A digital signature is a cryptographic mechanism that is used to verify the authenticity and integrity of digital data. We can think of it as a digital version of regular handwritten signatures, but with a higher level of sophistication and security.
In simple terms, we can describe a digital signature as a code attached to a message or document. Once generated, it acts as proof that the message has not been tampered with along its journey from sender to recipient.
The concept of securing communication channels using cryptography dates back to ancient times, and digitally signed systems only emerged in the 1970s with the development of public key cryptography. For this reason, to learn how a digital signature works, we first need to understand the basics of hash functions and public key cryptography.
Hash functions
Hashing is one of the main elements of a digital signature system. The hashing process involves converting data of any size into an output of a specific format. This is done using a special type of algorithm, also known as hash functions. The output data generated by a hash function is called a hash or message digest.
When combined with cryptography, so-called cryptographic hash functions can be used to generate a hash (digest) that acts as a unique digital identifier. This means that any change in the input (message) results in a completely different output (hash). For this reason, cryptographic hash functions are a popular tool for verifying the authenticity of digital data.
Public Key Cryptography (PKC)
Public key cryptography or PKC (from the English Public-key cryptography) refers to a cryptographic system that uses a pair of public (public) and private (private) keys. The two mathematically related keys can be used to both encrypt data and create a digital signature.
As an encryption tool, PKC is more secure than its symmetric counterpart. While such legacy systems use the same key to encrypt and decrypt information, PKC allows you to encrypt data using a public key and decrypt it solely using the corresponding private key.
In addition, public key cryptography can be used to generate digital signatures. At its core, this process consists of hashing a message (or digital data) along with the signer's private key. The recipient of the message will then be able to verify the validity of the signature using the public key provided by the signer.
In some possible implementations, digital signatures may include encryption, meaning that this functionality does not work on an ongoing basis. For example, the Bitcoin blockchain also uses public key cryptography and digital signatures, but contrary to popular belief, there is no encryption in its processes. From a technical point of view, Bitcoin uses the so-called elliptic curve digital signature algorithm (ECDSA) to authenticate its transactions.
How a digital signature works
In the context of cryptocurrencies, a digital signature system often consists of three main stages: hashing, the signature process itself, and its verification.
Data Hashing
The first step is to hash the message or digital data. This is done by processing the information using a hashing algorithm to generate the hash itself (message digest). As mentioned earlier, messages can vary greatly in size, but once hashed, all hashes will be the same length. This is one of the most basic properties of a hash function.
However, hashing the data is not a requirement to create a digital signature, as a private key can be used to sign the message instead. But when it comes to cryptocurrencies, the data is always hashed, since working with fixed-length digests simplifies the entire information processing process.
Signature
Once the data has been hashed, the sender of the message must sign it, and this is where public key cryptography comes into play. There are several types of digital signature algorithms, each of which has its own unique mechanism. But the hashed message will in any case be signed with the private key, and the recipient can then verify its authenticity using the corresponding public key (provided by the signer).
In other words, if the private key is not included when creating the signature, the recipient of the message will not be able to use the corresponding public key to verify its validity. Since the public and private keys are generated by the sender of the message, only the public key is shared with the recipient.
It is worth noting that digital signatures are directly related to the content of each message. So, unlike handwritten signatures, which are generally the same regardless of the document's context, each digitally signed message will have a completely different digital signature ID.
Checking
Let's look at this with an example to better illustrate the entire process until the final step - content verification. Imagine that Alice writes a message to Bob, hashes it, and then combines the hash with her private key to create a digital signature. In this case, the signature acts as a unique digital identifier of this particular message.
When Bob receives the message, he can verify the digital signature using the public key provided by Alice. This way, Bob can verify that the signature was created by her, since she is the only one who owns the corresponding private key (at least it should be so).
For this reason, it is extremely important for Alice to keep her private key secret. If another person takes possession of her private key, he will be able to create digital signatures and carry out transactions on her behalf. In the context of the first cryptocurrency, this situation means that someone can move or spend Alice's Bitcoins without her permission.
Why are digital signatures important?
Basically, digital signatures are designed to achieve three outcomes: data integrity, authentication, and non-repudiation.
Data integrity. Bob can verify that Alice's message has not changed along the way. The consequence of any changes in the message will be the generation of a completely different signature.
Authentication. As long as Alice's private key is kept secret, Bob can use her public key to verify that the digital signatures were created by Alice and no one else.
Non-repudiation. Once the signature has been generated, Alice will not be able to deny her relationship to it in the future unless her private key has been compromised in some way.
Use Cases
Digital signatures can be applied to various types of digital documents and certificates. So they have several uses, some of the most common use cases include:
Information Technology. Improving the security of Internet communication systems.
Finance. Implementation in audits, expense reports, loan agreements and many other financial documents.
Legal issues. Use in all types of business contracts and legal agreements, including government documents.
Healthcare. Preventing prescription and medical record fraud.
Blockchain. The digital signature system ensures that only legitimate owners of the cryptocurrency can sign a transaction for further transfer of funds (unless the owner's private key has been compromised).
Flaws
The main problems this technology may encounter depend on at least three components:
Algorithm. The quality of the algorithms used to generate a digital signature is extremely important. This includes choosing strong hash functions and cryptographic systems.
Implementation. If the algorithms work correctly, and the integration of digital signature technology has not been entirely successful, the system will most likely have a certain number of shortcomings.
Private key. If private keys are leaked or compromised for some reason, the authentication and non-repudiation properties will be invalidated. For cryptocurrency users, losing their private key can result in significant financial losses.
Electronic signature vs digital
In simple terms, digital signatures refer to one specific type of electronic signature, as well as any method of electronically signing documents and messages. Thus, all digital signatures are a subtype of electronic ones, but in reverse order this expression will not always be correct.
The main difference between them is the authentication method. Digital signatures use cryptographic systems such as hash functions, public key cryptography, and encryption methods.
Conclusion
Hash functions and public key cryptography are the basis of digital signature systems, which are now suitable for a wide range of applications. When implemented correctly, digital signatures can improve security, ensure integrity, and facilitate authentication of all types of digital data.
In the field of blockchain technologies, digital signatures are used to authorize and sign cryptocurrency transactions. This technology is especially important when it comes to bitcoins, since signatures act as a guarantee that coins can only be spent by those who own the corresponding private keys.
Although we've been using both electronic and digital signatures for years, they still have room for improvement. Much of today's bureaucracy is still paper-based, but we are likely to see greater adoption of digital signatures as we move to more digital data processing systems.
