Digital Signature
Last updated
Last updated
Digital Signature is a mathematical scheme or technique that can be used to verify the authenticity of digital messages. When the receiver verifies the digital signature, if it turns out to be valid, the receiver can believe that the message has come from an authentic and known source or sender.
The receiver can also ensure that the message was not modified or altered during the transit of the message along the way. Digital signatures are the most common techniques used in cryptographic techniques for security and privacy maintenance. Most commonly, digital signatures employ asymmetric key cryptography. If the digital signature is implemented correctly, we can say that the digital signature gives the receiver a reason to be assured that the received message has come from a particular known sender. The digital signature can be used for non-repudiation also. It means that the sender cannot claim that it did not send the message because the digital signature of a particular sender is associated with the sent message and associated with the sender’s private key. Hence, a digital signature preserves three main properties, i.e., authentication, integrity, and non- repudiation. The general digital signature algorithm has three main steps :
Key generation step where the private key is selected by the algorithm and the corresponding public key is also generated.
In this step, with a message and private key, the algorithm outputs the digital signature of the particular sender.
The receiver verifies the authenticity with the message, digital signature, and public key.
The digital signature provides authentication by using asymmetric key cryptography As shown in Fig.1.1.3, we can see that the message sent by Alice is verified by Bob using the digital signature mechanism. Hence, Bob is ensured that the message has been sent by Alice only and not any other malicious entity. The process takes place using the sender’s public key and private key. The private key of Alice is only known to herself and not to others. But, the public key of Alice is known to everyone. Alice’s public key can only decrypt the message or data which is encrypted by Alice’s private key. Thus, these two keys are interconnected. This property of asymmetric key cryptography provides the base for the authentication mechanism to play its role.
The sender Alice uses her private key to encrypt the message and this encrypted message is sent to Bob. Anyone can see the message after decryption using Alice’s public key between the transmission because Alice’s public key is available to everyone.
The goal is not to provide confidentiality but to provide just authentication. We can combine other techniques to ensure the confidentiality of the message also. But here, we need only authentication. So, after the Bob has received the encrypted message, this message can be decrypted by Bob using Alice’s public key. Thus, he can compare the original message and decrypted message to check if both messages are equal. If both the messages are equal, we can say that Alice sent the message, thus providing authentication.
The integrity of the data is essential. The data can be altered, or the integrity of the data can be breached along the way of transmission of the data. Thus, a mechanism to ensure the integrity of the data is required. The digital signature provides a widely used mechanism for ensuring the integrity of the received data.
As shown in Fig. 1.1.5, we consider both the hash and encryption to generate the encrypted message digest. Then at the receiver end, the receiver decrypts the message digest and compares it with its calculated message digest. If both are matched, then we can say that the data is not altered in between. The sender first creates the hash of the data, also called a message digest. Then it encrypts it by using the private key of its own to provide authentication. Then both the message and the encrypted message digest or hash are directed to the receiver end. At the receiver end, the receiver decrypts the encrypted message digest by using the sender’s public key, and thus, it gets the message digest of the original message.
Now the receiver generated message digest of the received plain text message with the same algorithm used at the sender side. Both of the message digests are compared and matched. If both the message digest are equal, we can say that the message is not altered. And if the message has been altered in between, the message digest calculated by the receiver would be different from the sender’s message digest because, as per the property of the cryptographic hash functions, any minute change in the message or plain text can result in a significant difference in the message digest. This way, the integrity of the message or plain text can be preserved using a digital signature.
Non-repudiation is a property or security measure that a digital signature pro- vides. The sender cannot deny sending a message that he sent. If the sender has sent some message to the receiver and after some time the sender refuses to admit that he has sent that particular message, if the digital signature was applied in this situation, then the sender could not deny that they have not sent that specific message. From the concept of the digital signature, we know that if the sender sends a message by encrypting the message with its private key, then that encrypted message can be decrypted only by its public key. A similar mechanism is applied here also. If the sender’s public key can successfully decrypt the message, it is evident that the message has been encrypted by using the sender’s private key, and the sender itself can only possess that. So no other entity could send this encrypted message which that sender’s public key can successfully decrypt. This way sender cannot deny send- ing the message.
There are different algorithms for digital signature, which are mentioned below and discussed later in this chapter:
RSA (Rivest, Shamir, Adleman) Algorithm.
ElGamal Encryption System.
DSA (Digital Signature Algorithm).
ECDSA (Elliptic Curve Digital Signature Algorithm).
