How did the signature algorithm come from?

Digital signature algorithm and hash signature analysis

It took me nearly a week to write this article, and the RSA algorithm involved in it was introduced in detail in the last article "Public Key Cryptosystem". At present, people still use many RSA algorithms with 5 12 bits and 1024 bits in digital signature.

Abstract: Digital signature and authentication center is the core technology of e-commerce. As an important technology of Internet e-commerce, digital signature has been constantly improved and standardized. Starting from the meaning of digital signature, this paper introduces the contents and algorithms involved in digital signature in detail, and combines them to improve them.

Keywords: Internet public key encryption hash function e-commerce encryption digital signature

Brief introduction of digital signature

With a certain understanding of encryption and decryption algorithms, we can further discuss the problem of "digital signature" (be careful not to confuse it with digital authentication), that is, how to sign a computer file. Digital signature can be realized by symmetric algorithm or public key algorithm. However, the former requires not only the authentication of both the document signer and the document receiver, but also the authentication of the third party, which is more troublesome; Through the implementation of public key encryption algorithm, files encrypted with private key need to be decrypted with public key, so they can be used as digital signatures. The signer encrypts the signature with a secret key (including name, certificate number, short message and other information), and the receiver can decrypt it with the public key and his own public key. If successful, it can ensure that the information comes from the owner of the public key.

The basic principle of realizing digital signature in public key cryptosystem is very simple. Suppose A wants to send an electronic file to B, both parties only need to go through the following three steps:

1.a encrypts the file with its private key, which is the signing process.

2.a sends the encrypted file to B.

3.b uses a's public key to unlock the file sent by a.

Such a signature method conforms to the principle of reliability. Namely:

The signature can be confirmed,

The signature can't be forged,

The signature cannot be reused.

Once a document is signed, it cannot be tampered with.

The signature is undeniable,

Digital signature is an alphanumeric string obtained by processing the message to be transmitted through a one-way function to verify the source of the message and whether the message has been changed. Using these character strings instead of writing signatures or seals has the same legal effect as writing signatures or seals. The international community has begun to formulate corresponding laws and regulations, taking digital signature as the basis for law enforcement.

Realization method of digital signature

There are many ways to realize digital signature. At present, public key encryption technology is widely used in digital signature, such as PKCS (public key cryptography standards), DSA(Digital Signature Algorithm), x.509 and PGP(Pretty Good Privacy) based on RSA data security. 1994 the American institute of standards and technology issued the digital signature standard (DSS), which made public key encryption technology widely used. At the same time, applying hash algorithm is also a method to realize digital signature.

Asymmetric key encryption algorithm for digital signature.

The meaning of the algorithm:

Asymmetric key encryption algorithm uses public key and private key, which are used to encrypt and decrypt data respectively, that is, if data is encrypted with public key, it can only be decrypted with corresponding private key; If the data is encrypted with a private key, it can only be decrypted with the corresponding public key.

Common encryption standards for digital signatures using public key cryptography include RSA, DSA, Diffie-Hellman, etc.

Signature and verification process:

The sender (a) first transforms the message with an open one-way function to obtain a digital signature, then encrypts the digital signature with a private key and sends it with the message.

The receiver (b) decrypts and exchanges the digital signature with the sender's public key to obtain the plaintext of the digital signature. The sender's public key can be issued by a trusted technical management organization, namely a certification authority (CA).

The receiver also gets a digital signature from the plaintext calculated by the one-way function, and then compares the two digital signatures. If they are the same, it proves that the signature is valid, otherwise it is invalid.

This method enables anyone who has the sender's public key to verify the correctness of the digital signature. Because of the confidentiality of the sender's private key, the receiver can not only reject the message according to the result, but also make it impossible to forge the message signature and modify the message, because the digital signature is a set of fixed-length codes representing the characteristics of the message, and the same person will produce different digital signatures for different messages. This solves the problem that the payee may change the amount of the check when the bank sends the check through the network, and also avoids the possibility of the remitter evading responsibility.

Symmetric key encryption algorithm for digital signature

Algorithm meaning

The encryption key and decryption key used in symmetric key cryptography algorithm are usually the same, even if they are different, the other can be easily deduced from either one. In this algorithm, the keys used for encryption and decryption should be kept secret. Because the computer is fast, it is widely used in the encryption process of a large number of data such as files, such as RD4 and DES. IDEA is not recommended as a digital signature.

The general encryption standards of digital signature using block cipher algorithm include DES, TRIPL-DES, RC2, RC4, CAST, etc.

Signature and verification process

Lamport invented a symmetric algorithm called Lamport-Diffle: a set of keys A, whose length is twice as long as the number of message bits (n), is used to generate signature verification information, that is, 2n numbers B are randomly selected, and the 2n numbers B are encrypted and exchanged with signature keys to obtain another 2n number C. ..

Starting from the first bit of the data packet M, the sender checks the I-th bit of M in turn. If it is 0, take the I-bit of the A key; if it is 1, take the i+ 1 bit of the A key; Until all the messages are checked. The selected n key bits form the final signature.

When the receiver verifies the signature, it also checks the message m in turn from the first bit. If the I-bit of m is 0, the I-group information in the signature is considered to be the I-bit of key A, and if it is 1, it is the i+ 1 bit of key A; Until the message is completely verified and n keys are obtained. Since the receiver has the authentication information c of the sender, the obtained n keys can be used to check the authentication information, so as to confirm whether the message is sent by the sender.

Because this method is signed bit by bit, only one bit is changed, and the receiver can't get the correct digital signature, so its security is better. Its disadvantages are: the signature is too long (compressing the message before signing can reduce the signature length); The signature key and the corresponding verification information cannot be reused, otherwise it is extremely unsafe.

Improvement of Symmetry and Asymmetry Combination Algorithm

Symmetric algorithm and asymmetric algorithm have their own advantages and disadvantages, so combining their respective advantages and disadvantages to improve, you can use the following module to illustrate:

Hash algorithm of digital signature

Hash algorithm, also known as hash algorithm or message digest, will be explained in detail in digital signature algorithm.

The general encryption standards of hash algorithm digital signature are: SHA- 1, MD5, etc.

Digital signature algorithm

There are many algorithms for digital signature, and the three most widely used ones are: Hash signature, DSS signature and RSA signature. These three algorithms can be used separately or together. Digital signature is realized by encrypting and decrypting data through encryption algorithm. Commonly used hash algorithms are MD2, MD5 and SHA- 1, and digital signature can be realized by DES algorithm and RSA algorithm. But there are more or less defects or no mature standards.

Hash signature

Hash signature is the most important digital signature method, also known as digital digest and digital fingerprint. Unlike RSA digital signature, which is a separate signature, this digital signature method closely links the digital signature with the information to be sent, which is more suitable for e-commerce activities. Compared with transmitting the contract and signature separately, combining the contents of the business contract with the signature will increase the credibility and security. Below we will introduce the functions and algorithms in hash signature in detail.

How about 3ce909 lipstick?

Which shooting style is most suitable for girls of the twelve zodiac signs?

Zhou Sijie Huang Jialing's artistic signature does not need a permanent mobile phone.

How to write an attractive copy of Arbor Day?

Crash into the World Lyrics

Father's Day Poster POP-When making Father's Day h5, there is a problem, that is, how to save the poster after it is generated.

Nike new product! AJ37 exposed new color matching, Jordan shoes are a bit ugly, slippers are not as good as domestic ones.

A cross talk between Degang Guo and Yu Qian is about football. What's its name? Detailed introduction, thank you.

Drunk personality signature

What is a book ticket?