Computer Science
Computer Catlog
Cryptography Catlog

Caesar Cipher
Digital Signature
Public key cryptography
Symmetric vs. public-key
Key Management
Stream Ciphers
Self-Synchronizing Ciphers
Feedback Shift Registers
Modes of Operation
Multiple Encryption
Transposition Ciphers
Substitution Ciphers
Poly-alpha Substitutions
Poly-alpha Cipher Machine
Cryptanalysis Ciphers
Data Encryption Standard
DES Algorithm
IDEA Algorithm
RC5 Algorithm
RSA Encryption
Rabin Encryption
ElGamal Encryption
MD4 & MD5
Secure Hash Algorithm
Kerberos Authentication
Diffie-Hellman protocols
Key Management Life Cycle

Digital signatures

    A cryptographic primitive which is fundamental in authentication, authorization, and non repudiation is the digital signature. The purpose of a digital signature is to provide a means for an entity to bind its identity to a piece of information. The process of signing entails transforming the message and some secret information held by the entity into a tag called a signature. Nomenclature and set-up

* M is the set of messages which can be signed.

* S is a set of elements called signatures, possibly binary strings of a fixed length.

* SA is a transformation from the message set M to the signature set S, and is called a signing transformation for entity A.3 The transformation SA is kept secret by A, and will be used to create signatures for messages from M.

* VA is a transformation from the set M * S to the set {true; false}. VA is called a verification transformation for A's signatures, is publicly known, and is used by other entities to verify signatures created by A.

    The transformations SA and VA provide a digital signature scheme for A. Occasionally the term digital signature mechanism is used.

Digital Signature

Signing procedure

Entity A (the signer) creates a signature for a message m2M by doing the following:

1. Compute s = SA(m).

2. Transmit the pair (m; s). s is called the signature for message m.

Verification procedure

    To verify that a signature s on a message m was created by A, an entity B (the verifier) performs the following steps:

1. Obtain the verification function VA of A.

2. Compute u = VA(m; s).

3. Accept the signature as having been created by A if u = true, and reject the signature if u = false.

Properties required for signing and verification functions

There are several properties which the signing and verification transformations must satisfy.

(a) S is a valid signature of A on message m if and only if VA(m; s) = true.

(b) It is computationally infeasible for any entity other than A to find, for any m2M, an s 2 S such that VA(m; s) = true.

Authentication and identification

    Authentication is a term which is used (and often abused) in a very broad sense. By itself it has little meaning other than to convey the idea that some means has been provided to guarantee that entities are who they claim to be, or that information has not been manipulated by unauthorized parties. Authentication is specific to the security objective which one is trying to achieve. Examples of specific objectives include access control, entity authentication, message authentication, data integrity, non-repudiation, and key authentication.

    Authentication is one of the most important of all information security objectives. Until The mid 1970s it was generally believed that secrecy and authentication were intrinsically connected. With the discovery of hash functions and digital signatures, it was realized that secrecy and authentication were truly separate and independent information security objectives. It may at first not seem important to separate the two but there are situations where it is not only useful but essential. For example, if a two-party communication between Alice and Bob is to take place where Alice is in one country and Bob in another, the host countries might not permit secrecy on the channel; one or both countries might want the ability to monitor all communications. Alice and Bob, however, would like to be assured of the identity of each other, and of the integrity and origin of the information they send and receive.

    The preceding scenario illustrates several independent aspects of authentication. If Alice and Bob desire assurance of each other's identity, there are two possibilities to consider.

1. Alice and Bob could be communicating with no appreciable time delay. That is, they are both active in the communication in "real time".

2. Alice or Bob could be exchanging messages with some delay. That is, messages might be routed through various networks, stored, and forwarded at some later time.

     In the first instance Alice and Bob would want to verify identities in real time. This might be accomplished by Alice sending Bob some challenge, to which Bob is the only entity which can respond correctly. Bob could perform a similar action to identify Alice. This type of authentication is commonly referred to as entity authentication or more simply identification. For the second possibility, it is not convenient to challenge and await response, and moreover the communication path may be only in one direction. Different techniques are now required to authenticate the originator of the message. This form of authentication is called data origin authentication.


    An identification or entity authentication technique assures one party (through acquisition of corroborative evidence) of both the identity of a second party involved, and that the second was active at the time the evidence was created or acquired. Typically the only data transmitted is that necessary to identify the communicating parties. The entities are both active in the communication, giving a timeliness guarantee.

Data origin authentication

    Data origin authentication or message authentication techniques provide to one party which receives a message assurance (through corroborative evidence) of the identity of the party which originated the message. Often a message is provided to B along with additional information so that B can determine the identity of the entity who originated the message. This form of authentication typically provides no guarantee of timeliness, but is useful in situations where one of the parties is not active in the communication. Data origin authentication implicitly provides data integrity since, if the message was modified during transmission, A would no longer be the originator.