DEMYSTIFYING

DIGITAL SIGNATURES

BY MOHAMMED TAHA 22MCAR0033, MANISH KUMAR 22MCAROO37 AND RAKSHITH KR

22MCAR0046
 TABLE OF CONTENTS

01 INTRODUCTION TO DIGITAL SIGNATURE

02 DIFFERENCES BETWEEN DIGITAL AND CONVENTIONAL

03 DIGITAL SIGNATURE PROCESS

04 SERVICES PROVIDED BY DIGITAL SIGNATURES

05 ATTACKS ON DIGITAL SIGNATURES

06 DIGITAL SIGNATURE SCHEMES

 WHAT IS A SIGNATURE?
A person signs a document to show that it has originated or been approved by him/her.
A signature consists of two parts:
• the original signature itself
• its corresponding copy that is used for verification such as Passport, Bank
Applications
For example, when a customer signs a check, the bank needs to be sure that the cheque
is issued by that customer and nobody else. In this context, the original signature on the
check serves as proof of authorization, while the bank relies on the copy of the
signature for verification purposes
01
INTRODUCTION
 WHAT IS A DIGITAL SIGNATURE?

A digital signature is used in the context of electronic documents, emails, and

online transactions. Digital signatures serve the same basic purpose as traditional
signatures they confirm the identity of the sender and ensure the integrity of the
content, but they do so in a digital and cryptographic manner
 02
DIGITAL VS CONVENTIONAL
 DIFFERENCES BETWEEN DIGITAL AND CONVENTIONAL SIGNATURES
Conventional Signatures
 Signature is included and is a part of the document
 Signatures are authenticated by comparing the
signature on a document with a stored signature on
file
 Has a One to Many relationship, a person uses the
same sign for many documents
Digital Signatures
 The digital signature is sent as a separate
document. The sender sends 2 documents the
message and the signature
 Digital signatures do not require a stored copy of
the signature. The recipient applies a verification
technique to both the message and the received
signature to confirm authenticity.
 One to One relationship. Each message has its
own signature, signature of one message cannot be
reused in another
 03
DIGITAL SIGNATURE PROCESS
 DIGITAL SIGNATURE PROCESS

01 The sender uses a signing algorithm to sign the message

02 The message and the signature are sent to the receiver

The receiver receives the message and the signature and applies the
03 verifying algorithm to the combination

04 If the result is true, the message is accepted; otherwise, it is rejected.

 NEED FOR KEYS

A conventional signature is like a “private “key” belonging to the signer of the

document. The signer uses it to sign documents; no one else has this signature.

The copy of the signature is on file like a public key; anyone can use it to verify
a document, to compare it to the original signature
 SYMMETRIC ENCRYPTION

"Symmetric encryption employs a single shared key for both encryption and decryption,
ensuring confidentiality and security in data communication.”
Can we use a secret (symmetric) key for both signing and verification? NO!
 SYMMETRIC ENCRYPTION AND DIGITAL SIGNATURES

Lack of
2 entity key
Non repudiation

A secret key is known by only 2 entities. Bob could use the secret key between himself and
Alice, sign a document, send it to Ted, and pretend
For example Alice and Bob, if Alice wants to send a that it came from Alice.
message to Ted. She would have to create another key
 The Vicious Cycle
Alice and Bob need a shared secret key for their symmetric
encryption scheme. Verification
To ensure that they are using the correct key, Alice and Bob might
want to authenticate each other. This authentication could involve
verifying their identities through digital signatures
Key
Now, here's where the "vicious cycle" comes into play:
Authentication Requires Key: To authenticate each other, Alice
and Bob might need the shared symmetric key. They need to be
certain that the key they are using for encryption and decryption is Authentication
the right one. However, Since they haven’t created a key, how will
they authenticate
 04
SERVICES PROVIDED BY DIGITAL SIGNATURES
 SERVICES PROVIDED BY DIGITAL SIGNATURES
1) MESSAGE AUTHENTICATION
■ A secure digital signature scheme, like a
secure conventional signature (one that
cannot be easily copied) can provide
message authentication (also referred to as
data-origin authentication).
■ Bob can verify that the message is sent by
Alice because Alice’s public key is used in
verification
2) MESSAGE INTEGRITY
■ The digital signature schemes today use a hash
function in the signing and verifying algorithms
that preserve the integrity of the message
■ A hash function preserves the integrity of a
message by converting its content into a fixed-
length unique hash value. Any alteration to the
message, no matter how small, will result in a
significantly different hash value
3) Non Repudiation

If Alice signs a message and then denies it, can Bob later prove that Alice actually signed it? For
example, if Alice sends a message to a bank (Bob) and asks to transfer $10,000 from her account
to Ted’s account, can Alice later deny that she sent this message
With the scheme we have presented so far, Bob might have a problem. Bob must keep the
signature on file and later use Alice’s public key to create the original message to prove the
message in the file and the newly created message are the same. This is not feasible because Alice
may have changed her private or public key during this time; she may also claim that the file
containing the signature is not authentic.
The solution is a trusted third party.
 3) Non Repudiation

Alice creates a signature from her message (SA) and sends the
message, her identity, Bob’s identity, and the signature to the
center.
The center, after checking that Alice’s public key is valid,
verifies through Alice’s public key that the message came
from Alice.
The center then saves a copy of the message with the sender
identity, recipient identity, and a timestamp in its archive.
The center uses its private key to create another signature
(ST) from the message. The center then sends the message,
the new signature, Alice’s identity, and Bob’s identity to Bob.
Bob verifies the message using the public key of the trusted
center.
 05
ATTACK ON DIGITAL SIGNATURE
 Attacks on Digital Signature
Key-Only ATK Known-Message ATK Chosen-Message ATK

In the key-only attack, Eve has access to one or Eve somehow makes
Eve has access only to more message-signature Alice sign one or more
the public information pairs. messages for her. Eve
released by Alice. To now has a chosen-
In other words, she has
forge a message, Eve message/signature pair.
access to some
needs to create Alice’s Eve later creates
documents previously
signature to convince signed by Alice. Eve another message, with
Bob that the message is the content she wants,
tries to create another
coming from Alice. message and forge and forges Alice’s
signature on it.
Alice’s signature on it.
 06
DIGITAL SIGNATURE SCHEMES
RSA Digital Signature Scheme

 Ensures authenticity and integrity of digital messages/documents

 Based on RSA (Rivest-Shamir-Adleman) encryption algorithm.
 Allows digital signing of messages/documents
 Enables verification of source and message integrity by others
 Overview Of How RSA Digital Signature Scheme Works:

Key Generation:
001 A user generates a pair of RSA keys: a private key and a public key. The private key
must be kept secret, while the public key can be freely distributed.

Signing a Message:
002 To sign a message, the sender applies a mathematical operation involving their
private key to create a digital signature. The specific algorithm used is based on the
RSA algorithm.
Verification:
003 Anyone who receives the signed message can verify its authenticity and integrity
using the sender's public key and the attached digital signature. The recipient applies
a verification algorithm, which involves the sender's public key and the received
signature, to check if the signature matches the message content.
El Gamal Digital Signature Scheme

 Ensures authenticity and integrity of digitally signed messages.

 Based on the El Gamal encryption algorithm
 Named after its inventor, Taher El Gamal.
 Overview Of How El Gamal digital signature scheme works:

Key Generation:
001 A user generates a pair of keys: a private key and a public key. The private key consists
of a secret integer, while the public key includes parameters and a derived value.
Signature Generation:
002 To sign a message, the sender selects a random integer, known as the ephemeral
private key, and computes an ephemeral public key.
Using the recipient's public key and the ephemeral public key, the sender generates a
unique digital signature for the message.
The signature consists of two parts: a pair of integers, one of which is the ephemeral
public key, and the other is a computed value based on the message and the ephemeral
private key.
 Overview Of How El Gamal digital signature scheme works:

003 Verification:
The recipient, who knows the sender's public key, can verify the digital signature.
Using the sender's public key and the signature, the recipient checks if the computed
value matches the one included in the signature.
If the verification succeeds, it confirms that the message was signed by the holder
of the private key associated with the sender's public key and that the message hasn't
been altered in transit.
Conclusion
In conclusion, digital signatures offer
powerful benefits in authentication and data
integrity, providing non-repudiation and
tamper detection. However, their
effectiveness relies on secure key
management, and they do not inherently
protect data confidentiality. Proper
implementation and key security are
essential to harness their advantages while
mitigating their weaknesses.
THANKS
!
DO YOU HAVE ANY
QUESTIONS?
CREDITS: This presentation template was created by Slidesgo,
and includes icons by Flaticon, and infographics & images by
Freepik