What is a digital signature in cryptography?

As an adult, you probably hate having to sign things. Think of all those pages and pages of documentation. Digital signatures came in to make life a little easier—verifying your identity at the click of a button or the tap of a screen. Fast forward a little more and you arrive at the topic at hand. Digital signatures in cryptography offer better security and therefore confidentiality than their ancestors.

Meant for the modern, digitally proficient user, cryptography-based electronic signatures do the same things as hand-crafted ones.

What are digital signatures?

Digital signatures, in cryptography, are basically the electronically encrypted counterpart of a physical signature. They are security functions used to tie an entity or a person to some piece of digital data. To put it simply, they act like a signature for messages.

Such digital signatures employ algorithms to verify the truthfulness and integrity of digital messages or documents while protecting sensitive key information.

In order to interact with a smart contract or send crypto to someone, you must create a digital signature. So such signatures are a key component of any blockchain. They help maintain data integrity by preventing malicious actors from impersonating you.

What is the Digital Signature Standard in cryptography?

So far we know that cryptography is used to create this type of modern-day digital signature and that it helps check the authenticity and integrity of data. Now let’s dive in further and understand the basic standards that guide its use.

The Digital Signature Standard (DSS) is a Federal Information Processing Standard (FIPS) from the US. It provides a list of algorithms that will help safely generate digital signatures. Under DSS, Secure Hash Algorithms (SHAs) are used for the authentication of electronic documents.

However, the standard only provides us with the digital signature function. It does not offer any encryption or key exchanging strategies.

How do digital signatures work in cryptography?

Public key encryption uses digital signatures to sign documents. So, to fully grasp the meaning of digital signatures, it may help to take a brief detour to understand this type of encryption.

Encryption here involves a public key and a private key. These keys help binds a signatory with the data. So, each signatory possesses a pair of keys: one private and one public.

The two keys used are essentially sets of numbers. While paired, they are not identical or symmetrical. This is how they differ in terms of their functions:

• Public keys represent the owner’s identity. It is like an email address.
• Private keys are the private counterpart of the public key. The bearer can use it to prove they own the public key. It is akin to a password.

The user needs at least one of these keys to encrypt a message, along with an algorithm. They could then use the other one for decryption. However, if you want to encrypt a private message, the public key is the one to use. In such a system, the digital signature is used to verify the identity of the sender and to check whether the message is intact.

Let’s take an example to understand this better. Suppose Anjali sends a message encrypted with her public key on the blockchain. The message is meant as a retort to her friend Rahul. Rahul has been saying that he bested her because girls can’t play basketball. Anjali is livid and wants to shout, “Rahul is a cheater!”

But Rahul’s daughter is around. Now Anjali wants Rahul to know that he only wins because he cheats. And she wants Rahul’s daughter to see that she’s not taking things lying down. However, she does not want to tarnish Rahul’s image in his daughter’s eyes. What can she do?

Anjali could send the message by creating a cryptographic digital signature. Doing so ensures that nobody can access see her message. But anyone with her public key can verify who signed off the message and that it is authentic.

Such encryption is thus used on blockchains because it helps transmit details of financial information confidentially while ensuring that one can still find out who made the transaction. The signature of the sender in a transaction is encrypted onto it.

Types of digital signatures in cryptography

There are many types of digital signatures in cryptography. Below are some of the most common ones.

ECDSA

Bitcoin uses the Elliptic Curve Digital Signature Algorithm (ECDSA). This type of algorithm creates signatures that are relatively small—65 bytes, to be precise. Such signatures can be verified in a few milliseconds.

However, ECDSA is prone to weak randomness—that is, generating a random number that is not cryptographically secure—which could lead to private key leakage and even fund theft. It also cannot efficiently compress and verify signatures together.

SCHNORR SIGNATURES

ECDSA’s potential replacement for the Bitcoin network is the Schnorr signature. This type of signature facilitates better scalability, efficiency, and privacy. Standard cryptographic assumptions (a discrete log) help protect the signature. No third party can alter it to create another valid standard assumption for the same key and message.

Schnorr signatures also provide linearity. That enables multiple parties to collaborate to produce a single signature valid for all public keys. Multi-signature transactions rely on these signatures.

BLS SIGNATURES

Ethereum used ECDSA pre-Merge, but not anymore. Since the new blockchain is much faster, it needed a much quicker signature scheme. This is where the Boneh-Lynn-Shacham or BLS signature comes into play. This could be the signature scheme used by ETH 2.0.

BLS signatures have two key properties:

• Users can club multiple signatures into a single signature while maintaining a constant size. These signatures are bigger in size as compared to ECDSA (96 bytes instead of 65 bytes). But they don’t require much space dedicated purely to signatures in the blocks.
• The amount of time needed to verify signatures for one message stays the same, irrespective of the number of signatures involved in it. For instance, verifying a thousand signatures on message X would take the same time as X if it had only one signature.

The role of cryptography-based digital signatures in network security

Cryptographic digital signatures play three key roles in network security:

• Message authentication: With the use of a public key, a receiver can easily validate who the owner of the digital signature is.
• Data integrity: In the case of a hack, if an attacker acquires access to the data and modifies it, the digital signature verification at the receiver end will fail. When this happens the corresponding hash of modified data and the output provided by the verification algorithm will not match. This ensures that the receiver will know when to reject the message, preserving data integrity.
• Non-repudiation: In cases of conflict, the receiver could present the data with the digital signature to a third party as evidence.

Conclusion

Unlike physical signatures, a bystander cannot actually see or copy your cryptography-based digital signature. However, needless to say, you should know and remember how to use them.

A big part of using it well is to always remember to sign your messages with the private key that corresponds to the public key you are using. And, of course, make sure to keep your private keys safe and private. This will ensure that only you can read and verify the signature.

You should also back up your database regularly in case of an accident or theft.

Lastly, as with all other passwords, pick a strong one for your cryptographic signing keys. That means, never reuse passwords or pick easily guessable ones.

FAQs