Boost Your Communication Integrity with Digital Signature Legitimateness for Communications & Media in Mexico

How to eSign a document: digital signature legitimateness for Communications & Media in Mexico

in this video we will talk about digital signatures let's consider the example where Alice wants to send a message to Bob as you know without encryption an eavesdropper could listen to their communication take a moment to think about what else could go wrong in terms of security or in other words what a digital signature could be good for first a malicious person we call them Mallory might change the document by intercepting it this is typically called a man-in-the-middle attack digital signatures should thus guarantee the Integrity of a message secondly Mallory might pretend to be Alice when communicating with Bob by impersonating Alice Mallory can send arbitrary messages to Bob with potentially devastating consequences if Bob trusts them to stem from Alice thus a signature should also prove the authenticity of a message finally Mallory might wrongfully pretend to have never sent a given message consider the example where Mallory sent a check to Bob in exchange for goods it would be terrible for Bob if he later finds out that Mallory denies having written the check without Mallory's signature Bob would end up empty-handed we say that a signature scheme should thus prevent repudiation how can a digital signature be implemented remember that public key encryption assigns a public and secret key to every participant the public key is broadcast to everyone the simplest digital signature can now be obtained by Alice using her secret key to encrypt the entire document Bob can then verify whether the signature indeed matches the document he previously received let's now formalize this Construction a digital signature is defined as a triple of the following three algorithms the key generation algorithm outputs a public and secret key pair for every participant the signing algorithm outputs a digital signature for a message by using the sign as secret key finally the verification algorithm outputs true if the signature is valid it does so by using the public key of the signer and the message that the signature is for we say that a signature scheme is correct if the verification algorithm returns true only if the signature is the output of the signing algorithm with the corresponding message and secret key for completeness here is the mathematical notation let's look at a famous digital signature construction that was presented by Elga Mall in 1984. the signing algorithm starts by picking a random value X in the group whose operation is the multiplication modulo P minus 1. it then uses X to compute the group element R which makes up the first part of the signature using the sign a secret key as well as the message M the second part of the signature is computed the verification algorithm uses the public key to verify whether the following equation holds this determines the validity of the signature let us now dive into it and prove that the introduced digital signature scheme is correct to do so we prove that the signature generated by Alice is accepted by Bob the verification algorithm is just a single equation so let us start with the right hand side of this equation next we replace S and the public Key by their definition we can group the terms and see that two terms cancel each other out plugging in the definition of R we end up with the left hand side of the equation thus establishing the correctness of our crypto system you might have noticed that when describing Elga Mall signatures we never only used M but applied the function H to m do you have a hunch why this operation is necessary first in our first construction the signature was just as large as the document itself clearly this isn't efficient and H can thus be used to compress the document to get a smaller signature for it concretely H can be seen like a Scrambler producing a random 256-bit output only these bits are then being encrypted in order to save space to verify the validity of the signature the original document is passed through H as well and both digests are compared but even worse without a well-designed function H the Elga Mall scheme is vulnerable against existential forgery attacks let's see how an attacker can create a valid signature without knowing the secret key this attack works by Mallory obtaining a valid signature from Alice for message m Mallory then creates a new signature by Computing s times r and r squared Bob will then accept this signature as a valid signature for the message R times M divided by 2. can you show that if no hash function is used S Prime is a valid signature for the message M Prime as before let's start with the right hand side of the verification equation remember that the public key is g to the power of the secret key plugging in this definition as well as the definition of s Prime and R Prime we get the following equation next we write out the definition of s we multiply all inner terms by r and see that the terms containing the secret key cancel each other out by replacing G to the X with r and by multiplying and dividing the exponent by 2 we can rearrange the terms we end up with r Prime to the power of M Prime note that for all these steps we assumed multiplication modulo p if H is the identity function we indeed end up with the left hand side of the verification equation we have thus successfully created a valid forged signature for a new message this undermines the importance of using the function H for both efficiency as well as security reasons H is typically called a hash function hash functions are very interesting to study in their own right let's summarize what we learned in this video we learned that digital signatures can prove the integrity and authenticity of a message and prevent repudiation we have then seen the famous Elga mall cryptosystem and got used to simple proofs that employ modular arithmetic thank you for watching this video