Digital Signature

---

A digital signature is a message digest encrypted using the sender’s private key that is appended to a message to authenticate the sender and prove message integrity.

• If the two digests are the same
  • data has not been tampered with during transmission, and Alice’s identity is guaranteed
• provides:
  • data integrity
  • authentication
  • nonrepudiation
• identified by the name of the:
  • digital signature algorithm
  • and underlying cryptographic hash
  • e.g. ECDSA-SHA512

Challenge

The primary challenge is that a person needs to trust that the public key actually belongs to the sender.

• trust established by Digital Certificate

How it Works

• To digitally sign a message:
  • sender generates a hash of the message
    • called secure message digest
  • then uses their private key to encrypt the hash
    • this value is their digital signature
  • sender sends this digital signature along with the message, appending it to the message itself
• When the message arrives:
  • receiver uses the public key corresponding to the sender’s private key to decrypt the digital signature, thus restoring the original hash of the message
  • receiver can then verify the message’s integrity by hashing the message again and comparing the two hashes
• Software applications usually do this process for you

Integrity Protection Provided by Digital Signature

= hash

Methods

• two digital signature methods:
  1. Signature with appendix
     • given message , the signer generates a signature from the hash of message and sends a pair ()
     • verifier decrypts the signature to yield a hash , computes , the hash of the received message, then compares both hashes
  2. Signature with message recovery
     • given message , all or some of message is embedded in the signature
     • when the message is entirely embedded, the verification procedure requires only the signature and recovers from the signature

Digital Signature with Appendix

Digital Signature Algorithms

There are several standards for creating digital signatures:

• Public Key Cryptography Standard #1 (PKCS#1) defines the use of RSA’s digital signature algorithm
  • RSASSA (RSA Signature Scheme with Appendix)
• Digital Signature Algorithm (DSA) uses a variant of ElGamal
  • but Elliptic Curve DSA (ECDSA) is now more widely used
• DSA and ECDSA were developed as part of the US government’s Federal Information Processing Standards (FIPS)

Attacks

• attacks against digital signatures can be categorized into 3 groups:
  • Universal forgery
    • adversary is able to recover the private key of the signer and then signs any message on behalf of the legitimate key owner
  • Selective forgery
    • adversary is able to create valid signatures for messages of his/her choice
  • Existential forgery
    • adversary can generate a pair composed of a signature and a message without controlling the message content