Description

The Digitial Signature Standard, created by the NIST, specifies DSA as the algorithm for digital signatures and SHA-1 for hashing. DSA is for signatures only and is not an encryption algorithm, although Schneier describes encryption mechanisms (ElGamel encryption and RSA encryption) based on DSA.

DSA is a public key algorithm; the secret key operates on the message hash generated by SHA-1; to verify a signature, one recomputes the hash of the message, uses the public key to decrypt the signature and then compare the results. The key size is variable from 512 to 1024 bits which is adequate for current computing capabilities as long as you use more than 768 bits.

Signature creation is roughly the same speed as with RSA, but is 10 to 40 times (Schneier) as slow for verification. However, these numbers depend partially on the assumptions made by the benchmarker. Since verification is more frequently done than creation, this is an issue worth noting.

The only known cracks (forgery) are easily circumvented by avoiding the particular moduli (prime factor of p - 1 where p is the public key) that lead to weak signatures. Schneier states that DSS is less susceptible to attacks than RSA; the difference is that RSA depends on a secret prime while DSA depends on a public prime -- the verifier can check that the prime number is not a fake chosen to allow forgery. It is possible to implement the DSA algorithm such that a "subliminal channel" is created that can expose key data and lead to forgable signatures so one is warned not to used unexamined code.

There is an unresolved patent dispute on DSA (Schnorr, expires 2008) which hampers roll-out of the DSS.

References

Applied Cryptography, 2nd Ed, Bruce Schneier.

See Also