Experiment No.

10
Create & verify digital signature

Digital signatures use public-key for message authentication. In the physical world, it is
common to use handwritten signatures on handwritten or typed messages. They are
used to bind signature to the message.
Similarly, a digital signature is a technique that binds a person/entity to the digital data.
This binding can be independently verified by receiver as well as any third party.
Digital signature is a cryptographic value that is calculated from the data and a secret
key known only by the signer.
In real world, the receiver of message needs assurance that the message belongs to
the sender and he should not be able to repudiate the origination of that message. This
requirement is very crucial in business applications, since likelihood of a dispute over
exchanged data is very high.

Model of Digital Signature

The digital signature scheme is based on public key cryptography. The model of digital
signature scheme is is shown here −

The following points explain the entire process in detail −

 Each person adopting this scheme has a public-private key pair.
  Generally, the key pairs used for encryption/decryption and signing/verifying are different.
The private key used for signing is referred to as the signature key and the public key as the
verification key.
 Signer feeds data to the hash function and generates hash of data.
 Hash value and signature key are then fed to the signature algorithm which produces the
digital signature on given hash. Signature is appended to the data and then both are sent to
the verifier.
 Verifier feeds the digital signature and the verification key into the verification algorithm. The
verification algorithm gives some value as output.
 Verifier also runs same hash function on received data to generate hash value.
 For verification, this hash value and output of verification algorithm are compared. Based on
the comparison result, verifier decides whether the digital signature is valid.
 Since digital signature is created by ‘private’ key of signer and no one else can have this
key; the signer cannot repudiate signing the data in future.

The receiver after receiving the encrypted data and signature on it, first verifies the
signature using sender’s public key. After ensuring the validity of the signature, he then
retrieves the data through decryption using his private key.

Importance of Digital Signature

Out of all cryptographic methods, the digital signature using public key cryptography is
considered as very important and useful tool to achieve information security.
Apart from ability to provide non-repudiation of message, the digital signature also
provides message authentication and data integrity. Let us see how this is achieved by
the digital signature −
 Message authentication − When the verifier validates the digital signature using public key
of a sender, he is assured that signature has been created only by sender who possess the
corresponding secret private key and no one else.
 Data Integrity − In case an attacker has access to the data and modifies it, the digital
signature verification at receiver end fails. The hash of modified data and the output
provided by the verification algorithm will not match. Hence, receiver can safely deny the
message assuming that data integrity has been breached.
 Non-repudiation − Since it is assumed that only the signer has the knowledge of the
signature key, he can only create unique signature on a given data. Thus the receiver can
present data and the digital signature to a third party as evidence if any dispute arises in the
future.
By adding public-key encryption to digital signature scheme, we can create a
cryptosystem that can provide the four essential elements of security namely − Privacy,
Authentication, Integrity, and Non-repudiation.