BS ISO/IEC 14888-3:2006+A2:2012

This part of ISO/IEC 14888 specifies digital signature mechanisms with appendix whose security is based on the discrete logarithm problem. This part of ISO/IEC 14888 provides

• a general description of a digital signature with appendix mechanism;

• a variety of mechanisms that provide digital signatures with appendix.

For each mechanism, this part of ISO/IEC 14888 specifies

• the process of generating a pair of keys;

• the process of producing signatures;

• the process of verifying signatures.

The verification of a digital signature requires the signing entity’s verification key. It is thus essential for a verifier to be able to associate the correct verification key with the signing entity, or more precisely, with (parts of) the signing entity’s identification data. This association between the signer’s identification data and the signer’s public verification key can either be guaranteed by an outside entity or mechanism, or the association can be somehow inherent in the verification key itself. In the former case, the scheme is said to be “certificate-based.” In the latter case, the scheme is said to be “identity based.” Typically, in an identity-based scheme, the verifier can derive the signer’s public verification key from the signer’s identification data. The digital signature mechanisms specified in this part of ISO/IEC 14888 are classified into certificate-based and identity-based mechanisms.

NOTE – For certificate-based mechanisms, various PKI standards can be used for key management. For further information, see ISO/IEC 11770-3, ISO/IEC 9594-8 (also known as X.509) and ISO/IEC 15945.