Cryptography Reference
In-Depth Information
Chapter 9
Digital Signatures
We have already mentioned that one important—perhaps the most important—goal
of modern cryptography is message authentication, which protects the integrity of
messages and ensures that they have not been modified. It is clear that this is of
the utmost importance in fields like e-commerce and e-banking, where physical
protection of exchanged data is impossible. Thus a crucial cryptographic goal in
these situations is to ensure that data cannot be modified without the changes being
noticed.
As we have seen, a reasonable guarantee of data authenticity in the private-key set-
ting can be obtained by using aMAC. However, this requires that the data-exchanging
parties share a secret key, which severely limits the applicability of these schemes. For
example, suppose that a software publisher distributes an update to users: it would be
completely impractical to manage a system in which the software company shared a
secret key with each user. Thus what is required in this case is a digital signature that
plays a similar role to a handwritten signature and convinces users of the authenticity
of the update without them having to share anything with the software company. This
problem presents similarities with the one solved by public-key encryption and we
will see that also in this case a public and a private key can be used to obtain the
desired result: the signer—the software company in this example—will 'sign' the
message with its private key and any other party that knows the signer's public key
will be able to use it to check authenticity.
There is another problem that makes digital signatures highly desirable and it is
the fact that, even if a MAC used together with a private-key encryption scheme can
provide authentication for the communication between two parties, it cannot protect
them from each other. Indeed, if Alice and Bob reach an agreement this way, Bob
might later repudiate it and claim that he did not send the authenticated agreement
message. In this case it would be hard for Alice to convince a third party—for
example, a judge—that Bob really sent the message since Bob could argue that the
message apparently sent by him was in fact sent by Alice. Because of the symmetry
inherent to the private-key scheme in which the same shared key is used by both users
for all actions, both possibilities seem equally plausible from an outsider point of
 
Search WWH ::




Custom Search