DSA Algorithm in Cryptography
2024-02-07 06:45:43

DSA Algorithm in Cryptography

DSA is an acronym that stands for Digital Signature Algorithm. Before going to explain about DSA Algorithm in Cryptography, let's see first what are digital signatures?

Verifying and authenticating documents and data is the goal of digital signatures. For the transmission of official documents, this is important to prevent tampering, digital change, or forgery.

They are engaged in developing the architecture for public key cryptography, with one exception. An asymmetric key system typically uses a public key for encryption and a private key for decryption. When it comes to digital signatures, the opposite is true; using the public key to decrypt the signature after it has been encrypted with the private key. Due to the connected keys, you can determine the correct private key used to sign the document and trace the signature's origin by decoding the signature with the public key.

Here,

  • M - Plaintext
  • H - Hash function
  • h - Hash digest
  • '+' - Bundle digest and plaintext together. 
  • E - Encryption
  • D - Decryption

The entire procedure, from the signing of the key to its verification, is depicted in the graphic above. Go through each stage to fully comprehend the process.

Step 1: M, the initial message is sent to a hash function indicated by H# to produce a digest.

Step 2: After that, it combines the message with the hash digest h and encrypts it with the sender's private key.

Step 3: It transmits the encrypted bundle to the recipient, who may decode it using the sender's public key.

Step 4: After the message has been decrypted, it is run through the same hash function (H#) to create a similar digest.

Step 5: It compares the freshly created hash with the message-added hash value. Data integrity is confirmed if they line up.

The aforementioned methodology can be applied in two ways that are considered industry standards. They are as follows:

  1. The RSA algorithm
  2. The DSA algorithm

Although both algorithms perform the same job, they do it in very different ways during the encryption and decryption procedures. Now that you are aware of how the DSA Algorithm is intended to operate while certifying the signature, let's examine it in more detail.

Block Diagram for a Digital Signature

A digital signature is a type of electronic signature based on cryptography that is used to confirm the authorship of a message or the signer of a document and to ensure that the message's or document's original content is maintained.

The following is a block diagram of the digital signature process:

  • Message or Document: This is the information or document that needs to be signed.
  • Hashing: Using a cryptographic hash function, the text or message is transformed into a fixed-length hash.
  • Encryption: The hash is subsequently encrypted using the sender's private key.
  • Digital signature: The encrypted hash serves as the document's digital signature.
  • Verification: Utilising the sender's public key, the signature is then checked to make sure it is valid and the document is genuine.

Description of the Block Diagram

The procedure for establishing and verifying digital signatures is described in the block diagram for digital signatures.

The process is started by sending a message from one side to the other. To construct a hash of this message, a cryptographic hashing technique is then used on it.

A private key belonging to the sender is then used to encrypt the hash. The original message and the encrypted hash are then joined to create the digital signature.

Using the sender's public key to decode the original hash, the recipient then compares the newly generated hash to one generated from the original message. Through this procedure, the recipient can verify the digital signature. The communication may be guaranteed to have come from the sender because the decrypting process ensures that it was not altered while in transit.The digital signature demonstrates once more that the data is authentic and undamaged and comes from a reliable source.

A Digital Signature's Importance

In this digital age, the value of digital signatures cannot be understated, and some,

  • Ensures Authenticity: A digital signature proves that a message or signature was made using the private key associated with the digital signature, hence ensuring the authenticity of a transaction or message.
  • Offers Non-repudiation: A digital signature offers a complete record that a specific person signed the contract or transaction at a specified moment. The individual cannot deny signing it because of this feature.
  • Security is provided: Data is shielded from tampering and unauthorized access using encryption algorithms used in digital signatures. In addition to preventing data from being altered or manipulated while being transmitted, digital signatures use cryptographic methods.
  • Improves Efficiency: By saving time and money on paperwork, printing, scanning, and mailing, digital signatures can improve efficiency.
  • Enhances Compliance: By offering an audit trail of signed documents, digital signatures assist organizations in meeting regulatory and legal compliance obligations.

The Function of Digital Signatures

Authentication and verification are accomplished through digital signatures. A digital document or message's integrity and authenticity are checked using them.

A digital signature is important because it helps ensure the truthfulness and reliability of a digital document or message. A digital signature, to put it briefly, is a type of electronic signature that provides non-repudiation and authenticity between two parties. It is proof that the parties have mutually reviewed the information in a document or message and accepted a specific set of terms and conditions.

Using digital signatures, you can guarantee that only authorized people may access sensitive data, further protecting it.

Using Digital Signatures While Encrypting

Information (known as plaintext) is transformed using an algorithm (referred to as a cipher) to render it unintelligible to everyone but those with specific knowledge typically referred to as a key. Encrypted data is the procedure's output. This encrypted data is referred to as ciphertext in cryptography.

What Exactly Is the DSA Algorithm?

FIPS (Federal Information Processing Standard) digital signatures are created using the Digital Signatures Algorithm. It was first proposed in 1991 by the National Institute of Standards and Technology (NIST), and it became globally standardized in 1994.It operates within the constraints of modular exponentiation and discrete logarithmic issues, which are challenging to compute using a force-brute method.

The following are the three advantages that the DSA Algorithm offers:

  1. Message authentication: The appropriate key combination allows you to confirm the sender's identity.
  2. Integrity Verification: Modifications to the message will prevent the bundle from being fully decrypted, hence they are not permitted.
  3. Non-repudiation: If the recipient confirms the signature, the sender cannot assert they never delivered the message.

The complete DSA algorithm's process is shown in the graphic up top.  The encryption and decryption portion of the preceding method differs from the illustration of a typical digital signature verification process.

Steps in the DSA Algorithm

Try out the complete procedure, from producing the key pair to validating the signature at the conclusion, keeping in mind the illustration above.

1. Key Generation

The key generation procedure consists of two steps: per-user keys and parameter generation.

  • The first step for the user is to select an output length in bits and a cryptographic hash function (H). The output length |H| is higher when the modulus length N is employed.
  • Then select a key length L that, according to the original DSS length, should be a multiple of 64 and fall between 512 and 1024. For lifetime key security, NIST does advise lengths of 2048 or 3072.
  • The options for L and N's values are (1024, 60), (2048, 224), (2048, 256), or (3072, 256) following FIPS 186-4. Additionally, when selecting the modulus length N, the user should make sure that it is both smaller than and equal to the output length (N=|H|) and the key length (NL).
  • Later, a user can select a prime number q of N bits and another prime number as p of L bits in such a way that p-1 is a multiple of q. The integer h from the list (2........p-2) should then be selected the values of p and q after you have them.
  • g = h(p-1)/q*mod(p). If g = 1, attempt a different number for h and repeat the calculation using a different value for g than 1.
  • The shared algorithmic parameters among various system users are p, q, and g.
  • The private key, integer x, must be selected from the list (1.......q-1), and the public key, integer y, must then be calculated.

2. Generation of Signatures

  • The hash function (H#) is used to create our hash digest (h) by running the original message (M) through it.
  • The signing function receives the digest as input and outputs two variables, s, and r, as a result of signing the data.
  • In addition to the digest, you also use an arbitrary number k so that 0 k q.
  • Using the equation r = (gk mod p) mod q, you may get the value of r.
  • Using the equation s = [K-1(h+x. R)mod q], you may get the value of s.
  • After that, it is packaged as "r,s."
  • The recipient receives the complete message and signature pair{M,r,s}.

3. Distributing keys

To distribute keys, a signer must publish the public key (y) and deliver the public key (y) to the recipient directly without using any hidden methods.

  • The following should be done when signing message m:
  • To begin, select an integer k from (1......q-1) and then calculate r = g(k)*mod(p)*mod(q). If r = 0, attempt a different random value of k and recalculate for any other value of r than 0.
  • Scan the formula: s=(k(-1)*(H(m)+xr)*mod(q). If s = 0, attempt a different random value of k and recalculate all values of s other than 0.
  • Two crucial components, r, and s, define the signature. Moreover, a new message is produced using key elements k and r. Even yet, calculating r using a modular exponential method is exceedingly expensive and must be done before the message is known. With the aid of Fermat's little theorem and the Euclidean method, computation is carried out.

4. Verification of Signatures

  • The digest h is created using the same hash algorithm (H#).
  • The verification function then receives this digest, and it also requires otherparameters, including other variables.
  • Calculate w's value in such a way that: s*w mod q = 1.
  • Using the formula u1 = h*w mod q, determine the value of u1.
  • Use the formula u2 = r*w mod q to determine the value of u2.
  • Calculated as [((gu1. yu2) mod p) mod q], the final verification component v is calculated.
  • It contrasts the values of v and r that were received in the bundle.
  • The verification of the signature is finished if they match.

The Algorithm's Correctness

The following signature schemes can be used to determine whether the algorithm is valid.

s=(k^(-1)*(H(m)+xr))*mod(q)

k=H(m)*s^(-1)+x*r*s^(-1)

  = H(m)*w+x*r*w*mod(q)

g^k=[g^(H(m)*w)]×[g^(xrw)]

     =[g^(H(m)*w)]×[y^(rw)]

     =g^(u1)*y^(u2)*mod(p)

As a result, the DSA algorithm is valid.

r=(g^(k)*mod(p))mod(q) = [g(u1)*y(u2)*mod(p)]*[mod(q)]

r =v

Sensitivity

  1. The random values of the signature key element k in DSA are crucial; if they are violated, the attackers could learn all of your private information. In some cases, using the same value for the signature key element and missing a little portion of k may be sufficient to allow attackers to discover the private key x.
  2. Only by calculating a new random value of k for each unique signature value will an attack be thwarted. To protect the private key x from attackers, it is important to have a different value of k for every different H(m) and unpredictable.

What is the DSA Process?

Digital Signature Algorithm is referred to as DSA. It is a cryptographic technique that produces digital signatures, confirms the identity of the sender of digital communication, and guards against message tampering.

Two keys are required for DSA to function: a private key owned by the sender and a public key held by the recipient.

  • The message is signed by the sender using their private key, and that signature is sent with the message.
  • The message recipient then checks the signature's validity and the message's integrity using the sender's public key.
  • Unique algorithms are used for the verification process, enabling the recipient to verify the signature without knowing the sender's private key.

How does the Algorithm authenticate the Sender?

By checking the message's digital signature, the algorithm establishes the sender's legitimacy.

The private key of the sender, which is only known to the sender, is used to create the digital signature.

The recipient can then validate the digital signature using the sender's public key.

The recipient knows who sent the communication if the digital signature is recognized as legitimate.

Advantages of Digital Signature Algorithms (DSA)

  • Highly Robust: When compared to other signature verification techniques, DSA is far more stable and secure.
  • Better Speed: When compared to other methods, such as the RSA algorithm, key creation is substantially faster.
  • Less Storage: For the duration of its cycle, DSA needs less storage space.
  • Patent-Free: When NIST made it available, it was unencumbered by any patents, allowing for free use everywhere.

Drawbacks of Digital Signature Algorithms (DSA)

One of the most widely used methods for producing digital signatures is DSA. DSA may, however, have some disadvantages.

  • Key Length Restrictions: DSA can only be used in a restricted number of applications due to key length restrictions.
  • Rigid Key Management: The lengths of the keys must adhere to rigid key management.
  • Limited Digital Certificate Support: DSA is only usable in certain applications because it does not support certificates.
  • DSA is not an incremental signature technique, which means that once a signature has been generated, it cannot be modified or amended.
  • DSA is a very new algorithm, and unlike some of the more well-established ones, it has not undergone much research or testing.
  • DSA signatures have the potential to be larger than signatures made using other techniques, which may influence the effectiveness of storage and transmission.

A DSA example of Alice's signature

Let’s take an example to explain it. To communicate with Bob, Alice creates a message called M. Additionally, she uses her private key to add a digital signature, S, to the message. The message and digital signature are then sent to Bob. Act after that,

  • To communicate with Bob, Alice created an M message.
  • Alice then generates a random number, k, and the computer is equal to (gk mod p) mod q.
  • Then, determine s = (k-1 * (H(M) + x*r)) mod q, where x is Alice's private key and H is a cryptographic hash function.
  • S is the pair (r, s) that represents Alice's digital signature.
  • Bob receives the message M and Alice's digital signature S.

A DSA verification example from Bob

The digital signature S and Alice's message M are delivered to Bob. He uses Alice's public key (p, q, g, y) that she shared with him to apply the verification method and confirm the signature.

Bob confirms Alice's digital signature is genuine and matches message M using the public key. He determines these values through calculation:

H(M) is the hash of Alice's message, s is her signature, r is her signature's first component, g is the generator, y is her public key, p is the modulus, and q is the prime number.

Bob initially calculates the signature of a message, M, that Alice has signed.

r = (g^x mod p) mod q.

Later, Bob calculates:

S = (y^r*r^x mod p) mod q.

The message is validated if s = M.

Comparing DSA with RSA (Rivest-Shamir-Adleman)

Cryptographic algorithms like DSA and RSA are both utilized for encryption and digital signatures.

A digital signature algorithm is used in following:

  • A private key is needed for signing with DSA, which is a signature-only technique, while a public key is needed for verification.
  • Compared to RSA, the DSA algorithm is quicker and easier to use.
  • Due to its support for message integrity and non-repudiation, DSA is more secure than RSA.

Rivest, Shamir, and Adleman (RSA) algorithm is used in following:

  • The RSA algorithm is a digital signature and encryption tool that can be applied to both.
  • More difficult to implement than DSA, RSA is a slower algorithm.
  • DSA, which needs more computer power and is susceptible to chosen-ciphertext attacks, is safer than RSA but less secure than DES.

Using DSA to verify the Data Source

The procedures below should be followed to verify a data source with DSA:

  1. Establish a Data Source Name (DSN).
  2. Enter the login, password, and database name for the data source in the DSN's configuration.
  3. Analyze the data source relationship.
  4. DSA authentication should be enabled in the data source setup.
  5. With the same name as the user account used in the data source setup, create a DSA user account.
  6. The DSA user account needs a password.
  7. the DSA user account set up in the data source should have the same database name assigned to it.
  8. Using the DSA user credentials, verify the connection to the data source.
  9. Make the data source application's DSA authentication available.
  10. To activate DSA authentication, restart the data source program.

Finally, it should be noted that the Digital Signature Algorithm (DSA) is a key part of cryptography that guarantees safe and trustworthy digital communications.

Digital signature algorithms like DSA will continue to be significant as long as technology develops and there is a demand for secure communication.