Digital Signature Algorithm (DSA)
Digital Signature Algorithm (DSA) uses a combination of modular exponentiation and discrete logarithms to generate a digital signature given a public and private key pair.
- proposed in 1991 by NIST as part of its Digital Signature Standard (DSS) proposal
- 4 versions of DSA
- patented by US gov
- makes it available royalty-free worldwide
- supports full verification of authentic signatures
- provides authentication, integrity, and nonrepudiation
- used in Botan, Bouncy Castle, OpenSSL, and wolfCrypt
How It Works
- uses a 4 step process:
- Key generation
- consists of parameter generation and then computation of a per-user pair of public and private keys based on those parameters
- Key distribution
- Signing
- Signature verification
- Key generation
- is extremely sensitive to the entropy, secrecy, and uniqueness of the random signature value
that is used during the signing process - violating any one of these cryptologic requirements can end up revealing the entire private key
- this vulnerability is also present in ECDSA
- elliptic curve variant of DSA
- famously exploited by overflow group’s attack on Sony PS3 console