Information security - digital signature

Language 2023-09-11 19:02:11 views: null

1. Digital signature background

        Assuming that A sends a message containing an authentication code to B, there may still be disputes between them. For example, A can deny that the message was sent, and B cannot prove that A actually sent the message. Alternatively, B can forge a different message but claim to have received it from A. In other words, although the integrity of the information is guaranteed, the anti-repudiation of the information cannot be guaranteed.

        In real life, this situation also exists, so in people's work and life, the handling of many things requires the signature of the person concerned. For example, commercial contracts, documents of government departments, and financial vouchers all require the signatures of the parties involved. Signature plays a variety of roles such as confirmation, approval, validation and responsibility.

        In fact, a signature is a kind of information that proves the identity of the parties and the authenticity of the data, and has the function of ensuring the authenticity and integrity of the information. In traditional transaction processing based on written documents, written signatures, such as fingerprints, signatures, and seals, are used. Written signatures are supported and recognized by the judiciary and have certain legal effects.

        In modern transaction processing based on computer files, electronic signatures, namely digital signatures (digital signatures), should be used.

        Digital signatures are performed using public key cryptography, and their security depends on the security of the cryptography system.

        In China, digital signatures are legally binding and are being widely used. In 2000, the new Contract Law of the People's Republic of China confirmed the legal validity of electronic contracts and electronic signatures for the first time. From April 1, 2005, China's first "Electronic Signature Law" was officially implemented.

2. The principle of digital signature

2.1. Requirements that digital signatures must meet

        In traditional documents, handwritten signatures have long been used as proof of a user's identity or to show that the signer agrees with the content of the document. In fact, the signature reflects the following guarantees:

  • (1) The signature is authentic. The signature convinces the recipient of the document that the signer took care to sign the document.
  • (2) The signature cannot be forged. A signature proves that the signer and not someone else signed the document.
  • (3) The signature cannot be reused. The signature is part of the file and it is not possible to move the signature to a different file.
  • (4) The signed document is immutable. After a document is signed, it cannot be changed.
  • (5) The signature is non-repudiation. The signature and the document are inseparable, and the signer cannot later claim that he did not sign the document.

        Traditional written signatures such as fingerprints, signatures, and seals basically meet the above conditions, so they are supported by the judicial department. Because a person cannot completely disguise his own handwriting, and at the same time he cannot realistically imitate other people's handwriting, and the public security department has a professional organization for handwriting identification. The engraving and use of official seals are protected and restricted by the law. It is impossible to engrave two identical seals, because engraving belongs to the art of gold and stone, and each engraver has its own artistic style, just like handwriting. It is impossible to thoroughly camouflage one's own style and faithfully imitate another's. Human fingerprints are very stable and remain unchanged throughout life. According to expert calculations, there will be one case of the same among about 5 billion people.

        There are problems with digitally signing on a computer and making these guarantees continue to be valid. Someone might consider scanning their handwritten signature into a computer and pasting it where the signature is required. There are actually problems with this approach.

        First, computer files are easy to copy, and even though someone's signature is difficult to forge, it's easy to cut and paste a valid signature from one file to another. This makes the signature meaningless.

        Secondly, the file is easy to modify after it is signed and does not leave any traces of modifications.

        Therefore, simply scanning a handwritten signature cannot meet the requirements. At present, people's requirements for digital signatures are: to ensure that the author and the date and time of his signature can be verified; that the content of the signature moment must be authenticated; and that the signature must be verified by a third party to resolve disputes.

Based on these characteristics, for ease of use, further requirements are as follows:

  • (1) Dependency: The generation of a signature must depend on the signed information.
  • (2) Uniqueness: The signature must use certain information that is unique to the sender to prevent forgery and denial by both parties.
  • (3) Verifiability: The digital signature must be relatively easy to identify and verify.
  • (4) Anti-forgery: It is computationally infeasible to forge the digital signature, it is infeasible to construct a message based on an existing digital signature, and it is infeasible to forge a digital signature for a given message.
  • (5) Availability: Saving a digitally signed copy in memory is feasible.

        People use public key cryptography to generate digital signatures. The user encrypts the hash value of the original data with his or her private key, and the resulting data is a digital signature. The information receiver uses the public key of the information sender to decrypt the digital signature attached to the original information to obtain a hash value, and by comparing it with the hash value generated by the original data it has received, it can confirm whether the original information has been tamper. This ensures the authenticity of the source and the integrity of the data transmission.

        There are several public key algorithms that can be used as digital signatures. The characteristic of these public key algorithms is that not only the message encrypted with the public key can be decrypted with the private key, but also the message encrypted with the private key can be decrypted with the public key.

2.2. Signature method

        Distinguished from the protocol, digital signatures can be divided into direct digital signature methods and arbitrated digital signature methods.

2.2.1. Direct digital signature

        Let’s first look at the direct digital signature method. The basic protocol is very simple:

  • (1) A encrypts the file with its private key, thereby signing the file.
  • (2) A transmits the signed document to B.
  • (3) B decrypts the file with A's public key. If the plaintext can be successfully decoded, it means that the signature verification is successful.

        On the one hand, it ensures that the document will not be modified after signing; on the other hand, A cannot deny his obligations and responsibilities for this document.

        In practice, this approach is too inefficient. Assuming that the file transmitted by A is very large, then the entire file

        Encrypting files is a waste of time and resources. And sometimes the document content does not need to be kept confidential, such as government announcements. Therefore, digital signature protocols are often used with hash functions. A does not sign the entire file, but only the hash value of the file. The principle of digital signature protocol is shown in the figure.

        In the following protocol, the hash function and digital signature algorithm are negotiated in advance:

  • (1)A generates the hash value of the file.
  • (2)A uses her private key to encrypt the hash value to represent the signature of the file.
  • (3)A sends the document and signature to B.
  • (4) B uses the file sent by A to generate the hash value of the file, and at the same time uses A's public key to decrypt the hash value of the signature. A signature is valid if its hash matches the self-generated hash.

        This method not only ensures the integrity of the information, but also ensures the non-repudiation of the information. If the confidentiality of the information is also required, a symmetric or asymmetric encryption method can be added.

        Since the probability of two different files having the same 160-bit hash value is 1/2^160, using a hash function signature in this protocol is just as secure as using a file signature.

        The above agreement belongs to direct digital signature. This signature method only involves the communicating party. It assumes that the receiver knows the sender's public key. The signature is generated through encryption using the sender's private key. But this system has a common weakness: the effectiveness of the scheme depends on the security of the sender's private key .

        If the sender later wants to deny sending a signed message, he can claim that the private key used to sign was lost or stolen, and that someone forged his signature. Administrative controls related to private key security are often required to stop this, but the threat remains.

        Improved method: For example, the signed information can be required to contain a timestamp (date and time). But there are also problems: A's private key is indeed stolen at time T, and the adversary can forge A's signature and a timestamp that is earlier than or equal to time T.

In order to solve the problems existing in direct digital signatures, the arbiter was introduced.

2.2.2. Arbitration digital signature (symmetric key signature)

        The signed message from sender A to receiver B is first sent to the arbiter S. S conducts a series of tests on the message and its signature to check its origin and content. The message is then dated and verified by the arbitrator. Send the instructions to B together.

        The arbiter plays a sensitive and critical role in this type of signature model. All participants must have substantial confidence that this arbitration mechanism is working properly.

        First, before the protocol is executed, all parties do not have to share information, thus preventing collusion; second, as long as the arbiter’s private key is not leaked, no one, including the sender, can send replayed messages; finally, for To any third party (including A), the message sent by X to Y is confidential. Of course, the more complete the functions, the higher the communication cost.

3. Digital signature algorithm

        There are many digital signature algorithms, and the three most widely used ones are RSA signature, DSS signature and ECDSA digital signature based on ECC cryptosystem.

3.1. Introduction to Several Algorithms

  1. RSA (Rivest-Shamir-Adleman): The RSA algorithm is an asymmetric encryption algorithm that can be used to both encrypt data and generate digital signatures. It is based on the difficult problem of large number decomposition and has high security, but a large amount of calculation.
  2. DSA (Digital Signature Algorithm): DSA is a digital signature algorithm based on the discrete logarithm problem. It is less computationally intensive than the RSA algorithm and is suitable for resource-constrained environments, but it takes longer during the key generation process.
  3. ECDSA (Elliptic Curve Digital Signature Algorithm): ECDSA is a digital signature algorithm based on elliptic curve cryptography. Compared with RSA and DSA, ECDSA uses a shorter key length at the same security level, has faster calculation speed, and is suitable for resource-limited environments.
  4. EdDSA (Edwards-curve Digital Signature Algorithm): EdDSA is a digital signature algorithm based on twisted Edwards curve cryptography. It inherits the advantages of ECDSA and improves on security, efficiency and simplicity of implementation.

3.2. RSA digital signature

Assuming that the RSA public key cryptography system has been established, if user A wants to digitally sign a message (or other file or data packet) and send it to B (B may be a user or an arbitration center), then the digital signature The algorithm is as follows:

3.2.1. Implementation of signature

User A uses his private key SK to decrypt the message to form a signature, and then sends the message and signature together.

However, the generally used method is to encrypt the hash value of the plaintext.

It is actually the process of decrypting plaintext or hash value using a private key. Note that the "decryption operation" mentioned here does not refer to the process of converting ciphertext into plaintext, but should be understood as a broad conversion operation.

3.2.2. Signature Verification

Receiver B encrypts the received signature with sender A's public key to obtain it. Similarly, the "encryption operation" here should also be understood as a generalized conversion operation. If the hash value is encrypted, use the same hash function to process the received message to get a new hash code. If the hash code matches the decrypted signature, the signature is considered valid, otherwise the message is considered valid. The document has been tampered with or deceived by an attacker. This is because only the sender knows its own private key, and therefore only the sender can produce a valid signature.

3.3. Other digital signatures

There are also some other special signatures:

3.3.1. Non-repudiation signature

        For non-repudiation signatures, others cannot correctly verify the signature without the cooperation of the signer, thus preventing illegal copying and proliferation of documents signed by the signer. This has positive implications for protecting the intellectual property rights of electronic publications such as software. Only authorized users can verify signatures and obtain services from software developers, while illegal copiers cannot verify signatures and thus cannot obtain services.

3.3.2. Blind signature

        Someone needs to sign a certain data, but he cannot let him know the content of the data. This kind of blind signature is often needed in secret ballot elections and digital currency systems, so blind signatures have broad application prospects in e-commerce and e-government systems. Compared with ordinary signatures, it has two characteristics. One is that the signer does not know the content of the signed data, and the other is that the signer cannot trace the signature after the signature is leaked by the recipient.

Guess you like

Origin blog.csdn.net/java_faep/article/details/132577713
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com