Describe the three components of a digital signature scheme
- Key generation
randomised algorithm
generates a keypair (secret signing key π + public verification key π)
also generates some public params - Signature generation
possibly randomised algorithm
takes public params, message π and signing key π
outputs a signature S(π, π)
(only the owner of secret signing key π can generate signatures) - Signature verification
algorithm that takes public params, message π, signature and public verification key π
either accepts or rejects the claim that the signature is valid on the message by the owner of the verification/signing key π
Describe the RSA signature scheme
Use the RSA signature scheme to generate signatures and verify signatures
Define the total break, selective forgery and existential forgery attack goals for a digital signature scheme
Define the passive attack, known message attack and chosen message attack attack models for a digital signature scheme
Appreciate that if the RSA problem is hard then RSA signatures are secure against selective forgery under a passive attack
Describe how to create an existential forgery for the RSA signature scheme using a passive attack
Describe how to create a selective forgery for the RSA signature scheme using a chosen message attack
Appreciate that hash functions are a useful tool in cryptography
Appreciate that SHA-256 is a hash function that is currently very widely used
Define the security properties of collision resistance, preimage resistance and second preimage resistance for a hash function
Describe the use of hash functions in a hash-then-sign signature scheme
