Discovery Of DSA Flaw May Improve Future Security Of E-Commerce

April 2, 2001
An improved method has been found to ensure the security of e-commerce transactions based on the digital signature algorithm (DSA). The development follows soon after the discovery of a significant flaw involved in such operations. If left...

An improved method has been found to ensure the security of e-commerce transactions based on the digital signature algorithm (DSA). The development follows soon after the discovery of a significant flaw involved in such operations. If left unaddressed, this problem may render such e-commerce activities vulnerable.

As a member of Bell Labs' Information Sciences Research Center in Murray Hill, N.J., cryptologist Daniel Bleichenbacher uncovered an error in the random-number generation technique used in DSA. This algorithm for generating and verifying digital signatures was designed by the National Security Agency. DSA is integral to such applications as financial agreements, virtual private networks, online shopping, and corporate and governmental intranets. It's one of three algorithms approved for use under the digital signal standard created by the National Institute of Standards and Technology (NIST). Both the American National Standards Institute (ANSI) and the IEEE have adopted this standard.

Through the use of a digital signature, software at the receiving end of an electronic transmittance confirms the identity of the party initializing the transaction. It also verifies the integrity of the received information. DSA and other elements of the digital signature standard disallow impersonation. They also protect against the altering of information contained within a signed transaction.

DSA's vulnerability lies in how it generates a random numerical key for each message. The effectiveness of a key depends on how random the numbers truly are. The absolute randomness of the generated key controls how much information an outside party may infer from the chosen key. Ideally, the probability that DSA will generate any particular number should be uniform.

Bleichenbacher discovered that DSA's random-number generator is biased. It's twice as likely to choose a secret key from one range of numbers than from another. Such bias weakens the effectiveness of DSA and may make the algorithm vulnerable to tampering in the future. Current supercomputers are unable to crack digital signatures. In the meantime, more powerful computers are being constructed, thereby increasing the risk engendered by this flaw.

It was while analyzing an appendix to the digital signature standard that Bleichenbacher came upon the error. According to Bell Labs, he has devised a modification to the algorithm designed to eliminate the bias in DSA's random-number generator. The NIST is currently preparing a revision of the DSA specification. Providers of applications and services can implement this revision in their software to improve security. Meanwhile, those presently employing DSA should maintain confidence in the current security of their digital signatures.

For more information, point your browser to www.bell-labs.com.

Sponsored Recommendations

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!