MACs based on Block Ciphers, Digital signature, its property, requirements and security, various digital signature schemes

( Elgamal and Schnorr)

:: By ::Adarsh Patel

Outline

MACs based on Block CiphersDigital SignatureProperty, Requirements and Security of Digital SignatureVarious digital signature schemes ( Elgamal and Schnorr )

2I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

MACs based on Block CiphersDigital SignatureProperty, Requirements and Security of Digital SignatureVarious digital signature schemes ( Elgamal and Schnorr )

3I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

MACs based on Block Ciphers We look at two MACs that are based on the use of a block cipher

mode of operation.• Data Authentication Algorithm ( DAA )

• Cipher Based Message Authentication Codes ( CMAC )

4I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

Data Authentication Algorithm Data Authentication Algorithm (DAA) is a widely used MAC based on DES-CBC.

•Send final block as the MAC or the leftmost M bits (16≤M≤64) of final block.

•If necessary, the final block is padded on the right with zeroes to form a full 64-bit block.

5I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

O1 = E(K, D)O2 = E(K, [D2 ⊕ O1])O3 = E(K, [D3 ⊕ O2]): ON = E(K, [DN ⊕ ON-1])

Data Authentication Algorithm (…)

6I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

Fig. 1 Data Authentication Algorithm Process [1]

CMAC CMAC (Cipher-based Message Authentication Code) is a block

cipher based MAC algorithm. It may be used to provide assurance of the authenticity and, hence, the integrity of binary data. This mode of operation fixes security deficiencies of CBC-MAC .

7I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

C1 = E(K, M1)C2 = E(K, [M2 ⊕ C1])C3 = E(K, [M3 ⊕ C2]): Cn = E(K, [Mn ⊕ Cn-1 ⊕ K1])T = MSBTlen(Cn)

Where,T = message authentication code,

also referred to as the tagTlen = bit length of TMSBs(X) = the s leftmost bits of the

bit string X

CMAC (…)

Fig. 2 CMAC Process [1]

8I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

CMAC (…) Advantages

•Can use existing encryption functions.

•Encryption functions have properties that resist pre image and collision attacks

Disadvantage •Encryption algorithms (particularly when chained) can be much slower than hash algorithms

9I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

Macs based on Block CiphersDigital SignatureProperty, Requirements and Security of Digital SignatureVarious digital signature schemes ( Elgamal and Schnorr )

10I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

Introduction The authenticity of many legal, financial, and other documents is

done by the presence or absence of an authorized handwritten signature.

“Digital Signature” is the best solution for authenticity in various fields.

A digital signature is nothing but an attachment to any piece of electronic information, which represents the content of the

document and the identity of the owner of that document uniquely[2].

11I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

What is digital signature ?? A digital code (generated and authenticated by public key encryption) which is attached to an electronically transmitted document to verify its contents and the sender's identity. Digital Signature of a person therefore varies from document to

document thus ensuring authenticity of each word of that document. As the public key of the signer is known, anybody can verify the

message and the digital signature.

12I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

Macs based on Block CiphersDigital SignatureProperty, Requirements and Security of Digital SignatureVarious digital signature schemes ( Elgamal and Schnorr )

13I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

Properties The digital signature must have the following properties[2]

• It must verify the author and the date and time of the signature.

• It must authenticate the contents at the time of the signature.

• It must be verifiable by third parties, to resolve disputes.

14I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

Basic Requirements Private Key•The private key is one which is accessible only to the signer. It is used to generate the digital signature which is then attached to the message.[2]

Public Key•The public key is made available to all those who receive the signed messages from the sender. It is used for verification of the received message. [2]

15I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

Basic Requirements (…) Digital Signature Certificate•A subscriber of the private key and public key pair makes the public key available to all those who are intended to receive the signed messages from the subscriber.[3]

•But in case of any dispute between the two sides, there must be some entity with the receiver which will allow the receiver of the message to prove that the message was sent by the subscriber of the key pair. This can be done with the Digital Signature Certificate.[3]

16I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

How digital signature works ??

17I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

Fig. 3 Working of Digital Signature

Digital signature algorithm

18I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

Fig. 4 Digital Signature generation and verification [4]

Paper Signatures v/s Digital Signatures

19I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

Parameter Paper Electronic

Authenticity May be forged Can not be copied

Integrity Signature independent of the document

Signature depends on the contents of the document

Non-repudiation

a. Handwriting expert needed

b. Error prone

a. Any computer userb. Error free

Macs based on Block CiphersDigital SignatureProperty, Requirements and Security of Digital SignatureVarious digital signature schemes ( Elgamal and Schnorr )

20I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

Digital Signature Schemes

21I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

The following are the widely used Schemes for Digital Signatures.

•RSA Scheme

•Elgamal Scheme

•Schnorr Scheme

•Digital Signature Standard (DSS)

Elgamal Scheme

22I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

Elgamal encryption scheme is designed to enable encryption by a user’s public key with decryption by the user’s private key. The

Elgamal signature scheme involves the use of the private key for encryption and the public key for decryption.[2]

In the signing process , two functions create two signatures. In verifying process the output of two functions are compared for verification .

Elgamal Scheme (…)

23I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

Fig. 5 Verifying and Signing process in Elgamal [5]

Schnorr Scheme

24I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

The Schnorr scheme minimizes the message-dependent amount of computation required to generate a signature. The main work for signature generation does not depend on the message and can be done during the idle time of the processor.[2] In the signing process , two functions create two signatures. In

verifying process , the output of one function is compared to the first signature for verification.

The important point is that the scheme uses two prime modulusp and q.

Schnorr Scheme (…)

25I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

Fig. 5 Verifying and Signing process in Schnorr [5]

Schnorr Scheme (…)

26I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

Signing1. Alice chooses a random number r.2. Alice calculates S1 = h(M|e1^r mod p).3. Alice calculates S2 = r + d × S1 mod q.4. Alice sends M, S1, and S2.

Verifying message1. Bob calculates V = h (M | e1^S2 e2^−S1 mod p).

2. if S1 is congruent to V modulo p, the message is accepted; otherwise rejected.

References1. http://flylib.com/books/en/3.190.1.99/1/2. Cryptography & Network Security : Principal & Practices, 5th edition

- William Stallings 3. https://en.m.wikipedia.org/wiki/Digital_Signature4. http://ksn5-simonmuerzl.blogspot.in/5. http://www.slideshare.net/sonalbisla/elgamal-amp-schnorr-digital-

signature-scheme-copy

27I N F O R M A T I O N A N D N E T W O R K S E C U R I T Y

Thank You…