DIGITAL SIGNATURE

 The Digital Signature is a technique which is used to validate the

authenticity and integrity of the message.
 We know that there are four aspects of security: privacy,
authentication, integrity, and non-repudiation.
 The basic idea behind the Digital Signature is to sign a document.
 When we send a document electronically, we can also sign it.
 We can sign a document in two ways: to sign a whole document
and to sign a digest.
Signing the Whole Document

o In Digital Signature, a public key encryption technique is used to

sign a document. However, the roles of a public key and private
key are different here. The sender uses a private key to encrypt
the message while the receiver uses the public key of the sender
to decrypt the message.
o In Digital Signature, the private key is used for encryption while the
public key is used for decryption.
o Digital Signature cannot be achieved by using secret key
encryption.
Digital Signature is used to achieve the following three aspects:
o Integrity: The Digital Signature preserves the integrity of a
message because, if any malicious attack intercepts a message
and partially or totally changes it, then the decrypted message
would be impossible.
o Authentication: We can use the following reasoning to show how
the message is authenticated. If an intruder (user X) sends a
message pretending that it is coming from someone else (user A),
user X uses her own private key to encrypt the message. The
message is decrypted by using the public key of user A. Therefore,
this makes the message unreadable. Encryption with X's private
key and decryption with A's public key results in garbage value.
o Non-Repudiation: Digital Signature also provides non-
repudiation. If the sender denies sending the message, then her
private key corresponding to her public key is tested on the
plaintext. If the decrypted message is the same as the original
message, then we know that the sender has sent the message.
1. Key Generation Algorithms: Digital signature is electronic
signatures, which assure that the message was sent by a particular
sender. While performing digital transactions authenticity and
integrity should be assured, otherwise, the data can be altered or
someone can also act as if he was the sender and expect a reply.
2. Signing Algorithms: To create a digital signature, signing
algorithms like email programs create a one-way hash of the
electronic data which is to be signed. The signing algorithm then
encrypts the hash value using the private key (signature key). This
encrypted hash along with other information like the hashing
algorithm is the digital signature. This digital signature is appended
with the data and sent to the verifier. The reason for encrypting the
hash instead of the entire message or document is that a hash
function converts any arbitrary input into a much shorter fixed-length
value. This saves time as now instead of signing a long message a
shorter hash value has to be signed and moreover hashing is much
faster than signing.
3. Signature Verification Algorithms: Verifier receives Digital
Signature along with the data. It then uses Verification algorithm to
process on the digital signature and the public key (verification key)
and generates some value. It also applies the same hash function on
the received data and generates a hash value. If they both are
equal, then the digital signature is valid else it is invalid.
Requirements for a digital signature:
·Must authenticate the content of the message at the time of the
signature
·Must authenticate the author, date, and time of the signature
·Receiver can verify the claimed identity of the sender
·Sender cannot later repudiate the content of the message
·Receiver cannot possibly have concocted the message himself
·Can be verified by third-parties to resolve disputes
Examples:
·The bank needs to verify the identity of the client placing a transfer
order
·The client cannot deny later having sent that order
·It is impossible for the bank to create transfer orders and claim they
actually came from the client

The steps followed in creating digital signature are:

1. Message digest is computed by applying hash function on the

message and then message digest is encrypted using private key of
sender to form the digital signature. (digital signature = encryption
(private key of sender, message digest) and message digest =
message digest algorithm(message)).
2. Digital signature is then transmitted with the message. (message +
digital signature is transmitted)
3. Receiver decrypts the digital signature using the public key of
sender. (This assures authenticity, as only sender has his private
key so only sender can encrypt using his private key which can thus
be decrypted by sender’s public key).
4. The receiver now has the message digest.
5. The receiver can compute the message digest from the message
(actual message is sent with the digital signature).
6. The message digest computed by receiver and the message digest
(got by decryption on digital signature) need to be same for ensuring
integrity.
Message digest is computed using one-way hash function, i.e. a hash
function in which computation of hash value of a message is easy but
computation of the message from hash value of the message is very
difficult.
Benefits of Digital Signatures

 Legal documents and contracts: Digital signatures are legally

binding. This makes them ideal for any legal document that requires
a signature authenticated by one or more parties and guarantees
that the record has not been altered.
 Sales contracts: Digital signing of contracts and sales contracts
authenticates the identity of the seller and the buyer, and both
parties can be sure that the signatures are legally binding and that
the terms of the agreement have not been changed.
 Financial Documents: Finance departments digitally sign invoices
so customers can trust that the payment request is from the right
seller, not from a bad actor trying to trick the buyer into sending
payments to a fraudulent account.
 Health Data: In the healthcare industry, privacy is paramount for
both patient records and research data. Digital signatures ensure
that this confidential information was not modified when it was
transmitted between the consenting parties.

Drawbacks of Digital Signature

 Dependency on technology: Because digital signatures rely on

technology, they are susceptible to crimes, including hacking. As a
result, businesses that use digital signatures must make sure their
 systems are safe and have the most recent security patches and
upgrades installed.
 Complexity: Setting up and using digital signatures can be
challenging, especially for those who are unfamiliar with the
technology. This may result in blunders and errors that reduce the
system’s efficacy. The process of issuing digital signatures to senior
citizens can occasionally be challenging.
 Limited acceptance: Digital signatures take time to replace manual
ones since technology is not widely available in India, a developing
nation.
Two general schemes for digital signatures
1. Direct
2. Arbitrated
1. Arbitrated digital signatures
Every signed message from A to B goes to an arbiter BB (Big Brother)
that everybody trusts BB checks the signature and the timestamp, origin,
content, etc. BB dates the message and sends it to B with an indication
that it has been verified and it is legitimate.
E.g., every user shares a secret key with the arbiter
· A sends to BB in an encrypted form the plaintext P together with
B’s id, a timestamp and a random number RA
· BB decrypts the message and thus makes sure it comes from A;
it also checks the timestamp to protect against replays
· BB then sends B the message P, A’s id, the timestamp and the
random number RA; he also sends a message encrypted with his own
private key (that nobody knows) containing A’s id, timestamp t and the
plaintext P (or a hash)
· B cannot check the signature but trusts it because it comes from
BB – he knows that because the entire communication was encrypted
with KB
· B will not accept old messages or messages containing the
same RA to protect against replay
· In case of dispute, B will show the signature he got from BB
(only BB may have produced it) and BB will decrypt it

2. Direct digital signatures

·This involves only the communicating parties and it is based on public
key so the sender knows the public key of the receiver
·Digital signature: encrypt the entire message (or just a hash code of the
message) with the sender’s private key
·If confidentiality is required: apply the receiver’s public key or encrypt
using a shared secret key

Differences between Direct and Arbitrated Digital Signature

Basis of
Direct Signature Arbitrated Digital Signature
Difference

Definition A digital signature made A digital signature made and

and confirmed by an confirmed by an underwriter
 endorser without the
with the involvement of a
inclusion of a trusted third
trusted third party.
party.

The signer sends the message

The underwriter makes the and the hash of the message
signature utilizing their to a trusted third party (TTP),
Signing private key, whereas the who makes the signature
Process beneficiary confirms the utilizing their private key. The
signature using the public beneficiary confirms the
key of the signer. signature utilizing the TTP's
public key.

The signer is mindful of

The TTP is dependable for
overseeing their private
Key overseeing its claim private
key, and the beneficiary is
Administration key/keys and the public keys of
dependable for overseeing
all underwriters.
the signer's public key.

Arbitrated digital signatures are

Coordinate digital
more secure since the trusted
signatures are more
third party confirms the
Security helpless to assaults since
character of the endorser and
there's no trusted third
guarantees the judgment of the
party included
message.

Trust Coordinate digital Arbitrated digital signatures are

signatures are ordinarily utilized in circumstances where
utilized in circumstances the parties included don't
where the parties included fundamentally believe each
now believe each other. other, or where next/high level
 of trust is required.

Coordinate digital
Arbitrated digital signatures are
signatures are ordinarily
ordinarily more costly since
Cost less costly since they don't
they require the association of
require the inclusion of a
a trusted third party.
trusted third party.

Arbitrated digital signatures are

Direct digital signatures are commonly utilized in budgetary
commonly utilized in peer- exchanges, lawful activities,
Utilize Cases
to-peer exchanges and and other circumstances
individual communications. where a high level of security
and belief is required.