Cryptography Reference
In-Depth Information
This definition is deliberately vague and does not even suggest that the goal of
such a mechanism is non-repudiation. An electronic signature under this loose
definition could thus be, for example:
• typing a name into a web form;
• an electronic representation of a handwritten signature;
• a biometric template;
• network information that identifies a particular computer;
• a digital signature in the cryptographic sense (the main subject of this chapter).
Typing a name into a web form is clearly a very weak electronic signature. It
does imply some intent on the part of the signer but is also very easy to forge.
Nonetheless, there are applications where this type of electric signature probably
suffices. However, the Directive also recognises the need for stronger notions of
electronic signature in order to provide non-repudiation services. It proposes an
advanced electronic signature
, which is defined to be an electronic signature that,
in addition, is:
1. uniquely linked to the signatory;
2. capable of identifying the signatory;
3. created using means under the sole control of the signatory;
4. linked to data to which it relates in such a way that subsequent changes in the
data are detectable.
This notion is much closer to what we expect from a cryptographic non-
repudiation mechanism and is likely to have been formulated with cryptographic
digital signatures very much in mind. We will look at some of the practical
issues associated with the notion of an advanced electronic signature in
Section 7.4.
7.1.3
Digital signature scheme fundamentals
While we noted in the last section that electronic signatures could be provided
using a variety of different types of mechanism, we will now focus on electronic
signatures that can be provided by cryptographic mechanisms. We thus restrict
the term
digital signature
tomean an electronic signature that was generated using
a cryptographic primitive.
REQUIREMENTS FOR A DIGITAL SIGNATURE SCHEME
We will define a
digital signature scheme
to be a cryptographic primitive that
provides:
Data origin authentication of the signer
. A digital signature validates the
underlying data in the sense that assurance is provided about the integrity
of the data and the identity of the signer.
