Cryptography Reference
In-Depth Information
3. It cannot be transferred to another document.
4. The document cannot be changed in arrears (the document is printed,
and hand-written changes have to be signed separately or initialed).
5. The signature cannot be repudiated later on.
There are several possible solutions to meet these criteria for electronic signa-
tures. We will try to develop gradually better solutions in the following.
Using Symmetric Cryptography
Any of the symmetric encryption methods offers the simplest way to electroni-
cally 'sign' documents. Agree on a secret key with your converser and use it to
encrypt your documents. That's sufficient for the simplest purposes. Your con-
verser knows that only you could have created the document. If you use a good
block algorithm in a secure encryption mode (such as CBC with checksum, for
example), then nobody can change the document during the transmission.
Naturally, this has not much to do with a signature. The decrypted document is
not protected against subsequent changes, and the 'signature' can be verified only
by people who know the secret key. If your converser is dishonest, his knowing
the key can be a risk for you — he could perfectly forge your 'signature'.
Using Asymmetric Cryptography for Signatures
The following method can do much more.
We know that, in asymmetric methods, a plaintext is
encrypted
with the public
key and
decrypted
with the private key. The new idea is now to use the private
key first. We simply define the plaintext as 'ciphertext' and
decrypt
it with the
private key. Of course, this produces gibberish. But everybody can
encrypt
this
'product' again with the public key, only this time, the cipher is readable.
It is often wrongly stated that the private key is used for
encryption
in digital
signatures. This definition can be tolerated only with the RSA method, because
it runs the same mathematical operation (computing an exponent modulo
n
;
see Figure 4.16) for encryption and decryption. In principle, we
decrypt
with
the private key and
encrypt
with the public key.
It is important to make this distinction when encryption and decryption use
different algorithms. However, you can also see why not every asymmetric
method is suitable for digital signatures: first of all, it has to be able to decrypt
