Cryptography Reference
In-Depth Information
passes broader semantic and technical complexity. On the one hand,
though there may be multiple causes to a signature's failure to verify, (i.e.,
incorrect key or modifications to the signed message), it is not possible to
distinguish these causes given the output of the verification process itself.
On the other hand, a fundamental dimension is strikingly absent from the
scene of signature as portrayed by the model (see figure 4.1):
time
. Bob may
well verify Alice's signature shortly after she produced it, but verification
in the context of litigation may occur years afterward. Signed documents
and their evidential qualities will have to be
digitally preserved
for durations
that will vary according to record-keeping requirements. These durations
may range from a few years (tax documents) to the lifetime of individuals
and institutions (blueprints for nuclear reactors).
Furthermore, cryptographic signatures model
data integrity
at the bit
level; that is, modification of a
single bit
of a digitally signed document
results in failed verification. However, the extreme sensitivity of this
measure poses significant challenges. The conflicting mechanics of digital
preservation and signature verification will have important implications
for the forensic usability of cryptographic signatures, implications that
I further examine in chapter 6 in the context of the French notarial
profession.
The taxonomy of
entity authentication
partitions identification tech-
niques in three distinct classes: something the claimant
knows
,
possesses
,
or
is.
The literature classifies cryptographic keys in the first category; yet,
accessing and manipulating 300-digit numbers necessarily requires that
they be stored on a computing device (desktop, smart card, mobile phone),
itself secured through password or biometric identifiers. Users' agency over
their private signing keys is thus likely to be more complex than assumed
by the model. Furthermore, the taxonomy fails to account for the specific-
ity of handwritten signatures as the bodily performance of a certain secret
knowledge. Unlike a fingerprint or a retina pattern, a signature results from
a volitional act. Handwritten signatures are something someone
does
to
express assent or commitment in a performance paradoxically each time
unique, yet identical.
The third security service provided by digital signatures,
non-repudiation
,
modeled evidential qualities of written documents and their use in court—
their ability to “convince a judge.” As the following chapters further docu-
ment, the status of non-repudiation would remain ambiguous throughout
