Digital signature
A digital signature or digital signature scheme is a type of asymmetric cryptography. For messages sent through an insecure channel, a good implementation of digital signature algorithm is one that makes the receiver believe that the message was sent by the claimed sender, and trust the message.
Digital signatures are equivalent to traditional handwritten signatures in many respects; properly implemented digital signatures are more difficult to copy than the handwritten type. Digital signature are implemented using cryptography. Digital signatures can also provide acknowledgement, meaning that the signer cannot successfully claim they did not sign a message, while also claiming their private key remains secret. Digital signatures are regularly used in USA, European countries and India in government as well as private offices. In India certificate called Digital Signing Certificate (DSC) is widely used for e-filing the business related documents and income tax return filing etc.[1]
Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that holds a meaning of a signature,[2] but not all electronic signatures use digital signatures.[3][4][5] In some countries, including the United States, and in the European Union, electronic signatures may have legal significance. Electronic signatures are not accepted in India, but digital signatures are.
Digital signatures scheme
changeA digital signature system typically consists of two algorithms:
- A signing algorithm which inputs a message and a private key to output a signature.
- A signature verifying algorithm which given a message, public key and a signature, decides either to accept or reject.
Two main properties are required by the digital signature system:
- A signature generated from a fixed message and fixed private key should verify on that message and the corresponding public key.
- It should be computationally infeasible to generate a valid signature for a person who does not own the private key.
Digital signature security and attacks
changeThe GMR signature scheme:
In 1984, Shafi Goldwasser, Silvio Micali, and Ronald Rivest became the first to strictly define the security requirements of digital signature schemes.[6] They described a hierarchy of attack models for signature schemes, they also present the GMR signature scheme. GMR scheme was proven to be secure against adaptive chosen-message attacks — even when an attacker receives signatures for messages of his choice, this does not allow him to copy a signature for a single additional message.[6]
In their foundational paper, Goldwasser, Micali, and Rivest lay out a hierarchy of attack models against digital signatures:[6]
- In a key-only attack, the attacker is only given the public verification key.
- In a known message attack, the attacker is given valid signatures for a variety of messages known by the attacker but not chosen by the attacker.
- In an adaptive chosen message attack, the attacker first learns signatures on arbitrary messages of the attacker's choice.
They also describe a hierarchy of attack results:[6]
- A total break results in the recovery of the signing key.
- A universal forgery attack results in the ability to forge signatures for any message.
- A selective forgery attack results in a signature on a message of the adversary's choice.
- An existential forgery merely results in some valid message/signature pair not already known to the adversary.
The strongest notion of security, therefore, is security against existential forgery under an adaptive chosen message attack.
Related pages
changeReferences
change- ↑ "Digital Signing Certificate- SSL Retail". Retrieved 2018-07-15.
- ↑ US ESIGN Act of 2000
- ↑ "The University of Virginia". Archived from the original on 2009-03-02. Retrieved 2008-10-22.
- ↑ "State of WI". Archived from the original on 2006-09-25. Retrieved 2008-10-22.
- ↑ "National Archives of Australia". Archived from the original on 2006-07-12. Retrieved 2008-10-22.
- ↑ 6.0 6.1 6.2 6.3 "A digital signature scheme secure against adaptive chosen-message attacks.", Shafi Goldwasser, Silvio Micali, and Ronald Rivest. SIAM Journal on Computing, 17(2):281-308, Apr. 1988.
Other websites
change- Introduction to cryptography Archived 2016-03-03 at the Wayback Machine from the PGP international website