Ditigal Signature
Transcript of Ditigal Signature
-
8/9/2019 Ditigal Signature
1/2
6. Explain Digital Signature?
In cryptography, a digital signature or digital signature scheme is a type of
asymmetric cryptography used to simulate the security properties of a signature in
digital, rather than written, form. Digital signature schemes normally give two
algorithms, one for signing which involves the user's secret or private ey, and onefor verifying signatures which involves the user's pu!lic ey. "he output of the
signature process is called the #digital signature.#
Digital signatures, lie written signatures, are used to provide authentication of the
associated input, usually called a #message.# $essages may !e anything, from
electronic mail to a contract, or even a message sent in a more complicated
cryptographic protocol. Digital signatures are used to create pu!lic ey
infrastructure %&I( schemes in which a user's pu!lic ey %whether for pu!lic)ey
encryption, digital signatures, or any other purpose( is tied to a user !y a digital
identity certi*cate issued !y a certi*cate authority. &I schemes attempt to
un!reaa!ly !ind user information %name, address, phone num!er, etc.( to a pu!licey, so that pu!lic eys can !e used as a form of identi*cation.
Digital signatures are often used to implement electronic signatures, a !roader term
that refers to any electronic data that carries the intent of a signature+-, !ut not all
electronic signatures use digital signatures.+-+/-+0-+1- In some countries, including
the 2nited States, and in the European 2nion, electronic signatures have legal
signi*cance. 3owever, laws concerning electronic signatures do not always mae
clear their applica!ility towards cryptographic digital signatures, leaving their legal
importance somewhat unspeci*ed
4
5ene*ts of digital signatures
"hese are common reasons for applying a digital signature to communications
7uthentication
7lthough messages may often include information a!out the entity sending a
message, that information may not !e accurate. Digital signatures can !e used to
authenticate the source of messages. 8hen ownership of a digital signature secret
ey is !ound to a speci*c user, a valid signature shows that the message was sent
!y that user. "he importance of high con*dence in sender authenticity is especiallyo!vious in a *nancial context. 9or example, suppose a !an's !ranch o:ce sends
instructions to the central o:ce re;uesting a change in the !alance of an account. If
the central o:ce is not convinced that such a message is truly sent from an
authori
-
8/9/2019 Ditigal Signature
2/2
In many scenarios, the sender and receiver of a message may have a need for
con*dence that the message has not !een altered during transmission. 7lthough
encryption hides the contents of a message, it may !e possi!le to change an
encrypted message without understanding it. %Some encryption algorithms, nown
as nonmallea!le ones, prevent this, !ut others do not.( 3owever, if a message is
digitally signed, any change in the message will invalidate the signature.9urthermore, there is no e:cient way to modify a message and its signature to
produce a new message with a valid signature, !ecause this is still considered to !e
computationally infeasi!le !y most cryptographic hash functions %see collision
resistance(.
Draw!acs of digital signatures
7ssociation of digital signatures and trusted time stamping
Digital signature algorithms and protocols do not inherently provide certainty a!out
the date and time at which the underlying document was signed. "he signer might,
or might not, have included a time stamp with the signature, or the document itself
might have a date mentioned on it, !ut a later reader cannot