Digital signature

src: i.ytimg.com

The digital signature is a math scheme to present the authenticity of a digital message or document. A valid digital signature gives the recipient reason to believe that the message was made by a known sender (authentication), that the sender can not deny sending a message (non-repudiation), and that the message has not been changed in transit (integrity).

Digital signatures are the standard element of most cryptographic protocol protocols, and are commonly used for the distribution of software, financial transactions, contract management software, and in other cases where it is important to detect forgery or destruction.

Video Digital signature

Description

Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data carrying the intent of a signature, but not all electronic signatures use digital signatures. In some countries, including the United States, Algeria, Turkey, India, Brazil, Indonesia, Mexico, Saudi Arabia, Uruguay, Switzerland and EU countries, electronic signatures have legal significance.

Digital signatures use asymmetric cryptography. In many instances, they provide a validation and security layer for messages sent over an insecure channel: Implemented correctly, digital signatures give the recipient reason to believe that the message was sent by the claimed sender. Digital seals and signatures are equivalent to handwritten signatures and patterned stamps. Digital signatures are equivalent to traditional handwritten signatures in many ways, but correctly applied digital signatures are harder to forge than handwriting types. Digital signature schemes, in the sense used herein, are cryptographic based, and must be applied correctly to be effective. Digital signatures can also provide non-rejection, which means that signers can not successfully claim that they are not signing messages, while also claiming their private key is kept secret. Furthermore, some non-repudiation schemes offer time stamps for digital signatures, so even if the private key is exposed, the signature is valid. The digitally signed message can be anything as a string of bits: for example, including electronic mail, contracts, or messages sent through some other cryptographic protocols.

Maps Digital signature

Definitions

A digital signature scheme usually consists of 3 algorithms;

• key generation algorithm that selects a uniform private key uniformly from a set of possible private keys. The algorithm generates the corresponding private key and public key .
• The signing algorithm which, given the message and private key, generates a signature.
• The verification algorithm signature which, remembering messages, public key and signature, accepts or rejects the message claim for authenticity.

Two main properties are required. First, the authenticity of the signature generated from the fixed message and private key can still be verified by using the corresponding public key. Secondly, it should be computationally unfeasible to produce a valid signature for a party without knowing the party's private key. A digital signature is an authentication mechanism that allows the message maker to attach code that acts as a signature. The Digital Signature Algorithm (DSA), developed by the National Institute of Standards and Technology, is one of many examples of signing algorithms.

In the following discussion, 1 ⁿ refers to the unary number.

Formally, the digital signature scheme is triple of the probabilistic polynomial time algorithm, ( G , S , V ) , satisfy:

• G (key builder) generates a public key ( pk ), and related private key ( sk ), ⁿ , where n is a security parameter.
• S (signing) returns the tag, t , in the input: private key ( sk ),/i>).
• V (verified) the output accepted or denied at input: public key ( pk ), x ), and tags ( t ).

Untuk kebenaran, S dan V harus puas

Pr [( pk , sk ) <- G (1 ⁿ ), V ( pk , x , S ( sk , x )) = diterima ] = 1.

Skema tanda tangan digital aman jika untuk setiap waktu polinomial probabilistik probabilistik, A

Pr [( pk , sk ) <- G (1 ⁿ ), ( x , t ) <- A ^{S ( sk , Â ·)} ( pk , 1 ⁿ ), x ? Q , V ( pk , x , t ) = diterima ] & lt; negl ( n ),

where A ^{S ( sk , Ã, Â ·) S ( sk , Ã, Â ·), and Q created by A , which knows the public key, pk , and security parameters, n . Notice that we need the enemy can not directly query the string, x , at S .}

src: dzone.com

History

In 1976, Whitfield Diffie and Martin Hellman first described the idea of ​​a digital signature scheme, although they only suspect that such a scheme is based on functions that trap a one-way permutation. Soon afterwards, Ronald Rivest, Adi Shamir, and Len Adleman invented the RSA algorithm, which could be used to produce primitive digital signatures (though merely as proof- "plain" RSA signatures are insecure). The first widely-marketed software package to offer digital signatures is Lotus Notes 1.0, released in 1989, which uses the RSA algorithm.

Other digital signature schemes soon developed after RSA, the earliest signature of Lamport, Merkle's signature (also known as "Merkle tree" or simply "Hash trees"), and Rabin's signature.

In 1984, Shafi Goldwasser, Silvio Micali, and Ronald Rivest became the first to strictly define the security requirements of a digital signature scheme. They illustrate the hierarchy of attack models for signature schemes, and also present the first GMR signature schemes, which can be proven to prevent even existential forgery against selected message attacks which are the current accepted security definitions for the signature scheme. The first such scheme that is not built on the trapdoor function but rather the functional family with the required property is much weaker than the one-way permutation presented by Moni Naor and Moti Yung.

src: blog.mailfence.com

Method

A digital signature scheme (many) is based on RSA. To create a signature key, pair the RSA key containing the modulus, N , it is a product of two different randomly generated prime numbers, along with integers, e and < i> d , like that ea, d Ã,? Ã,1Ã, (modÃ,? ( N )), where? is the Euler-Euler function. The public key of the signature consists of N and e , and the secret key of the signer contains d .

To sign the message, m , the signer calculates the signature, "like that?" ^{d e} m (mod N ) To verify, ).

Some early signature schemes have a similar type: they involve the use of trapdoor permutations, such as RSA functions, or in the case of the Rabin signature scheme, modular composite modulo computing, N . A trap door permutation family is a family of permutations, defined by parameters, which are easy to calculate in the forward direction, but are difficult to calculate in the reverse direction without already knowing the private key ("trapdoor"). Trapdoor permutations can be used for digital signature schemes, where backward computations with secret keys are required for signing, and counting forward directions are used to verify signatures.

Used directly, this type of signature scheme is vulnerable to a key existential forgery attack only. To create forgery, the attacker picks up random marks? and use the verification procedure to define the message, m , according to the signature. In practice, however, this type of signature is not used directly, but rather, the message to be signed is first characterized to produce a short digest, which is then superimposed onto a larger width equal to N , then signed with reverse trapdoor function. This counterfeit attack, then, produces only the output of a soft hash function associated with, but not a message that leads to that value, which does not lead to attack. In the random oracle model, hash-and-sign (idealized version of practice where hash and padding combined have close to N possible output), this form of signature existentially can not be defeated, even against that selected -plaintext attack.

There are several reasons for signing a hash like this (or a digested message) rather than an entire document.

For efficiency

The signature will be much shorter and thus save time because hashing is generally much faster than going into practice.

For compatibility

Messages are usually a bit of a string, but some signature schemes operate on other domains (such as, in the case of RSA, modulo number composite number N ). The hash function can be used to convert arbitrary input into proper format.

For integrity

Without a hash function, the text "to be signed" may have to be split (separated) in blocks small enough for the signature scheme to act directly. However, the signed block receiver can not recognize if all blocks exist and are in the proper order.

src: blog.pandadoc.com

Understanding of security

In their basic papers, Goldwasser, Micali, and Rivest issued an attack model hierarchy of digital signatures:

1. In the only-button attack, the attacker is given a public verification key.
2. In a known message attack, an attacker is given a valid signature for various messages known to the attacker but not selected by the attacker.
3. In an attack of adaptive choice messages , the attacker first learned the signature on an arbitrary message from an attacker's choice.

They also describe the hierarchy of attacks:

1. Rest total results in recovery of key signing.
2. Universal counterfeiting attacks result in the ability to forge signatures for any message.
3. Selective counterfeiting attacks generate a signature on the opponent's preferred message.
4. The existential fraud only generates some valid message/sign pairs unknown to the enemy.

Therefore, the most powerful security idea is security against existential forgery under an adaptive choice messaging message.

src: i.ytimg.com

Digital signature app

As the organization moves away from paper documents with ink signatures or stamps of authenticity, digital signatures may provide additional assurance of proof against the origin, identity, and status of electronic documents and acknowledge approval and approval by information by signatories. The US Government Printing Office (GPO) publishes electronic versions of budget, public and private law, and congressional bills with digital signatures. Universities including Penn State, the University of Chicago, and Stanford publish electronic student transcripts with digital signatures.

Here are some common reasons for applying digital signatures to communications:

Authentication

Although messages often include information about the entity that sent the message, the information may be inaccurate. Digital signatures can be used to authenticate message sources. When the ownership of a digital signature secret key is bound to a specific user, a valid signature indicates that the message was sent by that user. The importance of high confidence in the authenticity of the sender is very clear in the financial context. For example, a bank branch office sends instructions to the headquarters requesting a change in the account balance. If the headquarters is not convinced that such a message is actually sent from an authorized source, acting on such a request could be a big mistake.

Integrity

In many scenarios, the sender and recipient of the message may have a need for confidence that the message has not been changed during transmission. Although encryption hides the message content, it is possible to change an encrypted message without understanding it. (Some encryption algorithms, known as unreachable, prevent this, but others do not.) However, if a message is digitally signed, any changes in the message after the signature cancel the signature. Additionally, there is no efficient way to modify messages and signatures to generate new messages with valid signatures, since these are still considered inaccessible to most cryptographic hash functions (see collision resistance).

Non-repudiation

Non-repudiation, or more specifically non-rejection of origin, is an important aspect of digital signatures. With this property, entities that have signed some information can not in the future decline after signing. Similarly, access to public keys alone does not allow fraudulent parties to forge valid signatures.

Note that this authentication, non-repudiation, etc. The property depends on the secret key not revoked before its use. Revocation of key-pair keys is a necessary capability, another leaked secret key will continue to involve the claimed key owner. Checking the revocation status requires an "online" check; for example, check the certificate revocation list or through the Online Certificate Status Protocol. Very roughly this is analogous to a vendor who accepts credit cards first checking online with credit card issuers to find out if a given card has been reported lost or stolen. Of course, with stolen key pairs, theft is often found only after the use of a secret key, for example, to sign a fake certificate for espionage purposes.

src: previews.123rf.com

Additional security measures

Placing a private key on a smart card

All public key/private key cryptosystems completely rely on keeping private key secrets. A private key can be stored on a user's computer, and protected by a local password, but this has two disadvantages:

• users can only sign documents on that particular computer
• the security of private keys depends entirely on computer security

A safer alternative is to store the private key on the smart card. Many smart cards are designed to withstand tamper (although some designs have been damaged, especially by Ross Anderson and his students). In a typical digital signature implementation, the calculated hash of the document is sent to the smart card, the CPU signing the hash using the private key stored from the user, and then returning the signed hash. Usually, the user must activate his smart card by entering a personal identification number or PIN code (thus providing two-factor authentication). It can be arranged that the private key never leaves the smart card, although this is not always implemented. If the smart card is stolen, the thief still needs a PIN code to generate a digital signature. This reduces the security of the scheme with the PIN system, although it still requires an attacker to have the card. A mitigation factor is a private key, if generated and stored on a smart card, usually considered difficult to copy, and assumed to exist in one copy. Thus, the loss of a smart card can be detected by the owner and the corresponding certificate may be revoked immediately. The private key protected by the software alone may be easier to copy, and such compromises are much more difficult to detect.

Using a smart card reader with a separate keyboard

Entering a PIN code to activate a smart card usually requires a numeric keypad. Some card readers have their own numeric keypad. This is safer than using a card reader integrated into the PC, and then entering the PIN using the computer's keyboard. The reader with a numeric keypad is meant to avoid the threat of intercepts in which the computer might run a tap register, potentially sacrificing the PIN code. Special card readers are also less prone to damage their software or hardware and are often EAL3 certified.

Other smart card design

The smart card design is an active field, and there is a smart card scheme that is intended to avoid these particular issues, although so far with little security evidence.

Using digital signatures with trusted applications only

One of the main differences between a digital signature and a written signature is that the user does not "see" what he or she signs. The user application presents the hashcode to be signed by a digital signing algorithm using a private key. An attacker who controls the user's PC can replace the user's application with a foreign substitute, which essentially replaces the user's communication with the user of the attacker. This can allow malicious apps to trick a user into signing any document by displaying the original user on the screen, but presenting the attacker's own own document to the signing app.

To protect against this scenario, the authentication system can be set between user applications (word processor, email client, etc.) and signing application. The general idea is to provide some means for user applications and signing applications to verify their respective integrity. For example, a signing application may require that all requests come from digitally signed binaries.

Using a network security module installed on the network

One of the major differences between cloud-based and locally-based signature services is risk. Many risk-averse companies, including governments, financial and medical institutions, and payment processors require safer standards, such as FIPS 140-2 level 3 and FIPS 201 certification, to ensure signatures are validated and secure.

WYSIWYS

Technically, digital signatures apply to bit strings, whereas humans and applications "believe" that they are signaling semantic interpretations of the bits. To be interpreted semantically, string bits must be transformed into meaningful forms for humans and applications, and this is done through a combination of hardware and software-based processes on a computer system. The problem is that the semantic interpretation of bits may change as a function of the process used to convert bits into semantic content. It is relatively easy to change the interpretation of digital documents by applying changes to computer systems where documents are being processed. From a semantic perspective, this creates uncertainty about what has actually been signed. WYSIWYS (What You See Is What You Are Entering) means the semantic interpretation of signed messages can not be changed. In particular this also means that messages should not contain hidden information unknown to the signer, and that can be revealed once the signature is applied. WYSIWYS is a necessary requirement for the validity of digital signatures, but these requirements are difficult to guarantee due to the increasing complexity of modern computer systems. The WYSIWYS term was coined by Peter Landrock and Torben Pedersen to illustrate some of the principles of providing secure and legally binding digital signatures for Pan-European projects.

Digital signature versus ink on paper signature

Ink signatures can be replicated from one document to another by copying images manually or digitally, but to have a credible copy of a signature that can withstand multiple checks is a significant manual or technical skill, and to produce a copy of an inked signature that refuses supervision professional is very difficult.

Digital signatures cryptographically bind electronic identities to electronic documents and digital signatures can not be copied to other documents. The paper contract sometimes has an ink block of ink on the last page, and the previous page can be changed after the signature is applied. Digital signatures can be applied to all documents, such as a digital signature on the last page will show a nuisance if the data on one page has been changed, but this can also be achieved by signing with ink and numbering all pages of the contract.

src: www.cmcs.co

Some digital signature algorithms

• RSA-based signature schemes, such as RSA-PSS
• DSA and ECDSA elliptic curve variants
• Digital Signature Edwards-curve algorithm and its Ed25519 variant.
• ElGamal's signature scheme as a precursor to DSA, and Schnorr signature variant and Pointcheval-Stern signature algorithm
• Rabin's signature algorithm
• Paired schemes like BLS
• Unassigned signature
• Combined signature ru - signature scheme that supports aggregation: Given n signature on message n from user n, it is possible to merge all these signatures into a single signature whose size is constant in number users. This single signature will convince the verifier that the user n did sign the original message n. The scheme by Mihir Bellare and Gregory Neven can be used with Bitcoin.
• Signatures with efficient protocols - are signature schemes that facilitate efficient cryptographic protocols such as proof of zero knowledge or secure computing.

src: i.ytimg.com

Current usage status - legal and practical

All digital signature schemes share the following basic prerequisites regardless of cryptographic theory or legal provisions:

1. Quality algorithm

   Some public key algorithms are known to be unsafe, since a practical attack against them has been found.

2. Quality implementation

   Implementation of a good algorithm (or protocol) with error (s) will not work.

3. Users (and their software) must implement the signature protocol correctly.

4. The private key must remain private

   If the private key is known by the other party, that party can produce any perfect digital signature.

5. The owner of the public key must be verifiable

   The public key associated with Bob actually comes from Bob. This is usually done using public key infrastructure (PKI) and public key <-> user associations attested by PKI operators (called certificate authorities). For an 'open' PKI where anyone can request such endorsement (universally embodied in identity certificates protected by cryptography), the likelihood of misstatement is not trivial. Commercial PKI operators have encountered some problems known to the public. Such errors can lead to false signing, and thus incorrectly attributed, documents. The 'closed' PKI system is more expensive, but less easily subverted in this way.

Only if all of these conditions are met, digital signatures really prove who sent the message, and therefore their approval of the content. The enactment of the law can not change this fact from the existing engineering possibilities, although some of them do not reflect this actuality.

The legislature, imported by businesses that expect profit from operating the PKI, or by avant-garde technology advocating new solutions to old problems, has enacted laws and/or regulations in many jurisdictions that authorize, authorize, encourage, or permit signatures digital and provides for (or limiting) its legal effects. The first seems to be in Utah in the United States, followed by the states of Massachusetts and California. Other countries have also passed laws or passed regulations in this field as well and the UN has had active model legal projects for some time. This enforcement (or proposed submission) varies from place to place, usually containing different expectations (optimistically or pessimistically) with the underlying cryptographic engineering conditions, and has a net effect that confuses the user and potential specifiers, almost all of whom are cryptographically unknowable. The adoption of technical standards for digital signatures has lagged behind many laws, postponing engineering positions that are more or less integrated in interoperability, algorithm choices, key lengths, and so on which engineering attempts are provided.

src: www.etenderdsc.com

Industry standard

Some industries have established common interoperability standards for the use of digital signatures between industry members and with regulators. These include Automotive Network Exchange for the automotive industry and the SAFE-BioPharma Association for the health care industry.

Using separate key pairs for signing and encryption

Source of the article : Wikipedia