1

In the book An Introduction to Mathematical Cryptography, it mentions a section on digital signatures and a theoretical example. I am having difficulty understanding the book and I was wondering if someone could better explain how you would be able to deduce if a signature is valid rather than finding what the signature is.

For example, $N = 1562501$ and the public key is $e = 87953$, the document $m = 161153$, and the signature is $d = 870099$. Is there a technique to find if it's a valid signature?

poncho
  • 154,064
  • 12
  • 239
  • 382
Alex
  • 11
  • 2

1 Answers1

1

Basically RSA signatures work just like encryption but with the keys exchanged. If somebody tells you $m^{sk}$ you can easily test if $$ (m^{sk})^{pk} \equiv m\ (mod\ N) $$ but you cannot calculate $m^{sk}$ yourself.

The problem/trick is the usual, exponentiation is easy but logarithm is hard.

(I like using $sk$/$pk$ for secret-/public-key rather than $d$/$e$ for decryption-/encryption-key as it makes more sense for signatures.)

Erwin
  • 263
  • 3
  • 6