The security of Elgamal digital signature scheme relies on the difficulty of computing discrete logarithms. The security of the system follows from the fact that since x is kept private for forging Elgamal digital signature one do need to solve discrete logarithm problem.s
Suppose Eve want to forge Alice signature for a message m1and she doesn't know x (as x kept private by Alice), then she cannot compute s( as s ≡ (H(m1) − xr)k -1 (mod p − 1)). Now the only option left is to choose s which satisfies the verification. Thus s should satisfy equation y rr s ≡ g H(m)(mod p) as Eve knows (p, g, y) so she can compute r. So the equation can be rearrange as r s ≡ y -r g H(m)(mod p), which is again a discrete logarithm problem. So Elgamal signature scheme is secure, as long as discrete logarithm are difficult to compute.
Digital Signature Standards
Digital signature standards [6] define some standards to be followed. A digital signature scheme includes a signature generation and a signature verification. Each user has a public and private key and is the owner of that key pair.
For both the signature generation and verification processes, the message (i.e., the signed data) is converted to a fixed-length representation of the message by means of an approved hash function. Both the original message and the digital signature are made available to a verifier.
A verifier requires assurance that the public key to be used to verify a signature belongs to the entity that claims to have generated a digital signature (i.e., the claimed signatory). That is, a verifier requires assurance that the signatory is the actual owner of the public/private key pair used to generate and verify a digital signature. A binding of an owners identity and the owners public key shall be effected in order to provide this assurance.
A verifier also requires assurance that the key pair owner actually possesses the private key associated with the public key, and that the public key is a mathematically correct key. By obtaining these assurances, the verifier has assurance that if the digital signature can be correctly verified using the public key, the digital signature is valid (i.e., the key pair owner really signed the message). Digital signature validation includes both the (mathematical) verification of the digital signature and obtaining the appropriate assurances.
Technically, a key pair used by a digital signature algorithm could also be used for purposes other than digital signatures (e.g., for key establishment). However, a key pair used for digital signature generation and verification as specified in this Standard shall not be used for any other purpose. A number of steps are required to enable a digital signature generation or verification capability in accordance with Standards.
Initial Setup:-
Each intended signatory shall obtain a digital signature key pair that is generated as specified for the appropriate digital signature algorithm, either by generating the key pair itself or by obtaining the key pair from a trusted party. The intended signatory is authorized to use the key pair and is the owner of that key pair. Note that if a trusted party generates the key pair, that party needs to be trusted not to masquerade as the owner, even though the trusted party knows the private key.
After obtaining the key pair, the intended signatory (now the key pair owner) shall obtain assurance of the validity of the public key and assurance that he/she actually possesses the associated private key.