Computer Science Wiki

Search

SearchSearch

Digital Signature

Sep 13, 20243 min read

Digital signature gives the receiver reasons to believe the message was created and sent by the claimed sender. It also ensures non-repudiation which prevents the sender from later claiming that they didn’t send a message or they didn’t participate in a transaction.

How does digital signature work

In asymmetric cryptography, the sender encrypts the message (m) using the receiver’s public key, so that the receiver can decrypt the encrypted message with their private key D(E(m, KPUB,Receiver), KPRIV,Receiver) = m. But what if we inverse the process, the sender sends encrypted message using their private key, and the receiver decode it using the sender’s public key? D(E(m, KPRIV,Sender), KPUB,Sender)

Symmetric properties of encryption and decryption

If decryption D and encryption E can operate in either order (e.g. RSA cryptographic system) that D(E(m)) = m = E(D(m)), then they can be used to “sign” a message. In this scenario, Bob, the receiver, wants to verify if a message is truely sent by Alice.

  1. Alice sends the digital signature
    • Alice calculates a hash of the message (m) using a hash algorithm (H), and encrypt it with her private key.
    • It can be described as E(H(m), KPRIV,Alice)
    • This encrypted message digest is the digital signature, and Alice will send the digital signature along with the message itself to Bob.
  2. Everyone including Bob can see the signature
    • Since everyone including Bob has Alice’s public key, and given D(E(m)) = m = E(D(m)), everyone can decrypt the encrypted hash digest using Alice’s public key.
    • Bob, the receiver, can also decrypt the digest using Alice’s public key as follow D(E(H(m), KPRIV,Alice), KPUB,Alice))
    • Once decrypted, Bob can obtain the hashed message H(m)
  3. Verify the sender of the message
    • Once Bob has the decrypted digest H(m)Alice and the message it self m, Bob will check the integrity of m by calculating the hash of m individually with the same algorithm Bob used.
    • If the Bob calculated digest H(m)Bob matches the digest sent by Alice H(m)Alice, Bob can confirm that the message is sent by Alice and has not changed during transmission.
    • If Bob cannot decrypt the message using Alice’s public key or the hash result does not match Alice’s, that could suggest that the message might have been tampered with or was not sent by Alice.

Because everyone has the public key of the sender, and everyone can decrypt the private key ciphered text using the sender’s public key, the whole concern is not the confidentiality of the message, but is to make sure the message came from the purported sender.

Combine signature and encryption

Combining both digital signature and encryption technique is used to enhance the security of communication by addressing two key concerns: the authenticity of the sender and the confidentiality of the message. This hybrid method is used when distributing shared secrete keys. (more on: Secure distribution with key-pairs and digital signature)

Back to parent page: Network Security and Cryptography

Computer_networksNetwork_securityINFO1112Digital_signature

Graph View

Backlinks