A digital signature is a cryptographic mechanism used to verify the authenticity and integrity of digital data. We can think of this as a digital version of ordinary handwritten signatures, but with higher levels of complexity and security.
To simplify, we can describe a digital signature as a code attached to a message or a document. After being generated, the code serves as proof that the message has not been tampered with in any way between the sender and the recipient.
Although the concept of securing communications using cryptography goes back quite a long way in human history, digital signature systems became a reality in the 1970s â thanks to the development of Public Key Cryptography (PKC). To know how digital signatures work, we first need to understand the basics of hash functions and public key cryptography.
Hash Functions
The Hash constitutes one of the main elements of a digital signature system. The hashing process involves transforming data of any size into an output with a pre-determined size. This is achieved with a special type of algorithm known as a hash function. The output generated by a hash function is known as a hash value or a fingerprint.
When combined with cryptography, the cryptographic hash function can be used to generate a hash value (fingerprint) that acts as a unique digital fingerprint. This means that any change in the input data (message) would result in a completely different output (hash value). This is the reason why cryptographic hash functions are widely used to verify the authenticity of digital data.
Public Key Cryptography (PKC)
Public key cryptography, or PKC, refers to a cryptography system that uses a pair of keys: a public key and a private key. The two keys are mathematically correlated and can be used for both data encryption and digital signatures.
As an encryption tool, PKC is more secure than more rudimentary methods of symmetric encryption. While older systems rely on the same key to encrypt and decrypt information, PKC allows for the encryption of data with a public key and decryption of that data with the corresponding private key.
Apart from this, the PKC scheme can also be applied in the generation of digital signatures. In essence, the process involves hashing a message (or digital data) with the signer's private key. Then, the recipient of the message can check if the signature is valid using the public key provided by the signer.
In some situations, digital signatures may include encryption, but this is not always the case. For example, the Bitcoin blockchain uses PKC and digital signatures, but contrary to what many people tend to believe, there is no encryption in the process. Technically, Bitcoin deploys the Elliptic Curve Digital Signature Algorithm (ECDSA) to authenticate transactions.
How digital signatures work
In the context of cryptocurrencies, a digital signature system often consists of three basic steps: hashing, signing and verification.
Data hashing
The first step is hashing the message or digital data. The latter is achieved by putting the data through a hashing algorithm so that a hash value is generated (i.e. a summary of the message). As mentioned, messages can vary significantly in size, but when they are hashed, all of their hash values ââare the same size. This is the most fundamental property of a hash function.
However, hashing data is not a mandatory condition for producing a digital signature, since a private key can be used to sign a message without it having been hashed. Regarding cryptocurrencies, data is systematically hashed because manipulating fingerprints whose size is fixed and invariable facilitates the process.
Signature
After hashing the information, the sender of the message must sign it. This is where public key cryptography comes into play. There are several types of digital signature algorithms, each with their own mechanism. But generally speaking, the hashed message will be signed with a private key, and the recipient of the message can then verify its validity using the corresponding public key (provided by the signer).
That is, if the private key is not included when the signature is generated, the recipient of the message will not be able to use the corresponding public key to verify its validity. The public and private keys are generated by the sender of the message, but only the public key is shared with the receiver.
It is important to note that digital signatures are directly linked to the content of each message. So unlike handwritten signatures, which tend to be systematically the same regardless of the message to which they are attached, each digitally signed message will have a different digital signature.
Verification
Let's take an example to illustrate the entire process up to the final verification step. Imagine that Alice writes a message to Bob, hashes it, and then combines the hash value with her private key to generate a digital signature. The signature will function as a unique digital fingerprint for that particular message.
When Bob receives the message, he can verify the validity of the digital signature using the public key provided by Alice. This way, Bob can be sure that the signature was created by Alice because she is the only one who has the private key that matches this public key (At least that's what Bob expects).
So it is crucial for Alice to keep her private key secret. If someone else gets their hands on Alice's private key, that person will be able to create digital signatures and pretend to be Alice. In the context of Bitcoin, this means that someone could use Alice's private key to move or spend her Bitcoins without her permission.
Why are digital signatures important?
Digital signatures are often used for three purposes that their properties achieve: data integrity, authentication and non-repudiation.
Data integrity. Bob can verify that Alice's message was not modified between sending and receiving. Any change to the message would produce a completely different signature.
Authenticity. As long as Alice's private key is kept secret, Bob can use his public key to confirm that the digital signatures were created by Alice and no one else.
Non-repudiation. Once the signature is generated, Alice will not be able to deny having applied it in the future, unless her private key is compromised in some way.
Use cases
Digital signatures can be applied to various types of digital documents and certificates. As such, they have several applications. Some of the most common use cases include:
Information Technologies, to improve the security of Internet communication systems.
Finance. Digital signatures can be implemented for audits, expense reports, loan agreements, and more.
The Legal. Digital signing of all types of business-to-business contracts and legal agreements. The same goes for government documents.
Social Security. Digital signatures can act as prevention against prescription and medical records fraud.
Blockchain. Digital signatures ensure that only the rightful owner of the funds is able to sign a transaction (as long as their private keys are not compromised).
Restrictions
The main challenges facing digital signature systems depend on at least three requirements:
The Algorithm. The quality of the algorithms used in a digital signature scheme is important. This includes choosing reliable hash functions and cryptographic systems.
Implementation. If the algorithms are good, but the implementation is not, the digital signature system will likely have flaws.
Private key. If the private keys are leaked or compromised in any way, the authenticity and non-repudiation properties will be invalidated. For cryptocurrency users, losing a private key can result in significant financial losses.
Electronic signatures versus digital signatures
Simply summarized, digital signatures are a special type of electronic signature â which refers to any electronic method of signing a document or message. Therefore, all digital signatures are electronic signatures, but the reverse is not systematically true.
The main difference between them is the authentication method. Digital signatures deploy cryptographic systems, such as hash functions, public key cryptography, as well as encryption techniques.
To conclude
Hash functions and public key cryptography are at the heart of digital signature systems, which are now applied to a wide range of use cases. If implemented correctly, digital signatures can increase security, ensure integrity, and facilitate authentication of all types of digital data.
In blockchain, digital signatures are used to sign and authorize cryptocurrency transactions. They are particularly important for Bitcoin because signatures ensure that coins can only be spent by individuals who have the corresponding private keys.
Although they have been used for years, there is still much progress to be made in the field of digital and electronic signatures. A large proportion of today's bureaucracy still relies on the use of paper, but it is likely that we will see widespread adoption of digital signatures as we move towards an ever more digitalized society.
