Digital signatures rely on a public-key cryptography architecture to verify a document's authenticity and the sender's identification. The two standard ways to obtain digital signatures are RSA (Rivest–Shamir–Adleman) and DSA (Digital Signature) algorithms, but both differ in performing encryption and decryption functions.

The article provides an overview of one of the industry-standard algorithm DSA, its work process with a brief overview of key and signature generation and verification, steps involved in the overall process, its pros/cons, and its application.

Introduction to Digital Signature Algorithms

DSA (Digital Signature Algorithm) incorporates the algebraic properties of discrete logarithm problems and modular exponentiations for generating an electronic signature for various applications. It was proposed in 1991 and was adopted as a Federal Information Processing Standard by NIST (National Institute of Standards and Technology) in 1994.

Most digital signature creation algorithms follow the typical technique of signing the message digest (hash of the actual message) with the source private key to create the digital thumbprint.

However, the situation is different in DSA as it generates two signatures by incorporating two complex and unique signing and verification functions. Hence, the DSA algorithm is not a simple use of private and public keys at the start and end of the communication.

Internet-Security

Importance of Digital Signature Algorithm

Due to ever-increasing cyber threats, whenever a user sends data over the internet, it's necessary to identify and verify the owner's authenticity. We must ensure the document owner is credible and that no one has made any changes during transmission.

Digital signatures are the electronic signatures that help the receiver authenticate the message's origin. You can create these electronic signatures via various algorithms, and DSA is one of them. In DSA, the sender creates a digital signature to include it with the message such that anyone can authenticate it at the receiving end.

The benefits DSA offers are:

  • Non-Repudiation: after signature verification, the sender cannot claim to have not sent the data.
  • Integrity: data modification during transmission prevents final verification or message decryption.
  • Message Authentication: right private/public keys combination help verify sender origin.
Digital Contract

How Does the Algorithm Authenticate Sender?

The DSA algorithm works on the systematic computation mechanism that computes a hash value and a digital signature constituting two 160-bit numbers from the message digest and the private key. The randomness makes the signature non-deterministic. It uses a public key for signature authentication, which is way more complex than RSA.

The DSA cycle follows these three main steps to complete the process:

  • Key Generation: The process relies on the concept of modular exponentiation to obtain private (x) and public (y) keys that satisfy the mathematical conditions of 0 < x < q and y = gx mod p. Where q is a prime divisor, p is a prime number, and g satisfies these g**q mod p = 1 and g = h**((p–1)/q) mod p conditions. Thus creating private and public key packages {p,q,g,x} and {p,q,g,y}.
  • Signature Generation: A hashing algorithm generates a message digest, which is passed as an input to a signing function to create two variable outputs, r and s, packaged as signature {r,s} such that the message and these variables are sent as a bundle to the receiver.
  • Signature Verification: The process uses the hashing function to output the digest and incorporates variable s with other parameters from the key generation step to produce the verification component v. The verification function compares the calculated variable v against parameter r from the {M,s,r} bundle.

To summarize the above process non-mathematically:

  • You create keys with the help of the key generation algorithm to sign the document.
  • Then use a digital signature algorithm to generate the signature.
  • Use a hash function to create a message digest, and combine it with DSA to generate the digital signature.
  • Send the signature with the data for the receiver to authenticate.
  • The receiver authenticates the signature by using a verification algorithm. It's the hash function used above to create the message digest.
Security

Pros of using Digital Signature Algorithm

  • Fast signature computation
  • Requires less storage space for the entire process
  • Freely available (Patent-free) for cost-free global use.
  • Small signature length
  • Observation in real-time
  • Noninvasive
  • DSA is accepted globally for legal compliance.
  • Time-efficient (low time consumption in comparison to processes of physical signing etc.)

Cons of using Digital Signature Algorithm

  • The process does not include key exchange capabilities.
  • The underlying cryptography must be new to ensure its strength.
  • The standardization of computer hardware and software vendors on RSA may cause problems due to DSA's second authentication standard.
  • The complex remainder operations require a lot of time for computation and hence signature verification.
  • It only ensures authentication, not confidentiality, as the algorithm does not encrypt the data.
  • DSA algorithms compute the SHA1 hash to generate the message digest. Hence, it reflects all the flaws of the SHA1 hash function in the algorithm.
Digital Contract

DSA VS RSA

Digital Signature Algorithm is an asymmetric key encryption algorithm adopted by USA agencies for secret and non-secret communication. Whereas RSA is a public-key cryptography algorithm that also uses modular arithmetic, its strength relies on the problem of a prime number factorization to secure communication and digital signatures. Hence, unlike usual encryption algorithms like RSA, DSA is a standard only for digital signatures.

Even though both incorporate different mathematical algorithms, the cryptography strength is equivalent. The main difference between the two algorithms narrows down to the speed, performance, and SSH protocol support.

  • In contrast to DSA, RSA is slow in decryption, key generation, and verification but fast in encryption and signing. However, authentication requires both, and speed discrepancies are insignificant in real-world applications.
  • Another difference lies in the support for the Secure Shell network protocol. RSA supports the original SSH and its secure second version SSH2, while DSA only works with SSH2.

Authenticate The Data Source with DSA

Digital signatures are a need for today's interconnected world to create a safe and secure environment. They are a great way to authenticate any record over the internet. The article introduces the Digital Signature algorithms with a brief overview of its work process, advantages, disadvantages, security limitations, and comparison with RSA.