Applying the RSA Digital Signature to Electronic Mail
TL;DR: Authentication by the customary methods using symmetric ciphers can do nothing to resolve disputes arising from the dishonesty of either sender or receiver and was proposed as a solution to the dispute problem.
Abstract: Because of the increased cost-effectiveness of computer technology and its subsequent acceptance into the business world, computer-based message systems are likely to become the principal carriers of business correspondence. Unfortunately with the efficiency of these systems come new possibilities for crime based on interference with digital messages. But the same technology that poses the threat can be used to resist and perhaps entirely frustrate potential crimes. For some messages, a degree of privacy or secrecy is needed, which is possible with encryption. However, predicting the extent encryption will be used in electronic mail is difficult, since much depends on the cost and convenience of its applications. For nearly all messages, authenticity is a prime requirement. Authenticity implies that the message is genuine in two respects: its text has not changed since it left the sender and the identity of the sender is correctly represented in the text header or in the signature attached to the message. Neither of these authenticity indicators is sufficient by itself because an altered message from sender A is in no way different from a message appearing to come from A but in fact coming from an enemy. The technique of authentication, which is closely related to cryptography, normally uses the symmmetric type of cipher, typified by the Data Encryption Standard, or DES, algorithm. This kind of authentication is seriously deficient because both the sender and receiver must know a secret key. The sender uses the key to generate an authenticator, and the receiver uses it to check the authenticator. With this key, the receiver can also generate authenticators and can therefore forge messages appearing to come from the sender. In other words, authentication can protect both sender and receiver against thirdparty enemies, but it cannot protect one against fraud committed by the other. If A sends a message to B, for example, B might fraudulently claim to have received a different message. Supposing B takes some action in response to a genuine received message, A can still claim that B in fact forged the message. For these reasons, authentication by the customary methods using symmetric ciphers can do nothing to resolve disputes arising from the dishonesty of either sender or receiver. As a solution to the dispute problem, Diffie and Hellmant proposed the use of a digital signature based on certain public-key cryptosystems (Figure 1). The sender of the message is responsible for generating the
Citations
More filters
06 Oct 2015
TL;DR: Part I—Cryptographic Protocols Chapter 2—Protocol Building Blocks 2.
Abstract: Part I—Cryptographic Protocols Chapter 2—Protocol Building Blocks 2.
728 citations
Cites background from "Applying the RSA Digital Signature ..."
...This idea was first invented by Diffie and Hellman [496] and further expanded and elaborated on in other texts [1282,1328,1024,1283,426]. See [1099] for a good survey of the field....
[...]
Journal Article•
TL;DR: In this paper, a general model for hash functions based on block ciphers is presented, where the size of the hashcode is equal to the block length of the block cipher and the key size is approximately equal to block length.
Abstract: Constructions for hash functions based on a block cipher are studied where the size of the hashcode is equal to the block length of the block cipher and where the key size is approximately equal to the block length. A general model is presented, and it is shown that this model covers 9 schemes that have appeared in the literature. Within this general model 64 possible schemes exist, and it is shown that 12 of these are secure; they can be reduced to 2 classes based on linear transformations of variables. The properties of these 12 schemes with respect to weaknesses of the underlying block cipher are studied. The same approach can be extended to study keyed hash functions (MAC's) based on block ciphers and hash functions based on modular arithmetic. Finally a new attack is presented on a scheme suggested by R. Merkle.
451 citations
Book•
01 Jan 1991
TL;DR: This protocol uses a simple 'swapping' technique which can be applied to many zero knowledge proofs (arguments) and obtains a divertible zero-knowledge proof for graph isomorphism.
Abstract: We present a divertible zero-knowledge proof (argument) for SAT under the assumption that probabilistic encryption homomorphisms exist. Our protocol uses a simple 'swapping' technique which can be applied to many zero knowledge proofs (arguments). In particular we obtain a divertible zero-knowledge proof for graph isomorphism. The consequences for abuse-free zero-knowledge proofs are also considered.
202 citations
TL;DR: In this paper, a new digital multisignature scheme using bijective public-key cryptosystems that overcomes the problems of previous signature schemes used for multi-signatures is proposed.
Abstract: A new digital multisignature scheme using bijective public-key cryptosystems that overcomes the problems of previous signature schemes used for multisignatures is proposed. The principal features of this scheme are (1) the length of a multisignature message is nearly equivalent to that for a singlesignature message; (2) by using a one-way hash function, multisignature generation and verification are processed in an efficient manner; (3) the order of signing is not restricted; and (4) this scheme can be constructed on any bijective public-key cryptosystem as well as the RSA scheme. In addition, it is shown that the new scheme is considered as safe as the public-key cryptosystem used in this new scheme. Some variations based on the scheme are also presented.
144 citations
Journal Article•
TL;DR: It is shown that the new scheme is considered as safe as the public-key cryptosystem used in this new scheme, and some variations based on the scheme are also presented.
Abstract: A new digital multisignature scheme using bijective public-key cryptosystems that overcomes the problems of previous signature schemes used for multisignatures is proposed. The principal features of this scheme are (1) the length of a multisignature message is nearly equivalent to that for a singlesignature message; (2) by using a one-way hash function, multisignature generation and verification are processed in an efficient manner; (3) the order of signing is not restricted; and (4) this scheme can be constructed on any bijective public-key cryptosystem as well as the RSA scheme. In addition, it is shown that the new scheme is considered as safe as the public-key cryptosystem used in this new scheme. Some variations based on the scheme are also presented.
143 citations
Cites background from "Applying the RSA Digital Signature ..."
...(2) Functions (i) fe,(x) = lccl (mod n;) (ii) g&(x) = XdL (mod n;) (iii) one-way hash function: any example shown in [2] or [3]....
[...]
...(2) Properties This variation has the following properties: (i) The signature generation and verification procedures are simpler than those in the original version....
[...]
...SI = &h(M)) (2) Ml = M (3) The signer sends Ml * S1 along with his identifier ID, to the second signer....
[...]
...(2) The scheme inherits the advantages of the comparison method....
[...]
...(2) Multisignature generation (a) Signature generation by the first signer....
[...]
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.
14,659 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
Book•
01 Jan 1979
TL;DR: An automatic control system for a tube expander tool of the type having a hydraulically powered rotary tool which is advanced and retracted by a reversible linear motor to maintain a desired constant load and to prevent overloading.
Abstract: An automatic control system for a tube expander tool of the type having a hydraulically powered rotary tool which is advanced and retracted by a reversible linear motor. Operation of automatic cycling is initiated by a manual control whereas axial movement of the tool can be interrupted at any time by operating a hold control while rotation of the tool continues as long as necessary to iron out excess metal or to reposition the tube in the bore should this be desirable. The tool is maintained under constant load at all times by load sensor means in the tool advancing circuit and operable to vary the rate of tool advance to maintain a desired constant load and to prevent overloading. Accordingly, the rate of tool advance varies inversely as the load on the tool.
591 citations
IBM1
TL;DR: Two types of digital signatures are investigated: true signatures, and arbitrated signatures: a true signature can be validated by anyone having the correct nonsecret (public) validation parameter, whereas an arbitrated signature must be validate by a trusted arbiter.
33 citations