The DSS (Digital Signature Standard) algorithm makes use of the following
parameters:
- p: A prime modulus, where
2L-1 < p < 2L
for 512 <= L <= 1024 and L a
multiple of 64. - q: A prime divisor of
p - 1, where 2159
< q < 2160. - g: Where
g = h(p-1)/q mod p, where
h is any integer with 1 < h < p - 1 such
that h (p-1)/q mod p > 1 (g has order
q mod p). - x: A randomly or pseudorandomly generated integer with
0 < x
< q. - y:
y = gx mod p. - k: A randomly or pseudorandomly generated integer with
0 < k
< q.
The integers
p,
q, and
g can be
public and can be common to a group of users. A user's private and public
keys are
x and
y, respectively. They are normally
fixed for a period of time. Parameters
x and
k are
used for signature generation only, and must be kept secret. Parameter
k must be regenerated for each signature.
The signature of a message
M is the pair of numbers
r
and
s computed according to the equations below:
r = (gk mod p) mod q ands = (k-1(SHA(M) + xr)) mod q.
In the above,
k-1 is the multiplicative inverse of
k,
mod q; i.e.,
(k-1 k) mod q = 1
and
0 < k-1 < q. The value of
SHA(M)
is a 160-bit string output by the Secure Hash Algorithm specified in FIPS 180.
For use in computing
s, this string must be converted to an
integer.
As an option, one may wish to check if
r == 0 or
s == 0
. If either
r == 0 or
s == 0, a new value
of
k should be generated and the signature should be
recalculated (it is extremely unlikely that
r == 0 or
s ==
0 if signatures are generated properly).
The signature is transmitted along with the message to the verifier.
References:
- Digital
Signature Standard (DSS), Federal Information Processing Standards
Publication 186. National Institute of Standards and Technology.
sign
public static final BigInteger[] sign(DSAPrivateKey k,
byte[] h)
sign
public static final BigInteger[] sign(DSAPrivateKey k,
byte[] h,
Random rnd)
sign
public static final BigInteger[] sign(DSAPrivateKey k,
byte[] h,
IRandom irnd)
verify
public static final boolean verify(DSAPublicKey k,
byte[] h,
BigInteger[] rs)