9 Digital signatures

 

This chapter covers

  • Using asymmetric cryptography for message authenticity
  • Understanding practical uses of digital signatures
  • Understanding forgery attacks on digital signatures
  • Exploiting ECDSA signatures with reused nonces
  • Exploiting the PKCS #1 v1.5 padding scheme using Bleichenbacher’s \(e=3\) signature forgery attack

Digital signatures are proofs of authenticity of a message that are hard to forge but easy to verify. The counterfeiting features built into modern paper currencies are a great real-world analogy for these properties. Such features (color-shifting ink, micro-printing, 3D ribbons, watermarks, security threads, and so on) are prohibitively hard (or expensive) for bad people to replicate but are easy for interested parties to check to prove the authenticity of the bills (or messages) they’re on.

9.1 Message authenticity using symmetric and asymmetric secrets

We started our exploration of cryptography by discussing the basic properties it broadly aims to achieve: confidentiality, integrity, and authenticity. Table 9.1 shows symmetric and asymmetric approaches for satisfying these properties. Digital signatures allow proving that a message is authentic: that is, it indeed came from who it’s claiming to be from.

Table 9.1 Security properties of cryptographic algorithms
Confidentiality Integrity Authenticity
Symmetric Stream / Block ciphers Hashing Message authentication codes
Asymmetric Integer factorization / Discrete logarithms Digital signatures

9.2 Practical applications of digital signatures

9.2.1 Certificates: Extending trust using digital signatures

9.2.2 Code integrity: Ensuring software security using digital signatures

9.2.3 Using signatures for digital contracts

9.3 Forgery attacks on digital signatures

9.4 Schoolbook RSA signatures

9.5 The elliptic curve digital signature algorithm (ECDSA)

9.5.1 Implementing vulnerable ECDSA signatures with reused nonces