Digital
Signature Correctness
with
Optimized RSA Algorithm
Introduction:
A
digital signature
or
digital signature scheme
is a mathematical scheme for demonstrating
the authenticity of a digital message or document. A valid digital signature gives a recipient
reason to believe that the message was created by a known sender, and that it was not altered in
transit. Digital sig
natures are commonly used for software distribution, financial transactions,
and in other cases where it is important to detect forgery or tampering.
On other hand,
The RSA algorithm is named after Ron Rivest, Adi Shamir and Len Ad
leman,
who invented it in
1977.
The basic technique was first discovered in 1973 by Clifford
Cocks
of
CESG (part of the British GCHQ) but this was a secret unti
l 1997. The patent taken out by
RSA
Labs has expired.
The RSA cryptosystem is the most widely

used public key
cryptography algorithm in the
world. It can be used to encrypt a message without the need to exchange a secret key separately
The RSA algorithm can be used for both public key encryption and digital signatures. Its security
is based on the difficulty of fa
ctoring large integers.
Party A can send an encrypted message to
party B without any prior exchange of secret keys. A just uses B's public key to encrypt the
message and B decrypts it using the private key, which only he knows. RSA can also be used to
sign
a message, so A can sign a message using their private key and B can verify it using A's
public key.
Digital signatures employ a type of
asymmetric cryptog
raphy
.
Original RSA steps
:
Encryption
Sender A does the following:

1.
Obtains the recipient B's public key (n, e).
2.
Represents the plaintext message as a positive integer
m
,
1 < m < n
3.
Computes the
cipher text
c = m
e
mod n
.
4.
Sends the ciphertext
c
to
B.
Decryption
Re
cipient B does the following:

1.
Uses his private key (n, d) to compute
m = c
d
mod n
.
2.
Extracts the plaintext from the message representative
m
.
Digital signing
Sender A does the following:

1.
Creates a
message digest
of the information to be sent.
2.
Represents this digest as an integer
m
between 1 and
n

1.
3.
Uses her
private
key (n, d) to compute the signature
s = m
d
mod n
.
4.
Sends this signature
s
to the recipient, B.
Signature verification
Recipient B does the following:

1.
Uses sender A's public key (n, e) to compute integer
v = s
e
mod n
.
2.
Extracts the message digest from this integer.
3.
Independently computes the message digest of the information that has been signed.
4.
If both message digests are identical, the signature is
valid
Problem
:
The only know way to attack a highly secure RSA algorithm is to perform a brute force attack
on the modulus.
However, this attack can be easily defeated by increasing the key size of the
modulus.
Moreover,
this approach
of increasing the key size can lead to number of problems
such as;
Increased processing time; decryption time increases 8

fold as key sizes double
.
Computational Overheads
–
the computation required to perform the public key and
private key transformation
s
Increased key storage requirement
–
RSA key storage (private and public keys) requires
significant amounts of memory for storage.
Furthermore, key generation is complex and time consuming, time increases with key size.In
RSA a short public exponent can b
e employed to speed up signature verification and encryption.
Moreover, the need to make digital signature more secure with small bits (1024) for key
generations is the main goal of the proposed algorithm and survey study.
Proposed
Algorithm
:
The
propose
d
digital signature algorithm by the
authors
of the
paper
in review
is
an adaptation
of the RSA system algorithm that overcomes the shortcoming of the RSA system
(processing
time and computational overheads). The proposed algorithm is aimed to
solve
the problem of
processing time by not increasing the key size but using key with small bit (1024 bit) so the
problem of increased processing time can be solved. It also aimed to
solve
the computational
overhead through modification of the main
RSA algorit
hm
.
The algorithm essentially involved the RSA System with DSA so that it can prevent anyone from
tempering the sender message before it get to its final destination. Nonetheless, the basic aim of
the algorithm is to make RSA algorithm more efficient.
How the proposed
Signature
algorithm works
:
In the algorithm, the message is to be assigned as input to a one

way hash algorithm
producing an unrecoverable digest of the message.
The digest is encrypted with
receiver’s
public
key, then
senders public key
to produce
signature,
appended to the original message and transmitted.
At the
receivers
,
the message and signed digest
(the
signature) are
separated. The
original
message
is passed through the same hash function used by the originator and
the signature is
decrypted using sender’s public key then
receiver’s
private key to
produce another copy of the original
digest. The
two digest are presented to a
comparator. If they are
equal, the
message is accepted as genuine. If they do not
match, the
message is rejec
ted.
The
digital
signature
algorithm
scheme consists of three
different
Components
and
algorithms
:
a.
A
key generation
algorithm
that selects a
private key
uniformly at random
from a set of
possible private keys. The algorithm outputs the private key and a corresponding
public
key
.
b.
A
signing
alg
orithm
that, given a message and a private key, produces a signature.
c.
A
signature verifying
algorithm that, given a message, public key and a signature, either
accepts or rejects the message's claim to authenticity.
Algorithm:
Key Generation
:
Suppose a user A w
ish to allow B to send a private message over an insecure transmission
medium. A and B take the following algorithm to generate a public key and private key;
INPUT: Bit length of modulus, k.
OUTPUT:
Public key (E; N), and private key (D; N).
1)
Generate prime numbers (P
a) and (Pb) of bit length [k/2]
2)
Generate prime numbers (Qa) and (Qb) of bit length K

[k/2]
Experimental Results:
To test and compare the performance
characteristic
of the
RSA
, DSS
and proposed signature
algorithm, the
authors implemented the test in c+
+ program
. The experiment was done to test
and compare the time required for
achieving
the implementation of RSA, DSS and proposed
algorithm in small range of key size.
Algorithm
Key
Generation(Seconds)
SIGNATURE ( secs)
Verification( seconds)
Experiment 1
RSA
4.48500
0.016000
13.59400
DSS
34.32800
8.110000
4.531000
Proposed
10.719000
0.015000
0.015000
EXPREIMENT 2
RSA
7.735000
0.016000
13.281000
DSS
72.922000
30.906000
8.312000
PROPOSED
10.750000
0.031000
0.047000
EXPERIMENT 3
RSA
12.324000
0.016000
19.625000
DSS
50.640000
35.344000
10.632000
PROPOSED
11.45600
0.040000
0.0500000
Correctness
Key Generation:
The time required for key generation of RSA is smaller than DSS
and their proposed algorithm.
The time required for DSS is 8 fold that of RSA since in DSS key generation algorithm there is
need to generate key for user as well as key for each message the
sender can sent it.But the time
of proposed algorithm is double that of RSA because two keys for sender and reciver are needed
to be generated.
Signature Generation:
The time required for signature generation of RSA is smaller than DSS because hash functio
n is
used in RSA signature algorithm while secure hash function is used in DSS. However,the time
required for the proposed algorithm is smaller than RSA since it develops the RSA signature
algorithm by using it with DSS.
Signature
Verification
:
In signature verification process, the proposed algorithm pulls ahead both RSA and DSS in
performance. In
Proposed algorithm, two keys are
used, private
for
receiver
and public key for
sender, while
in RSA,
only public key is
used. In
the signature verif
ication process,
part of each
algorithm time is spent
computing
the SHA

1 hash of the message.
Comments:
The result obtained show that RSA signature generation is significantly slower than the
developed signature algorithm.The cost of signature generatio
n can be considered as a factor in
the choice of signature systems. Hence, the proposed signature cost is lower than RSA signature.
The proposed
algorithms achieve
high security for digital signature in addition to decrease
processing time and computational overheads. Thus, an intruder cannot interfere on a sent
message since the sender’s private key is unknown to him.
On the receiver’s side, the message is verified
by using sender’s public key and his private key to
decrypt the message successfully.
In RSA, signature generation is faster than signature verification and in DSS signature
verification is faster
signature generation
. The proposed algorithm is faster
than both RSA and
DSS.
A real example
In practice, we use a modulus of size in the order of 1024 bits. That is over 300 decimal digits.
One example is
n =
11929413484016950905552721133125564964460656966152763801206748195494305685115
033
380631595703771562
02973050001186287708466899691128922122454571180605749959895
170
80042105263427376322274266393116193517839570773505632231596681121927337473973
220
312512599061231322250945506260066557538238517575390621262940383913963
This is composed of the two primes
p =
1
0933766183632575817611517034730668287155799984632223454138745671121273456287
670
008290843302875521274970245314593222946129064538358581018615539828479146469
q =
10910616967349110231723734078614922645337060882141748968209834225138976011179
993
3942998101597
36904468554021708289824396553412180514827996444845438176099727
With a number this large, we can encode all the information we need in one big integer. We put
our message into an octet string and then convert to a large integer.
Also, rather than trying to
represent the plaintext as an integer directly, we generate a random
session key
and use that to encrypt the plaintext with a conventional, much faster symmetrical
algorithm like Triple DES or AES

128. We then use the much slower public key encryption
alg
orithm to encrypt just the session key.
The
sender A
then transmits a message to the recipient B in a format something like this:

Session key encrypted with RSA = xxxx
Plaintext encrypted with session key = xxxxxxxxxxxxxxxxx
The
recipient B
would extract the encrypted session key and use his private key (n,d) to decrypt
it. He would then use this session key with a conventional symmetrical decryption algorithm to
decrypt the actual message. Typically the transmission would include in plainte
xt details of the
encryption algorithms used, padding and encoding methods, initialisation vectors and other
details required by the recipient. The only secret required to be kept, as always, should be the
private key.
If Mallory intercepts the transmissi
on, he can
either try or
crack the conventionally

encrypted
plaintext directly, or he can try and decrypt the
encrypted
session key and then use that in turn.
Obviously, this system is as strong as its weakest link.
When signing, it is usual to use RSA to
sign the message digest of the message rather than the
message itself. A one

way hash function like SHA

1 or SHA

256 is used. The sender A then
sends the signed message to B in a format like this
Hash algorithm = hh
Message content = xxxxxxxxx...xxx
Sign
ature = digest signed with RSA = xxxx
The recipient will decrypt the signature to extract the signed message digest,
m
; independently
compute the message digest,
m'
, of the actual message content; and check that
m
and
m'
are
equal. Putting the message dige
st algorithm at the beginning of the message enables the recipient
to compute the message digest on the fly while reading the message.
Two main properties are required. First, a signature generated from a fixed message and fixed
private key should verify
the authenticity of that message by using the corresponding public key.
Secondly, it should be computationally infeasible to generate a valid signature for a party who
does not possess the private key.
Applications
As organizations move away from paper doc
uments with ink signatures or authenticity stamps, digital
signatures can provide added assurances of the evidence to provenance, identity, and status of an
electronic document as well as acknowledging informed consent and approval by a signatory. The Unit
ed
States Government Printing Office (GPO) publishes electronic versions of the budget, public and private
laws, and congressional bills with digital signatures. Universities including Penn State,
University of
Chicago
, and Stanford are publishing electronic student transcripts with digital signatures.
Below are some common reasons for applying a digital signature to communications:
Authentication
Although messages may often include information about the entity sending a message, that
information may not be accurate. Digital signatures can be used to authenticate the source of
messages. When ownership of a digital signature secret key is bound to a
specific user, a valid
signature
shows that the message was sent by that user. The importance of high confidence in
sender authenticity is especially obvious in a financial context. For example, suppose a bank's
branch office sends instructions to the cent
ral office requesting a change in the balance of an
account. If the central office is not convinced that such a message is truly sent from an
authorized source, acting on such a request could be a grave mistake.
Integrity
In many scenarios, the sender and
receiver of a message may have a need for confidence that the
message has not been altered during transmission.
However, if a message is digitally signed, any
change in the message after signature will invalidate the signature. Furthermore, there is no
ef
ficient way to modify a message and its signature to produce a new message with a valid
signature, because this is still considered to be computationally infeasible by most cryptographic
hash functions
Non

repudiation
Non

repudiation
, or more specifically
non

repudiation of origin
, is an important aspect of digital
signatures. By this property an entity that has signed some information cannot at a later time
deny having
signed it. Similarly, access to the public key only does not enable a fraudulent party
to fake a valid signature.
Weaknesses in RSA
Limitations
Small encryption exponent
If you use a small exponent like
e=3
and
send the same message to different recipient
s
and
just
use the RSA algorithm without adding random padding to the message, then an eavesdropper
could recover the plaintext.
Using the same key for encryption and signing
Given that the underlying mathematics is the same for encryption and signing, on
ly in
reverse, if an attacker can convince a key holder to sign an unformatted encrypted
message using the same key then she gets the original.
Acting as an oracle
There are techniques to recover the plaintext if a user just blindly returns the RSA
transf
ormation of the input. So don't do that.
Solutions
1.
Don't use the same RSA key for encryption and signing.
2.
If using PKCS#v1.5 encoding, use
e=0x10001
for your public exponent.
3.
Always format your input before encrypting or signing.
4.
Always add
fresh
random padding

at least 8 bytes

to your message before encrypting.
5.
When decrypting, check the format of the decrypted block. If it is not as expected, return
an error, not the decrypted string.
6.
Similarly, when verifying a signature, if there is any er
ror whatsoever, just respond with
"Invalid Signatur
Variations & Extensions
The underlying RSA computations,
c = m
e
mod n, m' = c
d
mod n; s = m
d
mod n, m' = s
e
mod n
a
re always the same, but there are many variants of how these can be used inside an encr
yption
or digital signature
scheme
. Here are some of them.
RSAES

OAEP
RSAES

OAEP
(
RSA E
ncryption
S
cheme

O
ptimal
A
symmetric
E
ncryption
P
adding
) is a
public

key encryption scheme combining the RSA algorithm with the OAEP method. The
inventors of OAEP are
Mihir Bellare and Phillip Rogaway, with enhancements by Don B.
Johnson and Stephen M. MatyasRSASSA

PSS
RSASSA

PSS
RSASSA

PSS
(
RSA S
ignature
S
cheme with
A
ppendix

P
robabilistic
S
ignature
S
cheme
) is an
asymmetric signature scheme with appendix combining the
RSA algorithm with the PSS
encoding method. The inventors of the PSS encoding method are Mihir Bellare and Phillip
Rogaway. During efforts to adopt RSASSA

PSS into the P1363a standards effort, certain
adaptations to the original version of RSA

PSS were ma
de by Bellare and Rogaway and also by
Burt Kaliski (the editor of IEEE P1363a) to facilitate implementation and integration into
existing protocols.
X9.31 Signature Scheme
ANSI standard X9.31 requires using
strong primes
derived in a way to avoid particul
ar attacks
that are probably no longer relevant. X9.31 uses a method of encoding the message digest
specific to the hash algorithm. It expects a key with length an exact multiple of 256 bits
Σχόλια 0
Συνδεθείτε για να κοινοποιήσετε σχόλιο