Digital signatures are the public-key primitives of message authentication. In the physical world, it is common to use handwritten signatures on handwritten or typed messages. They are used to bind signatory to the message. A digital signature is a technique that binds a person/entity to the digital data. This binding can be independently verified by receiver as well as any third party.
Digital signature is a cryptographic value that is
calculated from the data and a secret key known only by the signer.
The model of digital signature scheme is depicted in
the following illustration –
The following points explain the entire process in
detail −
- Each
person adopting this scheme has a public-private key pair.
- Generally,
the key pairs used for encryption/decryption and signing/verifying are
different. The private key used for signing is referred to as the
signature key and the public key as the verification key.
- Signer
feeds data to the hash function and generates hash of data.
- Hash
value and signature key are then fed to the signature algorithm which
produces the digital signature on given hash. Signature is appended to the
data and then both are sent to the verifier.
- Verifier
feeds the digital signature and the verification key into the verification
algorithm. The verification algorithm gives some value as output.
- Verifier
also runs same hash function on received data to generate hash value.
- For
verification, this hash value and output of verification algorithm are
compared. Based on the comparison result, verifier decides whether the
digital signature is valid.
- Since
digital signature is created by ‘private’ key of signer and no one else
can have this key; the signer cannot repudiate signing the data in future.
It should be noticed that instead of signing data
directly by signing algorithm, usually a hash of data is created. Since the
hash of data is a unique representation of data, it is sufficient to sign the hash
in place of data. The most important reason of using hash instead of data
directly for signing is efficiency of the scheme.
Importance of Digital Signature
Out of all
cryptographic primitives, the digital signature using public key cryptography
is considered as very important and useful tool to achieve information
security.
Apart from ability to
provide non-repudiation of message, the digital signature also provides message
authentication and data integrity.
- Message authentication −
When the verifier validates the digital signature using public key of a
sender, he is assured that signature has been created only by sender who
possess the corresponding secret private key and no one else.
- Data Integrity −
In case an attacker has access to the data and modifies it, the digital
signature verification at receiver end fails. The hash of modified data
and the output provided by the verification algorithm will not match.
Hence, receiver can safely deny the message assuming that data integrity
has been breached.
- Non-repudiation −
Since it is assumed that only the signer has the knowledge of the
signature key, he can only create unique signature on a given data. Thus
the receiver can present data and the digital signature to a third party
as evidence if any dispute arises in the future.
By adding public-key
encryption to digital signature scheme, we can create a cryptosystem that can
provide the four essential elements of security namely − Privacy,
Authentication, Integrity, and Non-repudiation.
No comments:
Post a Comment