME. Secure Sockets Layer/Transport Layer Security (SSL/TLS) is a cryptographic standard for network communications and Internet, and Secure/Multipurpose Internet Mail Extensions (S/MIME) provides encryption and digital signatures for electronic mail.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Gómez Pardo, J.L. (2013). Digital Signatures. In: Introduction to Cryptography with Maple. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32166-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-32166-5_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32165-8
Online ISBN: 978-3-642-32166-5
eBook Packages: Computer ScienceComputer Science (R0)