A digital signature or digital signature scheme is a type of asymmetric cryptography. For messages sent through an insecure channel, a good implementation of digital signature algorithm is the one that makes the receiver believe that the message was sent by the claimed sender, and trust the message.
Digital signatures are equivalent to traditional handwritten signatures in many respects; properly implemented digital signatures are more difficult to copy than the handwritten type. Digital signature are implemented using cryptography. Digital signatures can also provide acknowledgement, meaning that the signer cannot successfully claim they did not sign a message, while also claiming their private key remains secret;
Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that holds a meaning of a signature, but not all electronic signatures use digital signatures. In some countries, including the United States, and in the European Union, electronic signatures may have legal significance.
Digital signatures scheme[change | change source]
A digital signature system typically consists of three algorithms:
- A signing algorithm which inputs a message and a private key to output a signature.
- A signature verifying algorithm which given a message, public key and a signature, then decide either accepts or rejects.
Two main properties are required by the digital signature system:
- A signature generated from a fixed message and fixed private key should verify on that message and the corresponding public key.
- It should be computationally infeasible to generate a valid signature for a person who does not own the private key.
Digital signature security and attacks[change | change source]
The GMR signature scheme:
In 1984, Shafi Goldwasser, Silvio Micali, and Ronald Rivest became the first to strictly define the security requirements of digital signature schemes. They described a hierarchy of attack models for signature schemes, they also present the GMR signature scheme. GMR scheme was proven to be secure against adaptive chosen-message attacks — even when an attacker receives signatures for messages of his choice, this does not allow him to copy a signature for a single additional message.
In their foundational paper, Goldwasser, Micali, and Rivest lay out a hierarchy of attack models against digital signatures:
- In a key-only attack, the attacker is only given the public verification key.
- In a known message attack, the attacker is given valid signatures for a variety of messages known by the attacker but not chosen by the attacker.
- In an adaptive chosen message attack, the attacker first learns signatures on arbitrary messages of the attacker's choice.
They also describe a hierarchy of attack results:
- A total break results in the recovery of the signing key.
- A universal forgery attack results in the ability to forge signatures for any message.
- A selective forgery attack results in a signature on a message of the adversary's choice.
- An existential forgery merely results in some valid message/signature pair not already known to the adversary.
The strongest notion of security, therefore, is security against existential forgery under an adaptive chosen message attack.
Related pages[change | change source]
References[change | change source]
- US ESIGN Act of 2000
- The University of Virginia
- State of WI
- National Archives of Australia
- "A digital signature scheme secure against adaptive chosen-message attacks.", Shafi Goldwasser, Silvio Micali, and Ronald Rivest. SIAM Journal on Computing, 17(2):281-308, Apr. 1988.
Other websites[change | change source]
- Introduction to cryptography from the PGP international website