Cryptography Reference
In-Depth Information
We proceed by considering a list of relevant issues and identifying the
differences. The number of differences is striking. Hopefully this extensive
comparisonmakes it clear that handwritten signatures and digital signatures are in
many ways quite different in their properties. While some electronic applications
for digital signatures are indeed analogous to physical applications of handwritten
signatures, digital signatures provide more precise security properties at the cost
of being more complex to implement.
ENVIRONMENTAL DIFFERENCES:
Form
. A handwritten signature is a physical object, while a digital signature is
electronic data. This difference is obvious but it has great significance, for
example, with regard to the law (see later).
Signer
. A handwritten signature must be generated by a human signer. On the
other hand, signature keys for digital signatures do not have to be associated
with a human signer. They could be held by groups of humans (for example,
an organisation) or could belong to devices or software processes.
Signature creation
. The ability to create a handwritten signature requires the
presence of a human. Digital signatures require the existence of equipment
in order to create a signature, such as a secure device on which to store the
signature key and a computer to perform the signature creation.
Availability
. Barring serious illness or accident, handwritten signatures are always
available for use. Digital signatures depend on the availability of the various
components of the infrastructure of the digital signature scheme, including
computer systems and signature key storage devices.
SECURITY DIFFERENCES:
Consistency over messages
. In theory, a handwritten signature is approximately
the same every time that it is used, even to sign different messages. A crucial
difference between handwritten and digital signatures is that digital signatures
on different items of data are not the same. A digital signature depends on the
underlying data. In cryptographic terminology, a digital signature is
message
dependent
.
Consistency over time
. While handwritten signatures have a reasonable degree
of consistency, they tend to vary with the physical state (health, mood and
concentration) of the signer. They also tend to gradually change over time.
In contrast, a digital signature generated using a particular set of values is the
result of a cryptographic computation and will be the same each time the same
set of values are input.
Uniqueness to individuals
. Handwritten signatures are biometrically controlled
and thus it is reasonable to regard then as being unique to a particular signer.
Many people have handwritten signatures that appear to be similar but there are
experts who can fairly accurately distinguish handwritten signatures. On the
