NoteVerse

Digital Signatures

Comprehensive study notes, diagrams, and exam preparation for Digital Signatures.

Digital Signatures

Definition

A digital signature is a cryptographic technique that uses a pair of mathematically related keys—one private and one public—to verify the authenticity, integrity, and origin of digital data.

In simple terms, it is a secure electronic signature that:

  • confirms who signed the data,
  • ensures the data has not been changed,
  • and helps prove that the signer cannot easily deny having signed it.

A digital signature is typically created by applying a signing algorithm to a hash of the message using the sender’s private key, and verified using the corresponding public key.

Main Content

1. Public Key Cryptography in Digital Signatures

  • Digital signatures are built on asymmetric cryptography, also called public key cryptography, where each user has two keys:
  • a private key kept secret by the owner,
  • a public key shared with others.
  • The private key is used to create the signature, while the public key is used to verify it. This separation is what makes digital signatures secure.
  • Example: If Alice signs a contract with her private key, anyone with Alice’s public key can verify that the signature was produced by Alice’s key and that the document has not been changed.

Why this matters:
If someone only knows the public key, they cannot realistically generate a valid signature. This prevents impersonation and unauthorized signing.

2. Hash Function and Message Digest

  • Before signing, the document is passed through a hash function such as SHA-256.
  • A hash function converts data of any size into a fixed-length output called a message digest or hash value.
  • The digital signature is usually created on the hash rather than the entire file because:
  • it is faster,
  • it is more efficient,
  • and it ensures that even a tiny change in the message produces a completely different hash.

Example:
If a PDF document is signed, the system does not directly sign every byte of the PDF. Instead, it calculates a hash of the PDF content and signs that hash. If someone edits one word in the PDF later, the hash changes and the verification fails.

Important idea:
The hash acts like a unique fingerprint of the message.

3. Authenticity, Integrity, and Non-Repudiation

Authenticity

  • means the recipient can confirm the signer’s identity.

Integrity

  • means the message has not been altered after signing.

Non-repudiation

  • means the signer cannot easily deny having signed the message later.

These three properties are the main security goals of digital signatures.

Example in practice:
In online tax filing, a digital signature can show that:

  • the form really came from the registered taxpayer,
  • the submitted data was not modified in transit,
  • and the taxpayer cannot later claim they never filed it.

Why it is important:
Digital signatures are trusted in legal, financial, and government environments because they provide much stronger evidence than a typed name or scanned signature.

Working / Process

1. Key Generation

  • The signer creates a key pair using a cryptographic algorithm.
  • The private key remains secret, while the public key is shared through a certificate or trusted system.
  • Often, the public key is bound to the user’s identity by a digital certificate issued by a Certificate Authority.

2. Signing the Data

  • The message or document is first hashed.
  • The hash is then encrypted or processed with the signer’s private key to produce the digital signature.
  • The signature is attached to the message and sent together.

3. Verification

  • The receiver hashes the received message again using the same hash algorithm.
  • The receiver uses the signer’s public key to verify the signature and compare results.
  • If both match, the signature is valid; if the message has been changed or the signature is fake, verification fails.

Simple flow for understanding:

Sender side:
Message → Hash Function → Digest → Sign with Private Key → Digital Signature

Receiver side:
Received Message → Hash Function → Digest
Received Signature → Verify with Public Key
Compare both digests → Valid or Invalid

Example:
Suppose a company sends a digitally signed purchase order to a supplier. The supplier verifies it using the company’s public key. If the order text was altered from “100 units” to “1000 units,” the verification would fail immediately.

Advantages / Applications

Strong security and trust

  • Digital signatures provide reliable proof of identity and data integrity.
  • They are much harder to forge than handwritten signatures.

Wide real-world use

  • They are used in email security, online contracts, banking transactions, software updates, government portals, and document management systems.
  • For example, software vendors sign updates so users can confirm the file is authentic and not malware.

Efficiency and legal acceptance

  • They are fast to verify, easy to store digitally, and can support paperless workflows.
  • In many countries, digital signatures are legally recognized when used under proper rules and certificate systems.

Additional applications include:

  • secure email systems such as S/MIME,
  • code signing for operating systems and apps,
  • e-governance and identity verification,
  • blockchain and cryptocurrency transaction authentication,
  • healthcare record protection.

Summary

  • Digital signatures are cryptographic tools used to prove who sent digital data and to detect tampering.
  • They work using a private key for signing and a public key for verification.
  • Their main purpose is to provide a secure, trustworthy, and legally useful way to sign electronic information.
  • Important terms to remember: private key, public key, hash function, message digest, verification, authenticity, integrity, non-repudiation.
← Prev: CCA -secure Public-key Hybrid Ciphers Based on Diffie-Hellman Problems and RSAassumption
Next: Overview of TLS/SSL →