Network Security - Digital Signature

1. What is a Digital Signature?

A digital signature is a cryptographic technique that allows a sender to sign a digital message or document to ensure:

  1. Authentication: Confirms the sender’s identity

  2. Integrity: Verifies that the message has not been altered

  3. Non-repudiation: The sender cannot deny sending the message

Digital signatures are the digital equivalent of handwritten signatures or stamped seals, but much more secure.

2. How Digital Signatures Work (Asymmetric Encryption)

Digital signatures usually use asymmetric key cryptography:

  1. Signing (by sender):

    • The sender computes a hash of the message using a hash function (like SHA-256).

    • The sender encrypts the hash with their private key → this becomes the digital signature.

  2. Verification (by receiver):

    • The receiver decrypts the digital signature using the sender’s public key → gets the original hash.

    • The receiver computes the hash of the received message.

    • If both hashes match → signature is valid, message is authentic and unchanged.

3. Example Workflow

  1. Alice wants to send a secure message to Bob.

  2. Alice computes hash(M) → H1

  3. Alice encrypts H1 with her private key → digital signature S

  4. Alice sends (M, S) to Bob

  5. Bob decrypts S using Alice’s public key → H1

  6. Bob computes hash(M) → H2

  7. If H1 = H2 → message is authentic

4. Algorithms for Digital Signatures

Algorithm Description Notes
RSA Encrypts hash with private key Widely used, secure if key is large enough
DSA (Digital Signature Algorithm) Standardized by NIST, uses modular arithmetic Efficient for signing, slower for verification
ECDSA (Elliptic Curve DSA) Based on elliptic curve cryptography Smaller keys, faster, used in mobile & blockchain

5. Applications of Digital Signatures

  • Secure email (e.g., PGP, S/MIME)

  • Software/code signing

  • Blockchain transactions

  • Financial and legal document verification

  • Authentication in secure protocols (SSL/TLS)