Posted by arlene

A digital signature is an information block attached to a message that could have been created only by a particular individual. One can use public-key technology to produce such a digital signature by creating a message digest of the message and encrypting the message digest with one’s private key. Anyone can validate a signature using the corresponding public key. A trusted digital timestamp can be used to ensure that the signature was created at a particular time. Such a trusted digital timestamp is important, because attackers could create and backdate arbitrary signatures if they ever obtained a private key.

Public Key Timestamps

If nonrepudiation is important to the parties in a transaction, it is necessary to use an unforgeable method for digitally timestamping a document. For example, suppose that Alice digitally signs a contract but later wishes she hadn’t. She might declare that her private key has been lost or stolen and that some unknown miscreant has used her (now public) private key to sign and backdate the contract. A timestamp can prove that the document was signed and delivered before Alice claims her key was stolen. There are various ways of constructing digital timestamps; one way is for the times- tamping service to create a digital signature of the document being stamped combined with a clock value. Obviously, one could argue that the private key of the timestamping service itself is suspect, but a solution is to place all the timestamped documents into a sequence and to create a running message digest of them. Periodically (weekly perhaps), the current digest value is widely published, so even the timestamping service itself cannot cheat. Surety, Inc. operates such a digital notary service (www.surety.corn).

Public Key Certificates

A public-key certificate is a digital document containing a public key, the name of the key’s owner (called a distinguished name), dates of validity, and other information, all digitally signed using the private key of a certification authority.

Public Key Exchange

Because public-key algorithms are slow compared to symmetric-key algorithms, the two systems are often used in combination. A public-key system is used for authentication and to convey an encrypted session key, and a symmetric algorithm is used for bulk data encryption with that key. However, if another method of authentication is available, then a key-exchange algorithm can be used to establish a session key. The best-known key-exchange algorithm is Diffie-Hellman, named after its inventors. Such an approach may offer advantages in certain circumstances.

Secret Sharing

From a security point of view, the safest way to keep a document secret is to have only one copy of it (that is, put all your eggs in one basket , and then watch that basket). However, such an approach runs the risk that a natural disaster or other catastrophic event will destroy the only copy. It is also risky to keep multiple copies, because doing so increases the chances that one will be lost. Now suppose the secret is broken up into three parts, such that any two can be used to reconstruct the secret. Such a scheme is called secret sharing. In general, a secret can be divided into n parts, and any m parts can be used to recover the secret (with m n). If fewer than m parts are available, no information about the secret is revealed. This technique provides safety for the secret, since any n — m parts can be lost before the secret itself is lost, and it provides substantial security, because m independent attacks must be made to gather enough parts. Of course, even one attack may give warning that evildoers are afoot.

A related idea is known as secret splitting, which is equivalent to secret sharing with n = m. Secret splitting is sometimes used for key distribution, with the parts of the key being sent through different communications channels. One way to split a secret into n parts is to choose n numbers, such that the exclusive-OR of all of the numbers yields the original secret.

Possibly related posts: (automatically generated)
Public-key Digital Signatures

• Digital Technologies and Encryption
• Public Key Renewal
• Internet Security, Public Key Encryption and Digital Certificates
• Web Technology & Ecommerce Online Solutions
• Public key Cryptography, when can be seriously Attack
• SSL Server (Secure Sockets Layer) continue...
• Ecommerce revolution, Online Marketing
• Symmetric and Asymmetric Encryption
• Cryptography (Public-Key) Standards and Protocols Notice
• Digital Identity