Section 2: Cryptographic Methods in Security

1. Digital Signatures

Definition and Role

• A digital signature is a cryptographic technique that ensures the authenticity,

integrity, and non-repudiation of a digital message or document.

• Authenticity: Verifies that the message was sent by the claimed sender.

• Integrity: Confirms that the data has not been altered during transmission.

• Non-Repudiation: Ensures that the sender cannot deny their involvement in

signing the document.

How Digital Signatures Work

1. Creating the Signature:

• The sender generates a hash (fixed-length representation) of the message

using a hashing algorithm (e.g., SHA-256).

• The hash is encrypted with the sender’s private key to create the digital
signature.

2. Verification:

• The recipient decrypts the signature using the sender’s public key to retrieve
the hash.

• The recipient then hashes the received message and compares it with the
decrypted hash. If they match, the message is verified.

Applications

• Secure Email: Ensures emails are sent by verified individuals (e.g., S/MIME).

• Digital Contracts: Used in signing legal agreements.

• Software Verification: Authenticates software updates to prevent malware

injection.

2. Public Key Cryptography (PKC)

Definition and Role

• Public Key Cryptography (PKC) is a cryptographic system that uses a pair of

keys:
 • Public Key: Shared openly, used for encryption or signature verification.

• Private Key: Kept secret, used for decryption or signature creation.

• PKC ensures secure communication, even over public or untrusted networks.

How PKC Works

1. The sender encrypts data with the recipient’s public key.

2. The recipient decrypts the data with their private key, ensuring only they can
access the information.

RSA vs. ECC

1. RSA (Rivest-Shamir-Adleman):

• Relies on the difficulty of factoring large numbers.

• Applications: Digital signatures, secure web traffic (HTTPS), and secure email
(PGP).

• Advantages: Mature and widely supported.

• Disadvantages: Requires larger key sizes (2048-bit or higher) for strong

security, making it computationally intensive.

2. ECC (Elliptic Curve Cryptography):

• Based on the mathematical properties of elliptic curves over finite fields.

• Applications: Mobile devices, IoT, and blockchain (e.g., Bitcoin).

• Advantages: Provides equivalent security to RSA with much smaller key

sizes, leading to faster computation and reduced storage.

• Disadvantages: More complex implementation.

Applications of PKC

• SSL/TLS Protocols: Secures website connections.

• Online Banking: Encrypts transactions and sensitive user data.

• Blockchain: Ensures secure transactions using ECC-based signatures.