Digital Signature Algorithm (DSA)
The DSA (Digital Signature Algorithm) approach involves using of a hash function to create a hash code, same as RSA. This hash code is combined with a randomly generated number k as an input to a signature function. The signature function depends on the sender’s private key (PRa) as well as a set of parameters that are known to a group of communicating principals. This set can be considered as a global public key (PUG). The output of the signature function is a signature with two components, s and r. When an incoming message is received, a hash code is generated for the message. This hash code is then combined with the signature and input into a verification function. The verification function depends on the global public key as well as the sender’s public key (PUa) which is paired with the sender’s private key. The output of the verification function returns a value equal to the signature’s component r, if the signature is valid. The signature function is designed in such a way that only the sender, with knowledge of the private key, can produce a valid signature.
You can refer below diagram for DSA, where,
- M = Message or Plaintext
- H = Hash Function
- || = bundle the plantext and hash function (hash digest)
- E = Encryption Algorithm
- D = Decryption Algorithm
- PUa = Public key of sender
- PRa = Private key of sender
- Sig = Signature function
- Ver = Verification function
- PUG = Global public Key
Primary Termologies
- User’s Private Key (PR): This key is publicly known and can be shared with anyone. It’s used to verify digital signatures created with a corresponding private key.
- User’s Public Key (PU): A top-secret cryptographic key only possessed by the user is used in DSA algorithm’s digital signature generation. As it is, the private key must be kept secret and secure because it proves that a given user is genuine.
- Signing (Sig): Signing involves creating a digital signature with the help of a user’s private key. In case of DSA, this process requires mathematical operations to be performed on the message that should be signed using a given private key in order to generate a unique signature for that message.
- Verifying (Ver): Verifying is the process of verifying whether or not a digital signature has been forged using its corresponding public key. In DSA, this involves comparing the messages hash against the verification value through mathematical operations between two binary strings – one representing an encrypted data and another one representing plain-text original message.
Digital Signature Algorithm (DSA)
A Digital Signature is a verification method made by the recipient to ensure the message was sent from the authenticated identity. When a customer signs a check, the bank must verify that he issued that specific check. In this case, a signature on a document acts as a sign of authentication and verifies that the document is authentic.
Suppose we have:
- Alice is the entity that sends a message or initiates communication.
- Bob represents the recipient or receiver of the message.
- Eve represents an eavesdropper or adversary who may attempt to intercept or tamper with the communication.
In Public Key cryptography (also known as Asymmetric cryptography), the communication process is as follows:
- Alice encrypts the message using Bob’s public key.
- The encrypted message reaches Bob.
- Bob decrypts the message sent by Alice using his private key.
Now, suppose when Alice sends a message to Bob, then Bob will check if the sender is authentic; to ensure that it was Alice who sent the message, not Eve. For this, Bob can ask Alice to sign the message electronically. So we can say that an electronic signature can prove that Alice is authentic and is the one sending the message. We called this type of signature a digital signature.