A digital signature is a cryptographic mechanism used to verify the authenticity and integrity of digital data. We may consider it as a digital version of the ordinary handwritten signatures, but with higher levels of complexity and security.
In simple terms, we may describe a digital signature as a code that is attached to a message or document. After generated, the code acts as proof that the message hasn’t been tampered with along its way from sender to receiver.
Public-key cryptography (PKC)
Public-key cryptography, or PKC, refers to a cryptographic system that makes use of a pair of keys: one public key and one private key. The two keys are mathematically related and can be used for both data encryption and digital signatures.
Other than that, the PKC scheme may also be applied in the generation of digital signatures. In essence, the process consists of hashing a message (or digital data) along with the signer’s private key. Next, the recipient of the message can check if the signature is valid by using the public key provided by the signer.
How digital signatures work
In the context of cryptocurrencies, a digital signature system often consists of three basic steps: hashing, signing, and verifying.
Hashing the data
However, hashing the data is not a must for producing a digital signature because one can use a private key to sign a message that wasn’t hashed at all. But for cryptocurrencies, the data is always hashed because dealing with fixed-length digests facilitates the whole process.
After the information is hashed, the sender of the message needs to sign it. This is the moment where public-key cryptography comes into play. There are several types of digital signature algorithms, each with its own particular mechanism. But essentially, the hashed message will be signed with a private key, and the receiver of the message can then check its validity by using the corresponding public key (provided by the signer).
Put in another way, if the private key is not included when the signature is generated, the receiver of the message won’t be able to use the corresponding public key to verify its validity. Both public and private keys are generated by the sender of the message, but only the public key is shared with the receiver.
It’s worth noting that digital signatures are directly related to the content of each message. So unlike handwritten signatures, that tend to be the same regardless of the message, each digitally signed message will have a different digital signature.
Let’s take an example to illustrate the whole process until the final step of verification. Imagine that Alice writes a message to Bob, hashes it, and then combines the hash value with her private key to generate a digital signature. The signature will work as a unique digital fingerprint of that particular message.
When Bob receives the message, he can check the validity of the digital signature by using the public key provided by Alice. This way, Bob can be sure that the signature was created by Alice because only she has the private key that corresponds to that public key (at least that’s what we expect).
So, it’s crucial for Alice to keep her private key in secret. If another person gets their hands on Alice’s private key, they can create digital signatures and pretend to be Alice. In the context of Bitcoin, this means someone could use Alice’s private key to move or spend her Bitcoins without her permission.
Why are digital signatures important?
Digital signatures are often used to achieve three results: data integrity, authentication, and non-repudiation.
- Data integrity. Bob can verify that Alice’s message wasn’t changed along its way. Any modification in the message would produce a completely different signature.
- Authenticity. As long as Alice’s private key is kept in secret, Bob can use her public key to confirm that the digital signatures were created by Alice and no one else.
- Non-repudiation. Once the signature has been generated, Alice won’t be able to deny having signed it in the future, unless her private key gets somehow compromised.
Digital signatures can be applied to various kinds of digital documents and certificates. As such, they have several applications. Some of the most common use cases include:
- Information Technology. To enhance the security of Internet communication systems.
- Finance. Digital signatures can be implemented to audits, expense reports, loan agreements, and much more.
- Legal. Digital signing of all sorts of business contracts and legal agreements, including governmental papers.
- Healthcare. Digital signatures can prevent fraud of prescriptions and medical records.
- Blockchain. Digital signature schemes ensure that only the rightful owners of the cryptocurrencies are able to sign a transaction to move the funds (as long as their private keys aren’t compromised).
The major challenges faced by digital signature schemes rely on at least three requirements:
- Algorithm. The quality of the algorithms used in a digital signature scheme is important. This includes the choice of reliable hash functions and cryptographic systems.
- Implementation. If the algorithms are good, but the implementation is not, the digital signature system will likely present flaws.
- Private Key. If the private keys get leaked or somehow compromised, the properties of authenticity and non-repudiation will be invalidated. For cryptocurrency users, losing a private key may result in significant financial losses.
Electronic signatures vs. digital signatures
Simply put, digital signatures relate to one particular kind of electronic signatures - which refer to any electronic method of signing documents and messages. Thus, all digital signatures are electronic signatures, but the opposite isn’t always true.
Hash functions and public-key cryptography are at the core of digital signature systems, which are now applied to a wide range of use cases. If properly implemented, digital signatures can increase security, ensure integrity, and facilitate the authentication of all kinds of digital data.
In the blockchain realm, digital signatures are used to sign and authorize cryptocurrency transactions. They are particularly important for Bitcoin because the signatures ensure that coins can only be spent by the individuals that possess the corresponding private keys.
Although we’ve been using both electronic and digital signatures for years, there is still a lot of room for growth. A great portion of today’s bureaucracy is still based on paperwork, but we will likely see more adoption of digital signature schemes as we migrate to a more digitalized system.