Digital Signatures:

As a bonus, RSA gives us a way to digitally "sign" messages, thereby proving who wrote them.  This uses the same public n and e and private d as before.

For each plaintext P, compute 

[Graphics:Images/rsaY_gr_1.gif]

The numbers S are your signed message.

Since only you know the decryption d, only you can sign a message.  The person you send it to can prove it was you by computing 

[Graphics:Images/rsaY_gr_2.gif]

(since e is public) and getting back 

[Graphics:Images/rsaY_gr_3.gif]

which we know is congruent to P.  If this matches the P you sent separately, then the message was correctly signed, so it must have come from someone who knows d.

Example: suppose that instead of encrypting the message "cats and dogs" we wanted to sign it. 

[Graphics:Images/rsaY_gr_4.gif]
[Graphics:Images/rsaY_gr_5.gif]
[Graphics:Images/rsaY_gr_6.gif]
[Graphics:Images/rsaY_gr_7.gif]
[Graphics:Images/rsaY_gr_8.gif]
[Graphics:Images/rsaY_gr_9.gif]
[Graphics:Images/rsaY_gr_10.gif]
[Graphics:Images/rsaY_gr_11.gif]
[Graphics:Images/rsaY_gr_12.gif]
[Graphics:Images/rsaY_gr_13.gif]

Then anyone who looked up our public n and e could prove that we had sent it: 

[Graphics:Images/rsaY_gr_14.gif]
[Graphics:Images/rsaY_gr_15.gif]
[Graphics:Images/rsaY_gr_16.gif]
[Graphics:Images/rsaY_gr_17.gif]
[Graphics:Images/rsaY_gr_18.gif]
[Graphics:Images/rsaY_gr_19.gif]
[Graphics:Images/rsaY_gr_20.gif]
[Graphics:Images/rsaY_gr_21.gif]
[Graphics:Images/rsaY_gr_22.gif]
[Graphics:Images/rsaY_gr_23.gif]

Next Section

Converted by Mathematica      February 8, 2001