2.3.

Digital Signature
Encryption – Process of converting electronic data into another form, called ciphertext, which cannot
be easily understood by anyone except the authorized parties. This assures data security.
Decryption– Process of translating code to data.

 The message is encrypted at the sender’s side using various encryption algorithms and
decrypted at the receiver’s end with the help of the decryption algorithms.

 When some message is to be kept secure like username, password, etc., encryption and
decryption techniques are used to assure data security.

Experience the ease of obtaining legally binding signatures online, all while maintaining the highest
standards of security and compliance with the leading e-signature platform, SignNow. It is a secure
and efficient electronic signature solution designed to streamline your document signing process
while ensuring top-tier security features.

Types of Encryption

Data encryption transforms information into a code that is only accessible to those with a password
or secret key, sometimes referred to as a decryption key.

Data that has not been encrypted is referred to as plaintext, whereas data that has been encrypted is
referred to as ciphertext.

In today’s business sector, encryption is one of the most popular and effective data protection
solutions.

By converting data into ciphertext, which can only be decoded with a special decryption key
generated either before or at the time of the encryption, data encryption serves to protect the
secrecy of data.

Symmetric Encryption
Data is encrypted using a key and the decryption is also done using the same key.

 There are a few strategies used in cryptography algorithms.

 For encryption and decryption processes, some algorithms employ a unique key.

 In such operations, the unique key must be secured since the system or person who knows
the key has complete authentication to decode the message for reading.

Symmetric Encryption
  Asymmetric Encryption
Asymmetric Cryptography is also known as public-key cryptography.

 It uses public and private keys for the encryption and decryption of message.

 One key in the pair which can be shared with everyone is called the public key.

 The other key in the pair which is kept secret and is only known by the owner is called the
private key.

Asymmetric Encryption

Public key– Key which is known to everyone. Ex-public key of A is 7, this information is known to
everyone.
Private key– Key which is only known to the person who’s private key it is.
Authentication-Authentication is any process by which a system verifies the identity of a user who
wishes to access it.
Non- repudiation– Non-repudiation is a way to guarantee that the sender of a message cannot later
deny having sent the message and that the recipient cannot deny having received the message.
Integrity– to ensure that the message was not altered during the transmission.
Message digest -The representation of text in the form of a single string of digits, created using a
formula called a one way hash function.

Encrypting a message digest with a private key creates a digital signature which is an electronic
means of authentication..

Digital Signature

A digital signature is a mathematical technique used to validate the authenticity and integrity of a
message, software, or digital document.

1. Key Generation Algorithms:

Digital signature is electronic signatures, which assure that the message was sent by a
particular sender.

While performing digital transactions authenticity and integrity should be assured,

otherwise, the data can be altered or someone can also act as if he was the sender and
expect a reply.
 2. Signing Algorithms:

To create a digital signature, signing algorithms like email programs create a one-way hash of
the electronic data which is to be signed.

The signing algorithm then encrypts the hash value using the private key (signature key).

This encrypted hash along with other information like the hashing algorithm is the digital
signature.

This digital signature is appended with the data and sent to the verifier.

The reason for encrypting the hash instead of the entire message or document is that a hash
function converts any arbitrary input into a much shorter fixed-length value.

This saves time as now instead of signing a long message a shorter hash value has to be
signed and moreover hashing is much faster than signing.

3. Signature Verification Algorithms:

Verifier receives Digital Signature along with the data.

It then uses Verification algorithm to process on the digital signature and the public key
(verification key) and generates some value.

It also applies the same hash function on the received data and generates a hash value.

If they both are equal, then the digital signature is valid else it is invalid.

The steps followed in creating digital signature are :

1. Message digest is computed by applying hash function on the message and then message
digest is encrypted using private key of sender to form the digital signature.

(digital signature = encryption (private key of sender, message digest) and message digest =
message digest algorithm(message)).

2. Digital signature is then transmitted with the message.(message + digital signature is

transmitted)

3. Receiver decrypts the digital signature using the public key of sender.(This assures
authenticity, as only sender has his private key so only sender can encrypt using his private
key which can thus be decrypted by sender’s public key).

4. The receiver now has the message digest.

5. The receiver can compute the message digest from the message (actual message is sent with
the digital signature).

6. The message digest computed by receiver and the message digest (got by decryption on
digital signature) need to be same for ensuring integrity.

Message digest is computed using one-way hash function, i.e. a hash function in which computation
of hash value of a message is easy but computation of the message from hash value of the message
is very difficult.
Assurances about digital signatures

The definitions and words that follow illustrate the kind of assurances that digital signatures offer.

1. Authenticity: The identity of the signer is verified.

2. Integration: Since the content was digitally signed, it hasn’t been altered or interfered with.

3. Non-repudiation: demonstrates the source of the signed content to all parties. The act of a
signer denying any affiliation with the signed material is known as repudiation.

4. Notarization: Under some conditions, a signature in a Microsoft Word, Microsoft Excel, or

Microsoft PowerPoint document that has been time-stamped by a secure time-stamp server
is equivalent to a notarization.

Benefits of Digital Signatures

 Legal documents and contracts: Digital signatures are legally binding. This makes them ideal
for any legal document that requires a signature authenticated by one or more parties and
guarantees that the record has not been altered.

 Sales contracts: Digital signing of contracts and sales contracts authenticates the identity of
the seller and the buyer, and both parties can be sure that the signatures are legally binding
and that the terms of the agreement have not been changed.

 Financial Documents: Finance departments digitally sign invoices so customers can trust that
the payment request is from the right seller, not from a bad actor trying to trick the buyer
into sending payments to a fraudulent account.

 Health Data: In the healthcare industry, privacy is paramount for both patient records and
research data. Digital signatures ensure that this confidential information was not modified
when it was transmitted between the consenting parties.

Drawbacks of Digital Signature

 Dependency on technology:

Because digital signatures rely on technology, they are susceptible to crimes, including
hacking.
 As a result, businesses that use digital signatures must make sure their systems are safe and
have the most recent security patches and upgrades installed.

 Complexity:

Setting up and using digital signatures can be challenging, especially for those who are
unfamiliar with the technology.

This may result in blunders and errors that reduce the system’s efficacy.

The process of issuing digital signatures to senior citizens can occasionally be challenging.

 Limited acceptance:

Digital signatures take time to replace manual ones since technology is not widely available
in India, a developing nation.

Notes 2:
1.3 Digital Signatures
* Requirements from the signature
a. Only you can sigh, but anyone can verify.
b. Signature is tied to a particular document (can't be cut-and-paste to another document).

API for digital signatures

--------------------------
Three operations to be performed
a. Generate keys -> provide the input keysize and this generates two keys sk and pk.
sk : secret signing key (Information kept secret and only for making signature)
pk: public verification key (Everybody is given access, and anyone can verify the signature)

(sk, pk) := generateKeys(keysize)

b. Sign Operation - Take the secret message key and some message that you want to put
your signature on. This returns a sig (signature) - string of bits that represents the signature;

sig := sign(sk, message)

 c. Verify Operation - Takes something that claims to be a valid signature and verifies if it is
correct.
It takes the public key of the signer, message which bears the signature, and takes the
supposed signature, then checks for its validity. The public key is required to verify the
signature.

isValid := verify(pk, message, sig)

------------------------------------------------------------------------------
(sk, pk) := generateKeys(keysize) -> randomized algorithm
sig := sign(sk, message) -> randomized algorithm
isValid := verify(pk, message, sig) -> deterministic algorithm
------------------------------------------------------------------------------

* Requirements for signatures

------------------------------
a. valid signatures verify : verify(pk, message, sign(sk, message)) == true
b. can't forge signatures : If someone knows pk, gets the signature on messages of choice,
can't produce a verifiable signature on another message.

* Signing a hash pointer - signature covers the whole structure.Signing the hash pointer at
the end of the block chain, then the result would be that you'll be digitally signing the entire
contents of the block chain.
--------------------------------------------------------------------------------------------------------------------------
-------------
* Bitcoin uses ECDSA standard
- ECDSA - Elliptic Curve Digital Signature Algorithm (US govt standard);
- Good randomness is essential, if bad randomness is used to generatekeys, or in the sign
operation - probably the private key could be leaked.