Cryptography

Digital signatures

Easy
15 min

What are digital signatures?

Digital signatures are cryptographic methods used to ensure the integrity and authenticity of messages or digital documents, as well as to authenticate the identity of the signatory. They are the digital age equivalent of traditional handwritten signatures, offering many additional benefits such as preventing tampering and ensuring the message's content remains unchanged.

Why are digital signatures needed?

Digital signatures are used for several reasons, such as:

  • Authentication: They prove that a message or document truly originates from the claimed source.
  • Integrity: They ensure that a message or document has not been altered after being sent.
  • Non-repudiation: The signer cannot deny having signed the document, as the signature is uniquely linked to them.

How do digital signatures work?

Digital signatures are based on a public key infrastructure (PKI), where each user has a pair of complementary keys: a public key and a private key. The signature is created as follows:

Message digest: First, a digest (hash) is created from the message, which is a unique digital fingerprint of the message.

Signature: The hash is encrypted with the sender's private key. This encrypted hash is the digital signature.

Transmission: The message and its digital signature are sent to the recipient.

When the recipient receives a message and a digital signature, they can verify the signature as follows:

Decryption of the hash: The recipient decrypts the digital signature using the sender's public key. This reveals the original hash.

Comparison of Digests: The recipient also creates a digest of the received message and compares it by decrypting it with the received digest. If the digests match, the message must have remained unchanged and must have originated from the claimed source.

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are designed to access, alter, or destroy sensitive information; extort money from users; or interrupt normal business processes.

Common algorithms

RSA (Rivest-Shamir-Adleman)

RSA is one of the oldest and most widely used algorithms for digital signatures. It is based on the problem of factorization of large numbers, and it is a widely accepted and reliable method for creating digital signatures. With RSA, the message digest is encrypted with the sender's private key, and anyone can verify the signature using the sender's public key. Its security increases with the length of the key, commonly used key lengths are 2048 or 3072 bits.

DSA (Digital Signature Algorithm)

DSA is an algorithm developed by the US government, designed specifically for creating digital signatures. It is based on the discrete logarithm problem and provides faster signature creation and verification than RSA. DSA is part of the Digital Signature Standard (DSS) and is widely used in various security protocols.

ECDSA (Elliptic Curve Digital Signature Algorithm)

ECDSA is a digital signature method based on elliptic curves, providing the same level of security as RSA or DSA but with a smaller key size, making it more efficient. The popularity of ECDSA has increased especially in mobile devices and IoT devices, where minimizing resource consumption is important. It also serves as the foundation for many cryptocurrency signature mechanisms.

EdDSA (Edwards-Curve Digital Signature Algorithm)

EdDSA is a modern digital signature algorithm designed to improve the security and efficiency of ECDSA. It is based on the use of Edwards curves and provides strong security and high performance. EdDSA is known for its speed and resistance against various cryptographic attacks, and it is used in many secure communication applications.

Ed25519 (Edwards-Curve Digital Signature Algorithm)

Ed25519 is a particularly popular digital signature algorithm based on EdDSA and uses an elliptic curve named Curve25519. It is known for its speed, security, and small key sizes compared to many other digital signature algorithms. Ed25519 is designed especially with efficiency and strong security in mind, and it offers significant advantages, such as protection against various types of attacks, including side-channel attacks. It is widely used in many security-critical applications and protocols, such as SSH, TLS, and several cryptocurrencies. The choice of Ed25519 as a digital signature algorithm is due to its excellent performance and high level of security, making it an ideal choice for many modern security requirements.

hakatemia pro

Ready to become an ethical hacker?
Start today.

As a member of Hakatemia you get unlimited access to Hakatemia modules, exercises and tools, and you get access to the Hakatemia Discord channel where you can ask for help from both instructors and other Hakatemia members.