What is Digital Signature Standard [DSS]?

Hello, everyone, Welcome back. In this module, I will be discussing what is Digital Signature Standard (DSS) is in Cryptography. So, without further delay, let’s begin.

What is Digital Signature Standard

What is Digital Signature Standard [DSS]?

Digital Signature is a way to validate the authenticity and integrity of the message or digital or electronic documents. Authenticity means to check whether the data is coming from a valid source or not to the receiver i.e. to verify the identity of the sender and integrity means to check that the data or message should not be altered during the transmission.

DSS or Digital Signature Standard was introduced by the National Institute of Standards and Technology (NIST) in 1994. It has become the United States government standard for electronic document authentication. The Federal Information Processing Standard (FIPS) 186 specifies the DSS. It was first proposed in 1991 and revised in 1993as a result of public concerns about the scheme’s security.

DSS employs SHA (Secure Hash Algorithm) to create digital signatures and offers a new digital signature mechanism known as the Digital Signature Algorithm.

What is the DSS approach?

The DSS is different from the fact that the RSA algorithm uses the public key, private key and hash function whereas the DSS uses the public key, private key, hash function, a random number k, and global public key. Therefore, DSS provides more security than RSA algorithms.

What is the DSS approach?

A hash code is generated from the message and given as an input to the signature function on the sender side. The other inputs to a signature function include a unique random number k for the signature, the private key of sender PR(a), and global public key i.e., PU(g).

The output of the signature function consists of two components: s & r, which is concatenated with the input message and then sent to the receiver.
Signature = {s, r}.

At the receiver side, the hash code for the message sent is generated by the receiver by applying a hash function. The verification function is used for verifying the message and signature sent by the sender. The verification function takes hash code generated, signature components s and r, the public key of the sender (PU(a)), and global public key.
The signature function is compared with the output of the verification function and if both the values match, the signature is valid because A valid signature can only be generated by the sender using its private key.

Let’s see what are the steps involved in DSS.

What are the steps involved in DSS?

  • Generation of keys i.e., public and private keys for the source.
  • Creation of digital signature by the source for a message.
  • The receiver verifies the digital signature.

The DSA (Digital Signature Algorithm)

1. Generation of a global public key component

  • Find a prime number p such that 2^L-1 < p < 2^L, where L is an integer between 512 and 1024 i.e., 512 <= L <= 1024.
  • Find another number q which is a prime divisor of (p-1).
  • Compute: g = h^(p-1)/q mod p, where h is an integer between 1 < h < p-1 and g should greater than 1 or h^(p-1)/q mod p>1.

2. Finding the user private and public keys

  • The private key, x is any random number such that 0 < x< q.
  • The public key, y = g^x mod p

3. Generating the Signature

  • Finding the components of signature s and r.
  • r = (gk mod p) mod q
  • s = [k^ -1 {H(M) + x*r}] mod q where k is an integer such that 0 < k <q.
  • Signature= (r, s)

4. Verifying the signature

Let M’, r’, and s’ be the message and signature components respectively received corresponding to M, r, and s.

To verify the signature is valid or not, first the following condition needs to be checked:
0 < r’ < q and 0 < s’ < q

If any of the above conditions is not met, the signature is considered invalid and is therefore discarded; otherwise, if both conditions are met, the following parameters are computed:

v = [(g^u1 y^u2) mod p] mod q
u1 = [H(M)w] mod q
u2 = (r’) w mod q
w = (s’)^ -1 mod q
Test: v = r’
If v = r’, the signature is correct; otherwise, the data or message has been altered.

I hope this module will be useful and you now have a good knowledge of DSS (Digital Signature Standard). Stay tuned for more instructive and engaging modules like this.