Cryptography Reference
In-Depth Information
some data, often at a specific moment in time. In a communication scenario this
normally means that the receiver of data wants evidence of the fact that the data
was created by the sender. This requirement is especially relevant in business
applications where there is potential for dispute over exchanged data.
Note that this requirement is for evidence that could, at least in theory,
be presented to a third party for independent assessment. This is a stronger
requirement than
assurance
that a particular entity has generated some data,
which is how we defined data origin authentication. In particular, data origin
authentication may provide assurance to the
receiver
but does not, in general,
provide evidence that could be presented to a
third party
. This is precisely
what normally happens when a MAC is used. A basic application of a MAC
convinces the receiver, but not a third party, who cannot tell whether the sender
genuinely created the MAC or whether the receiver forged it using the shared
key, as discussed in Section 6.3.5. We will qualify 'normally' in Section 7.2,
when we consider situations where a MAC may suffice to provide a degree of
non-repudiation.
The primary purpose of a digital signature is to bind an entity to some data
in a way that can be independently checked by a third party. Note that the entity
being bound to the data could be, for example:
• the creator of the data;
• the owner of the data;
• an entity who is formally 'approving' the data.
We will use the term
signer
for the entity who creates a digital signature (regardless
of their precise relationship to the data) and the term
verifier
for any entity who
receives digitally signed data and attempts to check whether the digital signature
is 'correct' or not. We say that the verifier attempts to
verify
the digital signature
by checking whether it is
valid
for the given data and claimed signer.
7.1.2
Electronic signatures
It is quite natural to associate the term 'signature' with non-repudiation
mechanisms because handwritten signatures are the most important non-
repudiation mechanisms used in the physical world. However, it is also important
to apply caution when using this analogy because handwritten signatures have
complex properties that do not all necessarily translate into the electronic world.
Some of these properties are desirable ones, that are hard to emulate. Others are
rather undesirable, and can be 'improved upon' by using digital techniques. We
will discuss these issues in more detail in Section 7.4.3.
That said, there is clearly a case for electronic techniques that can be applied in
similar situations to thosewhere handwritten signatures are utilised in the physical
world. Recognising this, an important European Community Directive defines an
electronic signature
to be
data in electronic form attached to, or logically connected
with, other electronic data and which serves as a method of authentication
.
