DIGITAL Algorithm Signature

The DIGITAL Signature Algorithm , more known under the Initials DSA , is a numerical algorithm of Signature standardized by NIST with the the United States, of time when RSA was still Brevet E. This algorithm belongs to the specification DSS for DIGITAL Signature Standard adopted in 1993 (FIPS 186). A minor revision was published in 1996 (FIPS 186-1) and the standard was improved in 2002 in FIPS 186-2. It is covered by the patent n°: 5231668 in the USA (June 26th, 1991) allotted to David Kravitz, former employee of NSA, and it can be used free.

Outline

The DSA is similar to another type of signature developed by Claus Schnorr in 1989. It has also common points with the signature ElGamal. The process is done in three stages:

• generation of the keys

• signature of the document
• checking of the document signed

Generations of the keys

Their safety rests on the difficulty of the problem of the discrete logarithm in a finished group.

• Choisir a prime number p of L - bit, with 512 ≤ L ≤ 1024, and L is divisible by 64
• Choisir a prime number Q of 160 bits, in such way that p − 1 = qz , with Z an entirety
• Choisir H , with 1 < H < p − 1 so that G = H ^z MOD p > 1
• To generate a X by chance, with 0 < X < Q
• To calculate there = g^x MOD p
• the public key is ( p , Q , G , there ). The private key is X

Signature

• To choose a random random number S , 1 < S < Q
• To calculate S 1 = ( g^s MOD p ) MOD Q
• To calculate S 2 = (H ( m ) + S 1* X ) S ^-1 MOD Q , where H ( m ) is the result of a cryptographic chopping with SHA-1 on the message m
• the signature is ( S 1, S 2)

Checking

• Rejeter the signature if 0
• Calculer W = ( S 2) ^-1 (MOD Q )
• Calculer U 1 = H ( m ) * W (MOD Q )
• Calculer U 2 = S 1* W (MOD Q )
• Calculer v = MOD '' p '' MOD Q
• the signature is valid if v = S 1

Validity of the algorithm

This principle of signature is correct in the direction where the inspector will always accept authentic signatures. This can be shown as follows with a practical example:

Starting from G = h^z MOD p rises:

g^q ≡ H ^qz ≡ H ^{p -1} ≡ 1 (MOD p) according to the Small theorem of Fermat. Since G >1 and Q is first, it follows that G has an order equal to Q .

That which signs carries out for example this (with SHA-1):

$s=k^\; \{-\; 1\}\; (\backslash \; mbox\; \{SHA-1\}\; (m)\; +xr)\; \backslash \; MOD\; \{Q\}.$

Thus

$$

\begin{matrix} K & \ equiv & \ mbox {SHA-1} (m) s^ {- 1} +xrs^ {- 1} \ \ & \ equiv & \ mbox {SHA-1} (m) W + xrw \ pmod {Q}. \ \ \end{matrix}

As G has an order Q , one a:

$$

\begin{matrix} g^k & \ equiv & g^g^ {xrw} \ \ & \ equiv & g^y^ {rw} \ \ & \ equiv & g^ {u1} y^ {u2} \ pmod {p}. \ \ \end{matrix}

Finally, one leads to the validity of DSA:

$r=\; (g^k\; \backslash \; MOD\; p)\; \backslash \; MOD\; Q\; =\; (g^\; \{u1\}\; y^\; \{u2\}\; \backslash \; MOD\; p)\; \backslash \; MOD\; Q\; =\; v.$

See too

• Rivest Shamir Adleman
• Signature numerical
• asymmetrical Cryptography
• digital Elliptic curve signature algorithm

Random links:

Hudibras | Mabompré | Vineyard of the Slopes of Ancenis | Pépito (cookie) | Antoine Hennion | Marshall,_Indiana

© 2007-2008 speedlook.com; article text available under the terms of GFDL, from fr.wikipedia.org