Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
4.1. SIGNATURE SCHEMES 83<br />
4.1.2 Classification <strong>of</strong> signature schemes<br />
There exists two general classes <strong>of</strong> digital signature schemes, which can be<br />
briefly summarised as follows:<br />
• Digital signature schemes with appendix require the message that has been<br />
signed (also called the original message) as input to the verification algorithm.<br />
• Digital signature schemes with message recovery do not require the original<br />
message as input to the verification algorithm. In this case, the original<br />
message is recovered from the signature itself.<br />
In what follows, we make use <strong>of</strong> A to denote the set <strong>of</strong> agents, K to denote<br />
the set <strong>of</strong> keys, R to denote a set <strong>of</strong> numbers, M to denote the message space,<br />
that is, the set <strong>of</strong> messages to which the signature generation algorithm may<br />
be applied, <strong>and</strong> S to denote the signature space, that is the set <strong>of</strong> messages to<br />
which belong the signatures.<br />
Digital signature schemes with appendix<br />
Digital signature schemes with appendix denote the schemes which require the<br />
original message as input to the verification algorithm. Examples <strong>of</strong> mechanisms<br />
providing digital signature schemes with appendix are the DSA [3], El-<br />
Gamal [116], <strong>and</strong> Schnorr [185] signature schemes. We describe below the three<br />
algorithms: the signature generation, the verification, <strong>and</strong> the key generation algorithms.<br />
Key generation algorithm.<br />
Each agent A creates a pair <strong>of</strong> keys, a secret key <strong>and</strong> a correspondant public<br />
key. The agent A will use his secret key to sign messages, <strong>and</strong> his public<br />
key will be used by other agents for verifying A ′ s signatures. The key<br />
generation algorithm is defined as follows:<br />
G : A × R → K ∗ K<br />
We remark that the second argument <strong>of</strong> the function G represents a r<strong>and</strong>omly<br />
generated number, the use <strong>of</strong> this r<strong>and</strong>om number allows any agent<br />
A to have a different pair <strong>of</strong> keys for each session, <strong>and</strong> that using the same<br />
key generation function. Furthermore, we remark that the two functions<br />
Sk <strong>and</strong> P k denote the two parts <strong>of</strong> the key generation algorithm G, <strong>and</strong><br />
we denote respectively by Sk(A) <strong>and</strong> P k(A) the secret <strong>and</strong> public keys <strong>of</strong><br />
A ∈ A;