Digital Signature

''Digital signature'' has also been used as a broader term encompassing both ''public-key digital signature'' techniques and Message Authentication Code s.

Digital signatures differ in some respects from their physical counterparts. The term '' and Telex addresses, as well as FAX transmission of handwritten signatures on a paper document.

USES

There are three common reasons for applying a digital signature to communications:

Authenticity

Public-key cryptosystems allow anybody to encrypt a message using their private key. More typically, the message will be sent in plaintext, with the encryption of a shorter Hash appended. By decrypting the hash with the sender's public key, and checking the result against the plaintext, the recipient can confirm that the encryption was done with the sender's private key. This signature allows the recipient to be confident that the sender is indeed who they claim to be. Of course the recipient cannot be 100% ''sure'' that the sender is indeed who they claim to be - the recipient can only be ''confident'' - since the cryptosystem may have been broken.

The importance of authenticity is especially obvious in a financial context. For example, suppose a bank sends instructions from its branch offices to the central office in the form ''(a,b)'' where ''a'' is the account number and ''b'' is the amount to be credited to the account. A devious customer may deposit £100, observe the resulting transmission and repeatedly retransmit ''(a,b)''. This is known as a '' Replay Attack ''.

Integrity

Both parties will always wish to be confident that a message has not been altered during transmission. The encryption makes it difficult for a third party to ''read'' a message, but that third party may still be able to ''alter'' it in a useful way. A popular example to illustrate this is the ''homomorphism attack'': consider the same bank as above which sends instructions from its branch offices to the central office in the form ''(a,b)'' where ''a'' is the account number and ''b'' is the amount to be credited to the account. A devious customer may deposit £100, intercept the resulting transmission and then transmit ''(a,b³)'' to become an instant millionaire.

Non-repudiation

In a cryptographic context, the word ''repudiation'' refers to the act of denying association with a message (ie claiming it was sent by a third party). The recipient of a message may insist that the sender attach a signature in order to prevent any later repudiation, since the recipient may show the message to a third party to prove its origin. The loss of control of the private key means that all digitally signed communications can still be repudiated.

IMPLEMENTATION

Digital signature schemes rely on Public-key Cryptography . In public-key cryptography, each user has a pair of keys: one public and one private. The public key is distributed freely, but the private key is kept secret and confidential; another requirement is that it should be infeasible to derive the private key from the public key.

A general digital signature scheme consists of three algorithms:

A key generation algorithm

A signing algorithm

A verification algorithm

For example, consider the situation in which Bob sends a message to Alice and wants to be able to prove it came from him. Bob sends his message to Alice and attaches a digital signature. The digital signature is generated using Bob's private key, and takes the form of a simple numerical value (normally represented as a string of binary digits). On receipt, Alice can then check whether the message really came from Bob by running the verification algorithm on the message together with the signature and Bob's public key. If they match, then Alice can be confident that the message really was from Bob, because the signing algorithm is designed so that it is very difficult to forge a signature to match a given message (unless one has knowledge of the private key, which Bob has kept secret).

More usually, for efficiency reasons, Bob first applies a Cryptographic Hash Function to the message before signing. This makes the signature much shorter and thus saves time since hashing is generally much faster than signing in implementations. However, if the message digest algorithm is insecure (for example, if it is possible to generate Hash Collision s), then it might be feasible to forge digital signatures.

SOME DIGITAL SIGNATURE ALGORITHMS

Full Domain Hash , RSA-PSS etc., based on RSA

ECDSA

ElGamal Signature Scheme

Undeniable Signature

SHA (typically SHA-1) with RSA

THE CURRENT STATE OF USE &MDASH; LEGAL AND PRACTICAL

Digital signature schemes all have several prior requirements without which no such signature can mean anything, whatever the cryptographic theory or legal provision.

First, quality algorithms. Some public-key algorithms are known to be insecure, practicable attacks against them having been identified.

Second, quality implementations. An implementation of a good algorithm (or Protocol ) with mistake(s) will not work.

Third, the private key must remain actually secret; if it becomes known to some other party, that party can produce ''perfect'' digital signatures of anything whatsoever.

Fourth, distribution of public keys must be done in such a way that the public key claimed to belong to Bob actually belongs to Bob, and vice versa. This is commonly done using a Public Key Infrastructure and the public key $\leftrightarrow$ user association is attested by the operator of the PKI (called a Certificate Authority ). For 'open' PKIs in which anyone can request such an attestation (universally embodied in an Identity Certificate ), the possibility of mistake is non trivial. Commercial PKI operators have suffered several publicly known problems. Such mistakes could lead to falsely signed, and thus wrongly attributed, documents.

Fifth, users (and their software) must carry out the signature protocol properly.

Only if all of these conditions are met will a digital signature actually be evidence of who sent the message.

Legislatures, being importuned by businesses expecting to profit from operating a PKI, or by the technological avant-garde advocating new solutions to old problems, have enacted statutes and/or regulations in many jurisdictions authorizing, endorsing, encouraging, or permitting digital signatures and providing for (or limiting) their legal effect. The first appears to have been in Utah , followed closely by Massachusetts and California . Assorted non-US countries have also passed statutes or issued regulations in this area as well and the UN has had an active model law project for some time. These enactments (or proposed enactments) vary from place to place, have typically embodied expectations at variance (optimistically or pessimistically) with the state of the underlying Cryptographic Engineering , and have had the net effect of confusing potential users and specifiers, nearly all of whom are not cryptographically knowledgeable. Adoption of technical standards for digital signatures have lagged behind much of the legislation, delaying a more or less unified engineering position on Interoperability , Algorithm choice, Key Length s, etc and so on what the engineering is attempting to provide.

See also

LEGAL ASPECTS

Legislation concerning the effect and validity of digital signatures includes:

China

Electronic Signature Law of the People's Republic of China (Chinese) - The stated purposes include standardizing the conduct of electronic signatures, confirming the legal validity of electronic signatures and safeguarding the legal interests of parties involved in such matters.

Brazil

Medida provisória 2.200-2 (portuguese) - Brazilian law states that any digital document is valid for the law if it is certified by ICP-Brasil (the official brazilian PKI) or if it is certified by other PKI and the concerns parties agree with the validity of the document.

European Union and the European Economic Area

European Union Directive establishing the framework for electronic signatures:

--- Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures.

--- Commission Decision 2003/511/EC adopting three CEN Workshop Agreements as technical standards presumed to be in accordance with the Directive

Implementing laws: Several countries have already implemented the Directive 1999/93/EC.

--- Austria

-- Signature Law, 2000

--- England, Scotland and Wales

-- Electronic Communications Act, 2000

--- Germany

-- Signature Law, 2001

--- Lithuania

-- Law on electronic signature, 2002

--- Norway

-- Electronic Signature Act, 2001 (in Norwegian).

--- Spain

-- Ley 59/2003 , de 19 de diciembre, de firma electrónica (in Spanish) .

--- Sweden

-- Qualified Electronic Signatures Act (SFS 2000:832) (in Swedish) .

-- SFS 2000:832 in english translation

India

Information Technology Act, 2000

New Zealand

Electronic Transactions Act, 2003 sections 22-24

United Nations Commission on International Trade Law

UNCITRAL Model Law on Electronic Signatures (2001), a strong influence in the field.

United States

Uniform Electronic Transactions Act (UETA)

Electronic Signatures In Global And National Commerce Act (E-SIGN), at 15 U.S.C. 7001 et seq.

Switzerland

Federal Law on Certification Services Concerning the Electronic Signature, 2003

Uruguay

Uruguay laws include both, electronic and digital signatures:

Concerning passwords or adequate information technology gestures

Concerning electronic and digital signature and PKI

LEGAL CASES

Court decisions discussing the effect and validity of digital signatures or digital signature-related legislation:

'' In Re Piranha, Inc. ,'' 2003 WL 21468504 (N.D. Tex) ( UETA does not preclude a person from contesting that he executed, adopted, or authorized an electronic signature that is purportedly his).

'' does not apply retroactively to contracts formed before it took effect in 2000 . Nevertheless, the Statute Of Frauds was satisfied by the text of E-mail plus an (apparently) written notation.)

'' Sea-Land Service, Inc. V. Lozen International ,'' 285 F.3d 808 (9th Cir., 2002) {Link without Title} (Internal corporate E-mail with signature block, forwarded to a third party by another employee, was admissible over hearsay objection as a party-admission, where the statement was apparently within the scope of the author's and forwarder's employment.)

EXTERNAL LINKS

An introduction to Digital Signatures

	CATEGORIES ABOUT DIGITAL SIGNATURE

	cryptography

	asymmetric-key cryptosystems

	electronic documents

	key management

	APPAREL
	BABY
	BEAUTY
	BOOKS
	CAR TOYS
	CELL PHONES
	DVD'S
	ELECTRONICS
	GOURMET FOOD
	GROCERIES
	HEALTH & PERSONAL
	HOME & GARDEN
	JEWELRY
	MUSIC
	MUSIC INSTRUMENTS
	OFFICE PRODUCTS
	SOFTWARE
	SPORTING GOODS
	TOOLS & HARDWARE
	TOYS
	VIDEO GAMES
	SHOPPING HOME

	MORE SHOPPING...

Information About

Digital Signature