Cryptography Reference
In-Depth Information
of different digital signatures that one individual could generate for a fixed
message.
Special signatures
. Handwritten signatures have several important specialised
forms, such as notarised and witnessed signatures, which have different status
within law. It is possible to design digital equivalents of these. In fact it is
possible to create many more specialised digital signatures. As noted above,
the signer of a digital signature does not have to be a single human being. For
example, various types of
group signature
are possible where a signature can be
produced and proven to be from a group of entities without revealing who the
actual signer was. Also,
blind signatures
can be generated, where signers sign
data that they cannot see. An impressive variety of specialised digital signature
schemes have been proposed by cryptographers, although relatively few of
these have yet been implemented in applications.
7.4.4
Relationship with advanced electronic signatures
Before closing our discussion of digital signature schemes, it is worth returning
to the definition of advanced electronic signature from Section 7.1.2 and noting
the extent to which digital signatures comply with this notion. The four particular
properties of an advanced electronic signature were:
Uniquely linked to the signatory
. We discussed this issue under
uniqueness to
individuals
in Section 7.4.3. A well-designed digital signature scheme should
have signature keys that are uniquely linked to signatories.
Capable of identifying the signatory
. A signatory can be 'identified' by verifying
a digital signature that they created. This capability is primarily realised by
providing a secure infrastructure that provides verifiers with confidence in the
correct ownership of verification keys. This infrastructure is provided by a
public-key management system and is the subject of Chapter 11.
Created using means under the sole control of the signatory
. This is probably
the most difficult of these properties to establish. Confidence that a digital
signature could only be produced by the designated signatory is provided
through many different factors in combination. It requires confidence in the
supporting public-key management system, in particular the processes that
surround the generation of signature keys. It also requires confidence in
the ongoing management of the signature key, as well as confidence in the
secure operation of the computing device that was used to compute the digital
signature. Weaknesses in any of these could lead to the formulation of a case for
arguing that a digital signature might have been created without the signatory
being aware of what was happening. Most of these are key management issues,
which we discuss in Chapters 10 and 11.
Linked to data to which it relates in such a way that subsequent changes in the
data is detectable
. Digital signatures provide this property by definition, since
they provide data origin authentication.
