2
votes

I belive I understand how digital signatures work but still I do not understand how it still guaranties a message has been encrypted by a known sender (Alice).

Let's pretend Alice wants to send a message to Bob. Alice and bob met last week and Bob is waiting for a response either a yes or no. Tom is the middle hacker guy

1. Scenario without digital signature:

// 1) Alice get's Bob public key
var bobPubKey = GetBobsPubKey();

// 2) Alice encrypts yes with bob's public key
var encryptedMessage = AssymetricEncryption.Encrypt("YES", bobPubKey );

// 3) Send message to bob
sendMsgToBob(encryptedMessage);

The problem with this approach is that Tom could have had intercepted the message encryptedMessage and replace that message with var newEncryptedMsg = AssymetricEncryption.Encrypt("NO!", bobPubKey ); When bob receives the message he has no clue it has been modified by Tom!

2. Scenario using a digital signature

// 1) Alice get's Bob's public key 
var bobPubKey = GetBobsPubKey();

// 2) Alice encrypts 'yes' with bob's public key
var encryptedMessage = AssymetricEncryption.Encrypt("YES", bobPubKey );

// 3) Alice creates a hash of the encrypted message
var hashOfEncMsg = Sha1(encryptedMessage);

// 4) Alice encryptes that hash with her priveate key
var digitalSignature = AssymetricEncryption.Encrypt(hashOfEncMsg , alicePrivKey);

// 5) Alice sends both the encryptedMsg plus the signature to Bob
var msgToSend = string.Format("someUrl.asp?encMsg={0}&digSignatrue={1}",encryptedMessage , digitalSignature );
sendBobAMsg(msgToSend ); // msg contains encryptedConted + digital Signature

here is what bob will have to do to make sure message is from alice

// 0) Bob receives encrypted msg plus digital signatrue
var msg = RecieveMsg();
var digitalSignature = GetDigSgnatureFromMsg(msg);
var encryptedMessage = GetEncyptedMsgFromMsg(msg);

// 1) Decrypt the msg
var plainText = AssymetricEncryption.Decrypt(encryptedMessage , bobPrivateKey ); // = YES

/*  now cause bob also received a digital signature let's do more steps to guaranty that the message came from Alice */

// 2) get Alice public key
var alicePubKey = GetAlicePubKey();

// 2) Create the same hash that Alice created for the msg
var ciphertext = AssymetricEncryption.Encrypt(plainText , bobPubKey ); // here plainText = YES
var hashOfEncMsg = Sha1(ciphertext);

// 3) Decrypt DigitalSignature hash with Alice public key
var aliceHash = AssymetricEncryption.Decrypt(digitalSignature , alicePublicKey); 

// 4) Here alice Hash must equal hashOfEncMsg 
if( hashOfEncMsg != aliceHash ) { throw new exception("Message has been modified or it does not come from Alice!");

So my question is on this last step 4 where Alice hash must equal hashOfEncMsg. Why if this validation comes true Bob can guaranty that the message came from Alice?

I believe the message can still be modified by Tom and here is how: (I am probably wrong somewhere; it cant be that digital signatures are not what they claim to be).

  1. Tom intercepts Alice msg

  2. Tom knows the message has a digital signature so he generates a key combination where his public key will be the same as Alice's . (Tom's private key is different from Alice's though)

  3. Tom encrypts "No" with Bob's public key

  4. Tom creates a digital signature just like Alice did but with his private key

  5. When bob receives the message he decrypts it fine with his private key and he sees "No"

  6. bob then will validate the sigature to see if the message came from alice

  7. bob encrypts "No" with his public key and computes a hash. That is = hash1

  8. bob decrypts get's alice public key which is the same as tom's.

  9. with that key then bob decrypts the dig signature. Decrypting that dig signature should equal hash1 ! .

  10. Bob now thinks Alice sent a NO!


Edit

Based on the responses I received, here is the solution to the question:

Bob can guaranty that the message comes from Alice because Tom will not be able to generate a private key that is mathematically related to Alice public key. In other words step number 2 (Tom knows the message has a digital ....) will require a lot of time. So if Alice reply within a reasonable amount of time then Bob can guaranty that the message came from Alice.

2
Your solution is correct. Your analysis is good; if Tom can either (1) deduce Alice's private key from the public key or (2) deduce any private key from the public key, then Tom can carry out the attack you describe. The cryptosystem is believed to be secure against this attack; it is very difficult to do either of those things. Another attack you might consider is: Tom tricks Bob into thinking that Tom's public key is actually associated with Alice. The security of the cryptosystem relies on Alice having a secure mechanism by which to tell Bob her public key.Eric Lippert
However your conclusion that Alice needs to reply in "a reasonable amount of time" doesn't quite get a handle on what is "reasonable". It should take Tom thousands, millions or billions of years to deduce Alice's private key given her public key, if the cryptosystem is actually strong. Remember, RSA is only believed to be secure because we believe that it is difficult to factor large numbers; we have no solid proof of this claim. If it turns out that conventional or quantum computers can factor large numbers quickly then the system is not secure at all.Eric Lippert

2 Answers

2
votes

Tom has to encrypt "No!" with a private key that can be decrypted with Alice's public key, he can't use his own private key.

This means Tom needs a private/public key pair, but he only knows the public key. It is computationally very difficult (effectively impossible in reasonable time) to compute the private key from a public key.

1
votes

The step 2 of Tom's course of actions will be problematic. The given public key has one -- and only one -- corresponding private key. To calculate it Tom needs to factorize a very large integer number (which is effectively a product of 2 very large prime numbers). The inability to solve that task in reasonable time is the thing which the RSA encryption is based on.