A digital signature is a cryptographic mechanism used to verify the authenticity and integrity of digital data. We can consider it a digital version of ordinary handwritten signatures, but with a higher level of complexity and security.
In simple terms, we could describe a digital signature as code linked to a message or document. After being generated, said code acts as proof that the message has not been manipulated during the process that takes it from the sender to the receiver.
Although the concept of protecting communications through the use of cryptography dates back to ancient times, digital signature schemes became a real possibility in the 1970s – thanks to the development of Public Key Cryptography (PKC). So, to learn how digital signatures work, we need to first understand the fundamentals of hash functions and public key cryptography.
Hash functions
Hashing is one of the main elements of digital signature systems. The hashing process involves transforming data of any size into an output of fixed length. This is achieved using a type of special algorithms known as hash functions. The output generated by a hash function is called the hash value or digest of the message.
In combination with cryptography, so-called cryptographic hash functions can be used to generate a hash value (digest) that functions as a unique fingerprint. This means that any change to the input data (message) will result in a completely different output (hash value). And this is the reason why cryptographic hash functions are widely used to verify the authenticity of digital data.
Public Key Cryptography (PKC)
Public key cryptography, or PKC, designates the cryptographic system that makes use of a pair of keys: one public and one private. The two keys are mathematically linked and can be used for both data encryption and digital signatures.
As an encryption tool, PKC is more secure than more rudimentary methods of symmetric encryption. While older systems rely on the same key to encrypt and decrypt information, PKC allows data to be encrypted using the public key, and decrypted using the corresponding private key.
Apart from that, the PKC scheme can be applied for generating digital signatures. Basically, the process consists of hashing a message (or digital data) along with the signer's private key. The recipient of the message can then check whether the signature is valid using the public key provided by the signer.
In some circumstances, digital signatures may involve encryption, although this is not always the case. For example, the Bitcoin blockchain makes use of PKC and digital signatures, but unlike what many tend to believe, no encryption occurs in the process. Technically, Bitcoin uses the so-called Elliptic Curve Digital Signature Algorithm (ECDSA) to authenticate transactions.
How digital signatures work
In the cryptocurrency space, a digital signature system often consists of three basic steps: hashing, signing, and verification.
Data hashing
The first step is to hashing the message or digital data. This is achieved by processing the data using a hashing algorithm, in order to obtain a hash value (in this case, the digest of the message). As already mentioned, the size of messages can vary significantly, but when they are hashed, all their resulting hash values have the same length. This is the most basic property of a hash function.
However, to produce a digital signature it is not essential to subject the data to hashing, because one can use a private key to sign a message that has in no way been hashed. Now, in the case of cryptocurrencies, the data is always subjected to a hashing process because dealing with digests of fixed length makes the entire process easier.
Business
After hashing the information, the sender of the message must sign it. This is the moment when public key cryptography comes into action. There are various types of digital signature algorithms, each with its own particular mechanism. But in general, the message that has been hashed will be signed with a private key, and the recipient will be able to verify its validity using the corresponding public key (provided by the signer).
In other words, if the private key is not included when the signature is generated, the recipient of the message will not be able to use the corresponding public key to verify its validity. Both the public and private keys are generated by the sender of the message, but only the public key is shared with the receiver.
It is worth noting that digital signatures are directly related to the content of each message. So unlike handwritten signatures, which tend to be the same regardless of the message, each digitally signed message will have a different digital signature.
check
Let's take an example to illustrate the entire process until the final verification step. Imagine that Alice writes a message to Bob, encrypts it, and then combines the hash value with her private key to generate a digital signature. The signature will function as a unique fingerprint of that particular message.
When Bob receives the message, he can verify the validity of the digital signature using the public key provided by Alice. This way, Bob can be sure that the signature was created by Alice because only she has the private key that corresponds to that public key (at least that's what we hope).
So, it is crucial for Alice to keep her private key secret. If another person gets their hands on Alice's private key, they can create digital signatures and pretend to be Alice. In the context of Bitcoin, this means that someone could use Alice's private key to move or spend her Bitcoins without her permission.
Why are digital signatures important?
Digital signatures are often used to achieve three outcomes: data integrity, authentication, and non-repudiation.
Data integrity. Bob can verify that Alice's message has not changed along the way. Any modification to the message would produce a completely different signature.
Authenticity. As long as Alice's private key is kept secret, Bob can use her public key to confirm that the digital signatures were created by Alice and no one else.
I do not repudiate. Once the signature has been generated, Alice will not be able to deny having signed it in the future, unless her private key is compromised in some way.
Use cases
Digital signatures can be applied to various types of documents and digital certificates. As such, they have several applications. Some of the most common use cases include:
Information technology. To improve the security of Internet communication systems.
Finance. Digital signatures can be implemented in audits, expense reports, loan agreements, and much more.
Legal. Digital signature of all types of business contracts and legal agreements, including government documents.
Health care. Digital signatures can prevent prescription and medical records fraud.
Blockchain. Digital signature schemes ensure that only legitimate owners of cryptocurrencies can sign a transaction to move funds (as long as their private keys are not compromised).
Limitations
The main challenges faced by digital signature schemes are based on at least three requirements:
Algorithm. The quality of the algorithms used in a digital signature scheme is important. This includes choosing reliable hash functions and cryptographic systems.
Implementation. If the algorithms are good, but the implementation is not, the digital signature system is likely to be flawed.
Private key. If the private keys are leaked or compromised in any way, the authenticity and non-repudiation properties will be invalidated. For cryptocurrency users, losing a private key can result in significant financial losses.
Electronic signatures vs. Digital signatures
Simply put, digital signatures relate to a particular type of electronic signatures, which refer to any electronic method of signing documents and messages. Therefore, all digital signatures are electronic signatures, but the opposite is not always true.
The main difference between them is the authentication method. Digital signatures implement cryptographic systems, such as hash functions, public key cryptography, and encryption techniques.
In conclusion
Hash functions and public key cryptography are at the core of digital signature systems, which are now applied to a wide range of use cases. If implemented correctly, digital signatures can increase security, ensure integrity, and facilitate authentication of all types of digital data.
In the blockchain space, digital signatures are used to sign and authorize cryptocurrency transactions. They are particularly important for Bitcoin because the signatures ensure that the coins can only be spent by people who own the corresponding private keys.
Although we have been using electronic and digital signatures for years, there is still plenty of room to grow. Much of today's bureaucracy still relies on paperwork, but we will likely see greater adoption of digital signature schemes as we migrate to a more digitized system.
