Question

Q10. Describe the concept of the digital signature? What are the security properties that can be gained when using digital signature?

Q11. Describe the concept of the message authentication code. Why it cannot be used to provide the property non-repudiation.

Q12. In RSA algorithm, what is the relationship between the private key d and the value e from the public key? Explain the condition that must be held when finding the value e.

Q13. Why authentication based on symmetric keys doesn’t scale in large networks?

Answer 1

10) A digital signature is a mathematical technique used to validate a message's authenticity and integrity. A message with digital signature is a proof that the message is no hoax and sent from a genuine person. The concept behind this is that digital signature is based on public key cryptography, also known as asymmetric cryptography. Using a public key algorithm, such as RSA, one can generate two keys that are mathematically linked: one private and one public.

Security properties gained from digital signature is :

• Ensuring authenticity and integrity
• Solving tampering and impersonation problem in digital communication.
• assures the source of origin.
• Acknowledge informed consent by the signer.

11) Message authentication code also known as "tag" is a small piece of information used to authenticate a message, It confirms that the message came from the concerned sender and is not manipulated anywhere.

It works by allowing the verifiers to detect any changes to the content of the message. It generally runs with 3 algorithms i.e,

• A key generation algorithm selects a key from the key space uniformly at random.
• A signing algorithm efficiently returns a tag given the key and the message.
• A verifying algorithm efficiently verifies the authenticity of the message given the key and the tag. That is, return accepted when the message and tag are not tampered with or forged, and otherwise return rejected.

MAC do not provide the non-repudiation property as MAC values are both generated and verified using the same secret key. This implies that the sender and receiver of a message must agree on the same key before initiating communications.

12) In RSA,

relation between d (private key) and e (encryption exponent) is, we use to find the public key and private key pair with the relation,

e x d = 1 mod (p-1)(q-1), where p and q are two random primes.

Condition for finding the e value is,

e must be between 1 and (p-1)(q-1) i.e 1 < e < (p-1)(q-1) such that gcd(e,(p-1)(q-1)) = 1.

13)  Authentication based on symmetric keys doesn’t scale in large networks because any malicious party can interpose a machine in any communication path and defeat trivial authentication mechanisms by altering, replaying, or wholly forging messages to masquerade as another party.