6Digital signature

Digital signatures are the most important development from the work on public-key cryptography, and provide a set of security capabilities that would be difficult to implement in any other way. A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure the integrity of the message. Digital signatures are easily transportable and cannot be imitated by someone else. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.

Digital signatures are based on handwritten signatures, which are used for ownership rights or message content confirmation.

Handwritten signatures should have the following properties:

In practice, none of these features is consistently fulfilled in handwritten signatures and can be discredited or corrupted. All these features should have digital signatures too. However, there are some problems associated to the practical realization of digital signatures. Digital files can be easily copied and part of a document can be transmitted to another document and the signed document can be easily modified.

The following requirements can be formulated for a digital signature:

A digital signature can be used with any kind of message, whether encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact.

There are several possible schemes for digital signatures. Among others, one of the most accepted schemes is based on hash functions. In this case, if a user wants to digitally sign a document, the steps that he/she has to follow are:

  1. Evaluate the hash of the document to be signed.
  2. Using asymmetric encryption, encrypt the hash with the sender’s private key to obtain the digital signature.
  3. Append the digital signature to the document.
image
Fig 6.1 Hash based digital signature

The receiver can verify the authenticity of this digital signature following the steps below:

  1. Evaluate the hash of the document (excluding the digital signature).
  2. Using asymmetric encryption, decrypt the digital signature with the sender’s public key to obtain a message digest.
  3. Compare the results obtained in the two previous steps
image
Fig 6.2 Verification process of a hash-based digital signature

If the message digests obtained in the two steps are the same, the recipient will know that the signed data has not been changed.