Digital signatures are the digital version of handwritten signatures on paper documents. The goal of both kind of signatures is to provide authenticity and to grant that a document or set of data has not been altered on its way from the sender to the recipient (integrity). Digital signatures provide these security measures by using asymmetric cryptography. In contrast to handwritten signatures, that are always the same, digital signatures are unique and differ according to the message that is transmitted.
The main components of digital signatures are hash functions. By using specific algorithms they transform data of any kind and size into a fixed output size. This process is called hashing. As already mentioned they transform arbitrary sized data and transform them into a fix-sized output. These output values are called hashes. Sometimes they are also referred to as hash values, hash codes or digests.
Combining hash functions with cryptography leads to unique digital signatures. Cryptographic hashing, as it is called. Changing the slightest aspect of a message would result in a totally different hash value.
In general we distinguish symmetrical and asymmetrical cryptography schemes. As asymmetrical cryptography is the wider used and more secure way to encrypt messages we will take a closer look at that one.
Asymmetric cryptography, also known as public key cryptography (PKC), uses pairs of keys to encrypt and decrypt messages. Thereby public and private keys are created. As their names already tell, the private key should be kept secure and private while the public key can be spread publicly.
The two main use cases of asymmetric cryptography are digital signatures and the public key encryption. As the latter already suggests, public key encryption uses the public key of the sender to encrypt a message. The message can then only be decrypted by the recipient of the message if he or she is in possession of the corresponding private key. Digital signatures in contrast use the private key of the sender to encrypt the message. Here anybody with access to the corresponding public key is able to decrypt and read the message.
Functionality of digital signatures
In general the digital signature process consists of three main steps or algorithms: key generation, signing and verifying.
The key generation or hashing process runs an algorithm on the data that needs to be signed. The algorithm selects a uniform private key that is randomly chosen from a set of possible keys. The output consists of the private key and a corresponding public key.
The private key in addition with the message data is used as input for the signing algorithm. Both public and private key are provided by the sender of the message. If the public key is not provided in transmitted data the recipient won’t be able to decrypt it.
If the recipient has access to the public key he or she will not only be able to decrypt the message but will also be able to verify the authenticity of that message. The message will have to be encrypted by the senders private key. As he or she is the only one with that key (that’s what we assume) only the corresponding public key will be able to encrypt it.
Goals of digital signatures
- Data integrity makes sure the content of the message has not been altered on its way from sender to recipient
- Data authentication makes sure the recipient can make sure the message came from the sender and nobody else
- Non-repudiation makes it impossible for the sender to deny he or she sent this message
The quality of the hash function and cryptographic scheme is crucial for the security of the message. If poor or easy to decode hash functions or algorithms are used it’s easier for hackers to decrypt the message without having access to the corresponding key. Same goes for the implementation of those functions. Even if good algorithms are used, they also have to be implemented and used properly in order to secure the encryption and decryption of the message. The last challenge of digital signatures is the private key. If this key in not kept safe and gets compromised or leaks this can result in huge security issues. For cryptocurrency holders the loss of a private key can lead to big financial losses.