Digital Signature algorithm (DSA)


Digital signatures rely on a public-key cryptography architecture to verify a document’s authenticity and the sender’s identification. Several algorithms are used to create digital signatures. Most of these follow a simple method of using the private keys of a sender to sign the message digests. This is how the digital thumbprint is formed for the data to be sent.

The two standard ways to obtain digital signatures are RSA (Rivest–Shamir–Adleman) and DSA (Digital Signature algorithm), but both differ in performing encryption and decryption functions.

DSA (Digital Signature Algorithm) incorporates the algebraic properties of discrete logarithm problems and modular exponentiations for generating an electronic signature for various applications.

Digital Signature Algorithm (DSA) was proposed by the National Institute of Standards and Technology (NIST). The algorithm is based on the difficulty of computing discrete logarithms. It is a signature algorithm, not an encryption algorithm, and uses public-key cryptography to generate digital signatures.

Most digital signature creation algorithms follow the typical technique of signing the message digest (hash of the actual message) with the source private key to create the digital thumbprint.

However, the situation is different in DSA as it generates two signatures by incorporating two complex and unique signing and verification functions. Hence, the DSA algorithm is not a simple use of private and public keys at the start and end of the communication.

 

DSA has three steps:


  • The first step is to generate a key pair.
  • The second step is to sign a message.
  • The third step is to verify the signature of the message.

A DSA key pair consists of a private key and a public key. The private key is generated randomly and kept secret, while the public key can be shared with anyone. In order to sign a message, the private key must be known by the party generating the signature, while in order to verify a message signed with a DSA signature, one only needs the public key corresponding to the private key used to generate the signature.


The benefits DSA offers are:

  • Non-Repudiation: after signature verification, the sender cannot claim to have not sent the data.
  • Integrity: data modification during transmission prevents final verification or message decryption.
  • Message Authentication: right private/public keys combination help verify sender origin.


How Does the Algorithm Authenticate Sender?

The DSA algorithm works on the systematic computation mechanism that computes a hash value and a digital signature constituting two 160-bit numbers from the message digest and the private key. The randomness makes the signature non-deterministic. It uses a public key for signature authentication, which is way more complex than RSA.

The DSA cycle follows these three main steps to complete the process:

·    Key Generation: The process relies on the concept of modular exponentiation to obtain private (x) and public (y) keys that satisfy the mathematical conditions of 0 < x < q and y = gx mod p. Where q is a prime divisor, p is a prime number, and g satisfies these g**q mod p = 1 and g = h**((p–1)/q) mod p conditions. Thus creating private and public key packages {p,q,g,x} and {p,q,g,y}.

·    Signature Generation: A hashing algorithm generates a message digest, which is passed as an input to a signing function to create two variable outputs, r and s, packaged as signature {r,s} such that the message and these variables are sent as a bundle to the receiver.

·    Signature Verification: The process uses the hashing function to output the digest and incorporates variable s with other parameters from the key generation step to produce the verification component v. The verification function compares the calculated variable v against parameter r from the {M,s,r} bundle.

 

To summarize the above process non-mathematically:

  • You create keys with the help of the key generation algorithm to sign the document.
  • Then use a digital signature algorithm to generate the signature.
  • Use a hash function to create a message digest, and combine it with DSA to generate the digital signature.
  • Send the signature with the data for the receiver to authenticate.
  • The receiver authenticates the signature by using a verification algorithm. It’s the hash function used above to create the message digest.

 

Pros of using Digital Signature Algorithm


  • Fast signature computation
  • Requires less storage space for the entire process
  • Freely available (Patent-free) for cost-free global use.
  • Small signature length
  • Observation in real-time
  • Noninvasive
  • DSA is accepted globally for legal compliance.
  • Time-efficient (low time consumption in comparison to processes of physical signing etc.)



Cons of using Digital Signature Algorithm

  • The process does not include key exchange capabilities.
  • The underlying cryptography must be new to ensure its strength.
  • The standardization of computer hardware and software vendors on RSA may cause problems due to DSA’s second authentication standard.
  • The complex remainder operations require a lot of time for computation and hence signature verification.
  • It only ensures authentication, not confidentiality, as the algorithm does not encrypt the data.
  • DSA algorithms compute the SHA1 hash to generate the message digest. Hence, it reflects all the flaws of the SHA1 hash function in the algorithm.




The Working of Digital Signature Algorithm (DSA)

 

The DSA algorithm is standard for digital signature, which is based on the algebraic properties of discrete logarithm problem and modular exponentiations and is based on the public-key cryptosystems principal.

Digital signatures are work on the principle of two mutually authenticating cryptographic keys. Signatures are based on public/private key pairs. With a public-key algorithm like RSA, one can create a mathematically linked private key and public key. One can sign a digital message with his private key. A person can encrypt signature related data with the use of a private key. The private key should always be with a person who wants to create a digital signature. Both the public and the private key can always be derived from one another as they are related mathematically. Signer’s public key is the only way to decrypt this data. One can give the public key to anyone who needs verification of the signer’s signature. It is vital to keep private key secret as one can generate your signature on a document with the help of this. In this manner, the authentication digital signature is done. In a digital signature, validly is only assured by public and private keys.

On the other hand, the digital signature algorithm does not use a private key to encrypt data. Also, a digital signature algorithm does use a public key to decrypt this data. To create a digital signature with two 160-bit numbers, DSA works on the principle of a unique mathematical function. These two numbers are made by using the private key and the message digest.

As the public key is not used to authenticate the signature, the verification process is complex. Both keys are used to secure data in a special digital signature algorithm for further security assurance.

Now, a hash function is used to create a message digest. The generated message digest, along with the DSA algorithm, is what gives the digital signature. This signature is then sent along with the message. At the receiving end, the same hash function is used to authenticate the source and the data.



DSA Vs RSA

Digital Signature Algorithm is an asymmetric key encryption algorithm adopted by USA agencies for secret and non-secret communication. Whereas RSA is a public-key cryptography algorithm that also uses modular arithmetic, its strength relies on the problem of a prime number factorization to secure communication and digital signatures. Hence, unlike usual encryption algorithms like RSA, DSA is a standard only for digital signatures.

Even though both incorporate different mathematical algorithms, the cryptography strength is equivalent. The main difference between the two algorithms narrows down to the speed, performance, and SSH protocol support.

·   In contrast to DSA, RSA is slow in decryption, key generation, and verification but fast in encryption and signing. However, authentication requires both, and speed discrepancies are insignificant in real-world applications.

·   Another difference lies in the support for the Secure Shell network protocol. RSA supports the original SSH and its secure second version SSH2, while DSA only works with SSH2.



Leave a Comment