Digital signature

From Free net encyclopedia

Digital signature (or public-key digital signature) is an encryption scheme for authenticating digital information that should not be confused with ordinary physical signatures on paper or with an electronic signature, but implemented using techniques from the field of public-key cryptography. A digital signature method generally defines two complementary algorithms, one for signing and the other for verification, and the output of the signing process is also called a digital signature.

Digital signature has also been used as a broader term encompassing both public-key digital signature techniques and message authentication codes.

Digital signatures differ in some respects from their physical counterparts. The term electronic signature, although sometimes used for the same thing, has a distinct meaning in common law: it refers to any of several, not necessarily cryptographic, mechanisms for identifying the originator of an electronic message. Electronic signatures have included cable and Telex addresses, as well as FAX transmission of handwritten signatures on a paper document.

Contents 1 Uses 1.1 Authenticity 1.2 Integrity 1.3 Non-repudiation 2 Implementation 3 Some digital signature algorithms 4 The current state of use — legal and practical 5 Legal aspects 5.1 China 5.2 Brazil 5.3 European Union and the European Economic Area 5.4 India 5.5 New Zealand 5.6 United Nations Commission on International Trade Law 5.7 United States 5.8 Switzerland 5.9 Uruguay 6 Legal cases 7 External links

Uses

There are three common reasons for applying a digital signature to communications:

Authenticity

Public-key cryptosystems allow anybody to encrypt a message using their private key. More typically, the message will be sent in plaintext, with the encryption of a shorter hash appended. By decrypting the hash with the sender's public key, and checking the result against the plaintext, the recipient can confirm that the encryption was done with the sender's private key. This signature allows the recipient to be confident that the sender is indeed who they claim to be. Of course the recipient cannot be 100% sure that the sender is indeed who they claim to be - the recipient can only be confident - since the cryptosystem may have been broken.

The importance of authenticity is especially obvious in a financial context. For example, suppose a bank sends instructions from its branch offices to the central office in the form (a,b) where a is the account number and b is the amount to be credited to the account. A devious customer may deposit £100, observe the resulting transmission and repeatedly retransmit (a,b). This is known as a replay attack.

Integrity

Both parties will always wish to be confident that a message has not been altered during transmission. The encryption makes it difficult for a third party to read a message, but that third party may still be able to alter it in a useful way. A popular example to illustrate this is the homomorphism attack: consider the same bank as above which sends instructions from its branch offices to the central office in the form (a,b) where a is the account number and b is the amount to be credited to the account. A devious customer may deposit £100, intercept the resulting transmission and then transmit (a,b³) to become an instant millionaire.

Non-repudiation

In a cryptographic context, the word repudiation refers to the act of denying association with a message (ie claiming it was sent by a third party). The recipient of a message may insist that the sender attach a signature in order to prevent any later repudiation, since the recipient may show the message to a third party to prove its origin. The loss of control of the private key means that all digitally signed communications can still be repudiated.

Implementation

Digital signature schemes rely on public-key cryptography. In public-key cryptography, each user has a pair of keys: one public and one private. The public key is distributed freely, but the private key is kept secret and confidential; another requirement is that it should be infeasible to derive the private key from the public key.

A general digital signature scheme consists of three algorithms:

• A key generation algorithm
• A signing algorithm
• A verification algorithm

For example, consider the situation in which Bob sends a message to Alice and wants to be able to prove it came from him. Bob sends his message to Alice and attaches a digital signature. The digital signature is generated using Bob's private key, and takes the form of a simple numerical value (normally represented as a string of binary digits). On receipt, Alice can then check whether the message really came from Bob by running the verification algorithm on the message together with the signature and Bob's public key. If they match, then Alice can be confident that the message really was from Bob, because the signing algorithm is designed so that it is very difficult to forge a signature to match a given message (unless one has knowledge of the private key, which Bob has kept secret).

More usually, for efficiency reasons, Bob first applies a cryptographic hash function to the message before signing. This makes the signature much shorter and thus saves time since hashing is generally much faster than signing in implementations. However, if the message digest algorithm is insecure (for example, if it is possible to generate hash collisions), then it might be feasible to forge digital signatures.

Some digital signature algorithms

• Full Domain Hash, RSA-PSS etc., based on RSA
• DSA
• ECDSA
• ElGamal signature scheme
• Undeniable signature
• SHA (typically SHA-1) with RSA

The current state of use — legal and practical

Digital signature schemes all have several prior requirements without which no such signature can mean anything, whatever the cryptographic theory or legal provision.

• First, quality algorithms. Some public-key algorithms are known to be insecure, practicable attacks against them having been identified.
• Second, quality implementations. An implementation of a good algorithm (or protocol) with mistake(s) will not work.
• Third, the private key must remain actually secret; if it becomes known to some other party, that party can produce perfect digital signatures of anything whatsoever.
• Fourth, distribution of public keys must be done in such a way that the public key claimed to belong to Bob actually belongs to Bob, and vice versa. This is commonly done using a public key infrastructure and the public key<math>\leftrightarrow</math>user association is attested by the operator of the PKI (called a certificate authority). For 'open' PKIs in which anyone can request such an attestation (universally embodied in an identity certificate), the possibility of mistake is non trivial. Commercial PKI operators have suffered several publicly known problems. Such mistakes could lead to falsely signed, and thus wrongly attributed, documents.
• Fifth, users (and their software) must carry out the signature protocol properly.

Only if all of these conditions are met will a digital signature actually be evidence of who sent the message.

Legislatures, being importuned by businesses expecting to profit from operating a PKI, or by the technological avant-garde advocating new solutions to old problems, have enacted statutes and/or regulations in many jurisdictions authorizing, endorsing, encouraging, or permitting digital signatures and providing for (or limiting) their legal effect. The first appears to have been in Utah, followed closely by Massachusetts and California. Assorted non-US countries have also passed statutes or issued regulations in this area as well and the UN has had an active model law project for some time. These enactments (or proposed enactments) vary from place to place, have typically embodied expectations at variance (optimistically or pessimistically) with the state of the underlying cryptographic engineering, and have had the net effect of confusing potential users and specifiers, nearly all of whom are not cryptographically knowledgeable. Adoption of technical standards for digital signatures have lagged behind much of the legislation, delaying a more or less unified engineering position on interoperability, algorithm choice, key lengths, etc and so on what the engineering is attempting to provide.

See also: ABA digital signature guidelines

Legal aspects

Legislation concerning the effect and validity of digital signatures includes:

China

• Electronic Signature Law of the People's Republic of China (Chinese) - The stated purposes include standardizing the conduct of electronic signatures, confirming the legal validity of electronic signatures and safeguarding the legal interests of parties involved in such matters.

Brazil

• Medida provisória 2.200-2 (portuguese) - Brazilian law states that any digital document is valid for the law if it is certified by ICP-Brasil (the official brazilian PKI) or if it is certified by other PKI and the concerns parties agree with the validity of the document.

European Union and the European Economic Area

• European Union Directive establishing the framework for electronic signatures:
  • Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures.
  • Commission Decision 2003/511/EC adopting three CEN Workshop Agreements as technical standards presumed to be in accordance with the Directive
• Implementing laws: Several countries have already implemented the Directive 1999/93/EC.
  • Austria
    • Signature Law, 2000
  • England, Scotland and Wales
    • Electronic Communications Act, 2000
  • Germany
    • Signature Law, 2001
  • Lithuania
    • Law on electronic signature, 2002
  • Norway
    • Electronic Signature Act, 2001 (in Norwegian).
  • Spain
    • Ley 59/2003 , de 19 de diciembre, de firma electrónica (in Spanish).
  • Sweden
    • Qualified Electronic Signatures Act (SFS 2000:832) (in Swedish).
    • SFS 2000:832 in english translation

India

• Information Technology Act, 2000

New Zealand

• Electronic Transactions Act, 2003 sections 22-24

United Nations Commission on International Trade Law

• UNCITRAL Model Law on Electronic Signatures (2001), a strong influence in the field.

United States

• Uniform Electronic Transactions Act (UETA)
• Electronic Signatures in Global and National Commerce Act (E-SIGN), at 15 U.S.C. 7001 et seq.

Switzerland

• Federal Law on Certification Services Concerning the Electronic Signature, 2003

Uruguay

Uruguay laws include both, electronic and digital signatures:

• Concerning passwords or adequate information technology gestures
• Concerning electronic and digital signature and PKI

Legal cases

Court decisions discussing the effect and validity of digital signatures or digital signature-related legislation:

• In re Piranha, Inc., 2003 WL 21468504 (N.D. Tex) (UETA does not preclude a person from contesting that he executed, adopted, or authorized an electronic signature that is purportedly his).
• Cloud Corp. v. Hasbro, 314 F.3d 289 (7th Cir., 2002)[1] (E-SIGN does not apply retroactively to contracts formed before it took effect in 2000. Nevertheless, the statute of frauds was satisfied by the text of E-mails plus an (apparently) written notation.)
• Sea-Land Service, Inc. v. Lozen International, 285 F.3d 808 (9th Cir., 2002) [2] (Internal corporate E-mail with signature block, forwarded to a third party by another employee, was admissible over hearsay objection as a party-admission, where the statement was apparently within the scope of the author's and forwarder's employment.)

External links

• An introduction to Digital Signatures

Template:Public-key cryptographycs:Elektronický podpis da:Digital signatur de:Elektronische Signatur et:Digitaalallkiri fr:Signature numérique it:Firma digitale he:חתימה אלקטרונית nl:Digitale handtekening pl:Podpis cyfrowy pt:Assinatura digital ru:Электронная цифровая подпись fi:Digitaalinen allekirjoitus uk:Електронно-цифровий підпис zh:数字签名