A digital signature is an encryption mechanism used to verify the authenticity and integrity of digital data. We may consider it a digital version of regular handwritten signatures but with higher levels of complexity and security.
In simple terms, we may describe a digital signature as a code attached to a message or document. After creation, the code serves as proof that the message has not been tampered with along the way from sender to recipient.
Although the concept of securing communications using cryptography dates back to ancient times, digital signature schemes became a possible reality in the 1970s thanks to the development of public key cryptography (PKC). So to know how digital signatures work we first need to understand the basics of hash functions and public key cryptography.
Hash Functions
Hashing is one of the basic elements of a digital signature system. The process of hashing involves converting data of any size into a fixed-size output. This is done by a special type of algorithm known as hash functions. The output generated by a hash function is known as the hash value or message digest.
When combined with cryptography so-called cryptographic hash functions can be used to create a hash value (digest) that acts as a unique digital fingerprint. This means that any change in the input data (message) may result in a completely different output (hash value). This is why cryptographic hash functions are widely used to verify the authenticity of digital data.
Public key cryptography (PKC)
Public key cryptography or PKC refers to a cryptosystem that uses a pair of keys: one public key and one private key. The two keys are mathematically related and can be used to encrypt data and digital signatures.
PKC as a cryptographic tool is considered more secure than primitive methods of symmetric encryption. While older systems relied on the same key to encrypt and decrypt information, PKC allows data to be encrypted using the public key and data decrypted using the corresponding private key.
Other than that, PKC system may also be applied in generating digital signatures. The process consists of hashing a message (or digital data) along with the private key of the signer after which the recipient of the message can verify whether the signature is valid using the public key provided by the signer.
In some situations digital signatures may include encryption but this is not always the case. For example, the Bitcoin blockchain uses PKC and digital signatures but there is no encryption in this process, contrary to what many people believe. Technically, Bitcoin deploys what is called the Elliptic Curve Digital Signature Algorithm (ECDSA) to authenticate transactions.
How digital signatures work
In the field of digital currencies, a digital signature system often consists of three basic steps: hashing, signing, and verification.
Data fragmentation
The first step is to hash the digital message or data. This is done by passing the data through a hashing algorithm so that a hash value (i.e. a message digest) is generated. As mentioned earlier, messages can vary greatly in size but when hashed all hash values have the same length. This is the basic property of the hash function.
However, hashing the data is not necessary to produce a digital signature because a private key can be used to sign a message that has never been hashed. But for cryptocurrencies, data is always hashed because dealing with fixed-length data makes the whole process easier.
the signature
After the information is hashed, the sender of the message needs to sign it. This is the moment where public key cryptography comes into play. There are several types of digital signature algorithms and each has its own mechanism by which it works. But basically the hash message is signed using a private key and the recipient of the message can then verify its validity using the symmetric public key (provided by the signer).
In other words, if the private key is not included when the signature is generated, the recipient of the message will not be able to use the symmetric public key to verify its authenticity. Both public and private keys are generated by the sender of the message but only the public key is shared with the receiver of the message.
It should be noted that digital signatures are directly linked to the content of each message. This is unlike handwritten signatures which tend to be the same regardless of the message, each digitally signed message will have a different digital signature.
Verification
Let's take an example to illustrate the whole process until the last step, which is verification. Imagine that Alice writes a message to Bob, hashes it, and then combines the hash value with her private key to create a digital signature. The signature will act as a unique digital fingerprint for that message.
When Bob receives the message, he can verify the authenticity of the digital signature using the public key that Alice provides. This way Bob can be sure that Alice created the signature because only she has the private key that matches this public key (at least that is what we expect). .
It is therefore important for Alice to keep the private key in a secret place so that if someone else gets their hands on Alice's private key, they can create digital signatures and pretend to be Alice (impersonate her). In the context of Bitcoin, this means that anyone can use Alice's private key to transfer or spend her bitcoins without her permission.
Why are digital signatures important?
Digital signatures are often used to achieve three outcomes: data integrity, authentication, and non-repudiation.
Data integrity. Bob can verify that Alice's message was not changed after it was sent since any modification to the message would result in a completely different signature.
Documentation. As long as Alice's private key is kept secure and confidential, Bob can use the public key to confirm that the digital signatures were created by Alice and not anyone else.
Non-denial. Once a signature is created, Alice will not be able to deny that signature in the future unless her private key is compromised.
Use cases
Digital signatures can be applied to different types of documents and digital certificates. As such it has many applications. Some of the most common use cases include:
information technology. To enhance the security of online communications systems.
Finance. Digital signatures can be used for audits, expense reports, loan agreements, and more.
legal. Digital signature for all types of commercial contracts and legal agreements including government papers.
health care. Digital signatures can prevent fraud in prescriptions and medical records.
Blockchain. Digital signature systems ensure that only legitimate owners of digital currencies are able to sign a transaction to transfer funds (as long as their private keys are not compromised).
Restrictions
The main challenges facing digital signatures depend on at least three requirements:
Algorithm. The quality of the algorithms used in digital signature systems is very important. This includes choosing reliable hash functions and cryptographic systems.
Implementation. If the algorithms are good but the implementation is not then the digital signature system likely has flaws.
Private key. If private keys are leaked or compromised in some way, certain properties such as non-repudiation and others will be invalidated. For digital currency users, losing the private key may result in significant financial losses.
Electronic signatures and digital signatures
Simply put, digital signatures relate to a specific type of electronic signature which refers to any electronic method of signing documents and messages. Therefore all digital signatures are electronic signatures but the opposite is not always true.
The main difference between them is the authentication method. Digital signatures use cryptographic systems such as hash functions, public key encryption, and encryption techniques.
Concluding thoughts
Hashing functions and public key cryptography are the core of digital signature systems and are now applied to a wide range of use cases. If implemented correctly, digital signatures can increase security, ensure integrity, and facilitate authentication of all types of digital data.
In the world of blockchain, digital signatures are used to sign and authorize cryptocurrency transactions. They are particularly important in Bitcoin because signatures ensure that coins can only be spent by individuals who possess the corresponding private keys.
Although we have been using both electronic and digital signatures for years, there is still a lot of room for growth. Much of today's bureaucracy still relies on paperwork, but we will likely see more adoption of digital signature systems as we move to a more digital system.
