DSA和RSA有什么区别? [英] What is the difference between DSA and RSA?
问题描述
似乎它们都是需要公钥和私钥的加密算法.为什么在我的客户端服务器应用程序中选择一个与另一个进行加密?
It appears they are both encryption algorithms that require public and private keys. Why would I pick one versus the other to provide encryption in my client server application?
推荐答案
RSA
RSA encryption and decryption are commutative
hence it may be used directly as a digital signature scheme
given an RSA scheme {(e,R), (d,p,q)}
to sign a message M, compute:
S = M power d (mod R)
to verify a signature, compute:
M = S power e(mod R) = M power e.d(mod R) = M(mod R)
RSA可以用于加密和数字签名,
只需通过颠倒指数的使用顺序即可:
创建签名的秘密指数(d),公共指数(e)
供任何人验证签名.其他所有内容都是相同的.
RSA can be used both for encryption and digital signatures,
simply by reversing the order in which the exponents are used:
the secret exponent (d) to create the signature, the public exponent (e)
for anyone to verify the signature. Everything else is identical.
DSA(数字签名算法)
DSA是ElGamal和Schnorr算法的变体
创建一个320位签名,但具有512-1024位安全性
安全性再次取决于计算离散对数的难度
已经被广泛接受
DSA密钥生成
首先选择共享的全局公钥值(p,q,g):
选择一个大质数p = 2幂L
其中L = 512至1024位,是64的倍数
选择q,p-1的160位素数因子
选择g = h功率(p-1)/q
对于任何h1
然后每个用户选择一个私钥并计算其公钥:
选择x
计算y = g乘幂x(mod p)
DSA密钥生成与El Gamal有关,但比El Gamal更复杂.
主要是因为使用了辅助160位模数q来帮助
加快计算速度并减小生成的签名的大小.
DSA (Digital Signature Algorithm)
DSA is a variant on the ElGamal and Schnorr algorithms
creates a 320 bit signature, but with 512-1024 bit security
security again rests on difficulty of computing discrete logarithms
has been quite widely accepted
DSA Key Generation
firstly shared global public key values (p,q,g) are chosen:
choose a large prime p = 2 power L
where L= 512 to 1024 bits and is a multiple of 64
choose q, a 160 bit prime factor of p-1
choose g = h power (p-1)/q
for any h1
then each user chooses a private key and computes their public key:
choose x
compute y = g power x(mod p)
DSA key generation is related to, but somewhat more complex than El Gamal.
Mostly because of the use of the secondary 160-bit modulus q used to help
speed up calculations and reduce the size of the resulting signature.
DSA签名创建和验证
在邮件M上签名
生成随机签名密钥k,k
计算
r =(g幂k(mod p))(mod q)
s = k-1.SHA(M)+ x.r(mod q)
发送带有消息
的签名(r,s)
要验证签名,请计算:
w = s-1(mod q)
u1 =(SHA(M).w)(mod q)
u2 = r.w(mod q)
v =(g幂u1.y幂u2(mod p))(mod q)
如果v = r,则签名被验证
DSA Signature Creation and Verification
to sign a message M
generate random signature key k, k
compute
r = (g power k(mod p))(mod q)
s = k-1.SHA(M)+ x.r (mod q)
send signature (r,s) with message
to verify a signature, compute:
w = s-1(mod q)
u1= (SHA(M).w)(mod q)
u2= r.w(mod q)
v = (g power u1.y power u2(mod p))(mod q)
if v=r then the signature is verified
签名创建再次类似于ElGamal,使用了
每个消息临时签名密钥k,但先进行计算calc p,
然后修改q以减小结果的大小.注意使用
哈希函数SHA在这里是显式的.验证还包括
比较两个计算,再次比这复杂一点,
但与El Gamal有关.
请注意,几乎所有计算都是模q,并且
因此更快.
但是,与RSA相比,DSA只能用于数字签名
Signature creation is again similar to ElGamal with the use of a
per message temporary signature key k, but doing calc first mod p,
then mod q to reduce the size of the result. Note that the use of
the hash function SHA is explicit here. Verification also consists of
comparing two computations, again being a bit more complex than,
but related to El Gamal.
Note that nearly all the calculations are mod q, and
hence are much faster.
But, In contrast to RSA, DSA can be used only for digital signatures
DSA安全性
在许多方案中存在下阈信道的存在(任何方案都需要选择随机数),而不仅仅是DSA.它强调了对系统安全性"的需求,而不仅仅是一个好的算法.
DSA Security
The presence of a subliminal channel exists in many schemes (any that need a random number to be chosen), not just DSA. It emphasises the need for "system security", not just a good algorithm.
这篇关于DSA和RSA有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
