RSA and Digital Signatures
Digital Signature :
As the name sounds are the new alternative to sign a document digitally. It ensures that the message is sent by the intended user without any tampering by any third party (attacker). In simple words, digital signatures are used to verify the authenticity of the message sent electronically.
It is the most popular asymmetric cryptographic algorithm. It is primarily used for encrypting message s but can also be used for performing digital signature over a message.
Let us understand how RSA can be used for performing digital signatures step-by-step.
Assume that there is a sender (A) and a receiver (B). A wants to send a message (M) to B along with the digital signature (DS) calculated over the message.
Sender A uses SHA-1 Message Digest Algorithm to calculate the message digest (MD1) over the original message M.
A now encrypts the message digest with its private key. The output of this process is called Digital Signature (DS) of A.
Now sender A sends the digital signature (DS) along with the original message (M) to B.
When B receives the Original Message(M) and the Digital Signature(DS) from A, it first uses the same message-digest algorithm as was used by A and calculates its own Message Digest (MD2) for M.
Now B uses A’s public key to decrypt the digital signature because it was encrypted by A’s private key. The result of this process is the original Message Digest (MD1) which was calculated by A.
If MD1==MD2, the following facts are established as follows.
- B accepts the original message M as the correct, unaltered message from A.
- It also ensures that the message came from A and not someone posing as A.
The message digest (MD1) was encrypted using A’s private key to produce a digital signature. Therefore, the digital signature can be decrypted using A’s public key (due to asymmetric form of RSA). If the receiver B is able to decrypt the digital signature using A’s public key, it means that the message is received from A itself and now A cannot deny that he/she has not sent the message.
It also proves that the original message did not tamper because when the receiver B tried to find its own message digest MD2, it matched with that of A’s MD1.
Suppose a malicious user tries to access the original message and perform some alteration. Now he/she will calculate a new message digest over the altered message. It might concern you with data integrity and confidentiality but here’s the catch. The attacker will have to sign the altered message using A’s private key in order to pose as A for the receiver B. However, an attacker cannot sign the message with A’s private key because it is known to A only. Hence, the RSA signature is quite strong, secure, and reliable.
Attacks on RSA Signature :
There are some attacks that can be attempted by attackers on RSA digital signatures. A few of them are given below as follows.
- Chosen-message Attack –
In the chosen-message attack, the attacker creates two different messages, M1 and M2, and somehow manages to persuade the genuine user to sign both the messages using RSA digital-signature scheme. Let’s consider message M1 and message M2. so, the attacker computes a new message M = M1 x M2 and then claims that the genuine user has signed message M.
- Key-only Attack –
In this attack, the Assumption is that attacker has access to the genuine user public key and tries to get a message and digital signature. OnlyThe attacker then tries to create another message MM such that the same signature S looks to be valid on MM. However, it is not an easy attack to launch since the mathematical complexity beyond this is quite high.
- Known-message Attack –
In a known-message attack, the attacker tries to use a feature of RSA whereby two different messages having two different signatures can be combined so that their signatures also combine. To take an example, let us say that we have two different messages M1 and M2 with respective digital signatures as S1 and S2. Then if M = (M1 x M2) mod n, mathematically S = (S1 ¥ S2) mod n. Hence, the attacker can compute M = (M1 x M2) mod n and then S = (S1 x S2) mod n to forge a signature.