The Application of A Scheme of Digital Signature in Electronic Government
The Application of A Scheme of Digital Signature in Electronic Government
The Application of A Scheme of Digital Signature in Electronic Government
Abstract—In electronic government where there is not complete (Elliptic Curve Digital Signature Algorithm). Each has a
trust between documents’ sender and receiver, something more variable key size that can be increased to achieve higher
than authentication is needed. The most attractive solution to this security at the cost of slower cryptographic operations. The
problem is the digital signature which is analogous to the best attack known on each public-key cryptosystem requires
handwritten signature. The signature is formed by taking the an amount of computation determined by a security parameter
hash of the message and encrypting the message with the which is related to the key size [2][3].
creator’s private key. It guarantees the source and integrity of
the message. Then a suitable digital signature algorithm will be
picked out as a result of comparing and analyzing three main
A. RSA
digital signature algorithms in this paper. Finally, a scheme of The RSA public-key cryptosystem involves exponentiation
digital signature in electronic government will be proposed in modulo a number n that is the product of two large prime
order to settle some specific problems such as spilling out secret, numbers. Plaintext is encrypted in blocks, with each block
forging or denial and so on. Besides, a brief analysis regarding having a binary value less than the number n. That is, the block
security will be given for this scheme. size must be less than or equal to log2(n); in practice, the block
size is i bits, where 2i<n≤2i+1.Encryption and decryption are of
Keywords-component; digital signature;electronic government; the following form, for some plaintext block M and ciphertext
RSA; DSA;ECDSA
block C:
I. INTRODUCTION
C = M e mod n
In network environment confidentiality, integrity,
authenticity and anti-denial of circulating documents can be
solved by digital signature applied in electronic government.
M = C d mod n = (M e) d mod n = M ed mod n
However, other correlate factors should be considered: First is
the complicate and flexible workflow in electronic
government; second is the security of digital signature Both sender and receiver must know the value of n. The
algorithm; third is the speed problem of signing and verifying sender knows the value of e, and only the receiver knows the
in digital signature. Too much emphasis on security of digital value of d. Thus, this is a public-key encryption algorithm with
signature theory previously, such as using complex signing a public key of PU = {e,n} and a private key of PR ={d,n}.
scheme or increasing computing size in order to enhance When referring to the key size for RSA, what is meant is
security, while ignoring practicality. In practical application, the length of the modulus n in bits. A typical key size for RSA
security is often influenced by machines’ operating speed. And is 1024 bits. RSA can be used for encryption and also be used
transmitting speed is a big bottleneck especially in network for digital signature.
environment [1]. Therefore to simplify operation should be a
problem solved urgently under the premise of how to ensure B. DSA
safety.
The DSA[4] is based on the difficulty of computing
discrete logarithms and is based on schemes originally
II. COMPARISON AND ANALYSIS AMONG THREE DIGITAL presented by ElGamal and Schnorr. Specifically, the DSA is
SIGNATURE ALGORITHMS public-key techniques based on exponentiation modulo a large
It has become clear over the past several decades that prime number p. For this scheme, the key size is the length of
public-key (asymmetric) cryptography is an indispensable tool the prime p in bits, and a typical value is 1024 bits. When
for simplifying key management and enabling secure exploiting the size of it, the best attack known is the General
communication. And digital signature algorithms exactly build Number Field Sieve. However, another important security
on it. There are three main contenders: RSA (Rivest-Shamir- parameter is the size of exponents used for exponentiation. For
Adleman), DSA (Digital Signature Algorithm) and ECDSA DSA, the exponent size is fixed at 160 bits.
619
public key Kb2 belongs to the receiver, and it forms a cipher block digital signature and ciphertext are transmitted from
(a small light grey rectangular in the right hand of Fig.1). Both sender to receiver.
Step 2: The digital signature and ciphertext are
Electronic document
separated by receiver. Firstly, digital signature is
verifying by means of public key Ka2 belongs to the
Hash 3DES sender that produces hash value and digital time-stamp.
function Secondly, hash value will be signed by RSA by means
of private key Kb1 belongs to the receiver whose action
is doing reply to the sender.
Hash Digital Cipher-text RSA
value time encryption Step 3: After obtaining the digital signature form
-stamp After for secret receiver (a small dark grey rectangular in the left hand
signing and key (Kb2) of figure 1), which will be verifying by means of public
time key Kb2 belongs to the receiver. Then the sender can
RSA digital -stamping’s obtain a hash value which must be compared with the
signature’s signing hash value step 1’s hash value. The cipher block in step 1 will be
RSA transmitted to receiver only if the two hash values are
process (Ka1)
digital identical with each other.
signature’s
verifying Transmitting only if two Step 4: The cipher block decrypted by RSA by
process hash values are identical means of private key Kb1 from the receiver. Then the
(Kb2) Comparison receiver can obtain the secret key which can be used for
with each other 3DES decryption for the ciphertext. As a result,
electronic document can be obtained.
Step 5: The electronic document from step 4 should
After signing be processed by hash function that produces hash
and time Cipher value. Compare this hash value with step 2’s hash
-stamping’s -text value, at the same time check to the digital time-stamp
hash value RSA obtained from step 2. The receiver can accept the
decryption electronic document only if both hash values are
for secret identical and digital time-stamp is accurate.
RSA digital key (Kb1)
Analyzing the security of this scheme: several
signature’s properties such as confidentiality, integrity,
verifying process 3DES
authenticity, anti-denial and anti-replacement attack
(Ka2) Secret have implemented successfully in this scheme of digital
key signature. Specifically, anti-denial is implemented in
Electronic step 2 and step 3; anti-replacement attack is
document implemented in step 2 and step 5.
620
[2] Michael J. Wiener, “Performance comparison of public-key [6] Stuart Haber, Burt Kaliski and Scott Stornetta, “How do digital time-
cryptosystems”, CryptoBytes, vol. 4, no. 1, RSA Laboratories, 1998, pp. stamps support digital signatures?” CryptoBytes, vol. 1, no. 3, RSA
1-5. Laboratories, 1995, pp. 14-15.
[3] XianHong Zhang, The Theory and Technology of Digital Signature, [7] XiaoMing Zhao and MeiRen Zhang, “Application of RSA digital
China Machine Press, Beijing, 2004. signature technology in circulation of electronic official documents”,
[4] “Digital Signature Standard”, NIST, U. S. Department of Commerce, Computer Engineering and Design, vol. 26, no. 5, Beijing, 2005, pp.
FIPS PUB 186, May 1994. 1214-1216.
[5] William Stallings, Cryptography and Network Security Principles and
Practices, Publishing House of Electronics Industry, Beijing, 2006.
621