J4 ›› 2009, Vol. 27 ›› Issue (06): 563-.

• 论文 • 上一篇    下一篇

DSA数字签名的安全性分析

张海蓉|黄玉兰|迟学芬   

  1. 吉林大学 通信工程学院|长春 130012
  • 出版日期:2009-11-20 发布日期:2009-12-18
  • 通讯作者: 张海蓉(1972— ),女,吉林农安人,吉林大学副教授,主要从事网络多媒体通信、通信安全技术研究, E-mail:zhang_hairong@163.com
  • 作者简介:张海蓉(1972— )|女|吉林农安人|吉林大学副教授|主要从事网络多媒体通信、通信安全技术研究|(Tel)86-13604427662(E-mail)zhang_hairong@163.com;迟学芬(1962— )|女|长春人|吉林大学教授|硕士生导师|主要从事信息处理、宽带通信技术研究|(Tel)86-431-85152811(Email)chixuefen@googlemail.com。
  • 基金资助:

    长春市国际科技合作基金资助项目(08GH03)

Analysis on Security of Digital Signature Algorithm

ZHANG Hai-rong|HUANG Yu-lan|CHI Xue-fen   

  1. College of Communication Engineering, Jilin University, Changchun 130012, China
  • Online:2009-11-20 Published:2009-12-18

摘要:

针对目前已知的主要安全攻击直接求取私钥攻击、穷搜索攻击、生日攻击、已知消息的伪造攻击等,对DSA(Digital Signature Algorithm)的安全性进行分析,给出了各种攻击方法需完成的计算。结果表明,其计算量等价或难于求解离散对数问题,一定程度地呈现了DSA的安全强度。指出了DSA可能的弱点存在于随机数 k、与消息无关的签名r、公共模数p与q、Hash函数等处,并给出了相应的解决方案。设计好的随机数生成器选择适宜的随机数,避免低指数和相同随机数攻击;合理选择模p的长度可抵抗共r攻击;在对安全强度要求高而运算速度要求相对较低时,使用DSA素数作为共享模数;使用消息摘要足够长的SHA(Secure Hash Algorithm),以保证内嵌Hash函数的安全。

关键词: 数字签名, DSA算法, 安全, 攻击

Abstract:

Extended research and practical application about DSA(Digital Signature Algorithm) are very wide, they are all based on the security of DSA itself. Aiming at the main known attacks of evaluating secret key with the help of public data, exhaustive groping attack, birthday attack and fabrication attack based on known message, security of DSA is analyzed. The computing expressions are given about the attack methods. It is indicated that these attacks are equal to or more difficult than solving the discrete logarithm problem. Upon that, security intensity of DSA is shown a certain content. The potential weakness of DSA is given, lying in random number k, message independent signature r, sharing modulus p  and  q, Hash function, etc. And the corresponding solutions are presented.A favorable random numbers generator is designed for selecting right random numbers, so the attacks on low exponential and same random number could be avoided. Length of modulus  p  is selected reasonably, so the attack on the common signature r   could been counteracted. DSA prime is used as modulus in the case of high security intensity and low speed, so the common modulus attack could be resisted. SHA(Secure Hash Algorithm) with enough length message digest is utilized, so security of inline hash function could be ensured.

Key words: digital signature, digital signature algorithm(DSA), security, attack

中图分类号: 

  • TN918.1