Academy ⟶ Security

What is a Digital signature?

A digital signature is a cryptographic method used to verify the validity and integrity of digital data. It is a digital equivalent of traditional handwritten signatures, with a higher level of complexity and security. Simply put, it is a special code attached to a message or document, acts as proof that the message or document has not been tampered with.

6 min

Table of Contents

Introduction

A digital signature is a cryptographic method used to verify the validity and integrity of digital data. It is a digital equivalent of traditional handwritten signatures, with a higher level of complexity and security. Simply put, it is a special code attached to a message or document, acts as proof that the message or document has not been tampered with. Thanks to the development of cryptography, the concept of protecting communication networks through a digital signature scheme emerged in the 1970s. To learn how digital signatures work, you first need to get acquainted with basic hash functions and public-key cryptography.

Hash functions

Hashing is one of the main features of a digital signature system. This process involves converting data of any size to output in a particular format using a special type of algorithms, also known as hash functions. The output data generated by the hash function is called the hash. In accordance with cryptography, hash functions can be used to generate a hash that serves as a unique digital identifier. This means that any change in the input (message) will result in a completely different output (hash). Cryptographic hash functions are a common digital data authentication method.

Public-Key Cryptography (PKC)

It is a cryptographic system that uses both public and private keys. Two mathematically related keys can be used to encrypt data and create a digital signature. PKC is the most secure encryption method while existing systems use the same key to encrypt and decrypt data, and PKC enables data to be encrypted with a public key and decrypted with a private key.

Public-key cryptography can also be used to produce digital signatures. This process consists of hashing a message (or digital data) with the private key of the signatory. The recipient of the message should be able to verify the validity of the signature by using the public key provided by the signatory. Bitcoin blockchain also uses public-key cryptography and digital signatures, but its operations are not encrypted. In addition, Bitcoin uses the Elliptic Curve Digital Signature Algorithm (ECDSA) to authenticate its transactions.

How does it work?

In the field of cryptocurrencies, the digital signature method consists of three key stages - hashing (encryption), signature, and verification.

Data hashing (Encryption)

The first step is a message or digital data encryption that is performed by a hashing algorithm to produce a hash (message digest). As mentioned above, messages may vary in size, but after the encryption, all hashes will be of the same length. This is one of the most important aspects of a hash function. In general, encryption is not necessary to generate a digital signature; instead, a private key may be used to sign a message. When it comes to cryptocurrencies, the data is often hashed and simplifies the processing of data.

Signature

When the data has been encrypted, the sender must sign the message via public-key cryptography. There are many types of digital signature algorithms, but the hashed message is always signed using a private key, and the receiver verifies its validity with the public key issued by the signatory. If the private key is not included when the signature has been created, the receiver will not be able to use the relevant public key to verify its validity. The sender produces public and private keys, but only the public key is shared. Digital signatures are directly related to the contents of each message. Therefore, unlike hand-written signatures, which are typically the same regardless of the document’s content, each digitally signed message has a unique identifier.

Verify process

Imagine, that Alice generates a message for Bob, hashes it, and combines the hash with a private key to create a digital signature. In this case, the signature is a unique digital identifier for this message. Bob receives the message and can verify the validity of the digital signature using the public key provided by Alice since only she is the owner of the corresponding private key. Alice needs to keep her private key in secret. When someone gets Alice’s private key, they can create digital signatures and carry out transactions. In the case of Bitcoins, this means that anyone can transfer and spend Alice’s Bitcoins without her permission.

Why are digital signatures so important?

The aim of digital signatures is to achieve three objectives: data integrity, authentication, and non-repudiation problem. 

  • Data integrity: Bob should make sure that Alice’s message is invariable. Any changes to the message will result in a completely different digital signature being produced.
  • Authentication: If Alice’s private key is kept secret, Bob will use the public key to confirm that Alice and nobody else has produced the digital signature.
  • Non-repudiation: Once the signature was generated, Alice could not dispute that she had created the signature unless her private key had been stolen or compromised.

Use cases

Digital signatures can be applied to various types of digital documents and certificates in different fields, improving the security of Internet communication systems, financial audits, expenditure reports, loan agreements, business contracts, and legal agreements. The digital signature guarantees that only legitimate cryptocurrency owners are eligible to sign the transaction.

Multisig

Multi-signature is a security protocol that requires the signing of transactions with two, three, or even more keys. A few cryptocurrencies are adopting this technology, Bitcoin - one of them.

In the case of a multisig wallet, a combination of several keys is needed before the transaction can be sent to the blockchain.

In Guarda wallet, you can use the multi-signature for Bitcoin or Ethereum. It is especially important for corporate work. Multisig feature resolves security threats by preventing a single point of failure. Keys for a multisig wallet can be located all over the world, making it incredibly difficult for a potential attacker to occur. The variety of options for multisig setups enables cryptography technologies to be applied in ways that improve security.

Disadvantages

The quality of the algorithms (hash functions and cryptographic system) to generate a digital signature is very important. In the case of an algorithm problem, the digital signature will not be reliable. Finally, if the private keys are stolen or corrupted, the authentication and non-repudiation properties become invalid. For users of cryptocurrency, losing their private key can lead to significant financial losses.

Summary

Digital signature systems can enhance security, ensure integrity, and facilitate the authentication of all forms of digital data. In blockchain technology, it is used to verify and sign cryptocurrency transactions. This function acts as an assurance that cryptocurrencies can only be spent by those who own the corresponding private keys.

Latest articles in Security

What is Double-spending?

What is Double-spending?

The primary goal of blockchain technology is to create a reliable and secure digital money system. Before Bitcoin was invented, attempts to design a similar system had already been made, but they were all faced with the problem that transactions could be copied.

3 min
What is 51% Attack

What is 51% Attack

51% attack is a hackers' assault on the blockchain network, where one person or a group of miners, for example, one mining pool can control much of the hashing speed. It can lead to disruption of the network processes as the attacker will have enough hashing power to exclude or change a specific transaction or the order of transactions.

4 min