Blockchain Lecture-7 Notes: Digital Signatures

Scribed by: Sanyam Kumar Jain

January 20 2025

Introduction
Digital signatures are a fundamental concept in blockchain technology, providing authentication,
integrity, and non-repudiation for transactions. This lecture explores the mathematical foundations,
implementation, and significance of digital signatures.

1 Definition and Properties

A digital signature is a cryptographic scheme used to verify the authenticity of digital messages or
documents. Key properties include:

• Authentication: Ensures the sender’s identity.

• Integrity: Guarantees that the message has not been altered.

• Non-repudiation: Prevents the sender from denying the message.

Formal Definition
A digital signature scheme consists of three algorithms:

1. Key Generation (Gen): Produces a pair of keys (sk, pk), where sk is the private
key and pk is the public key.

2. Sign (Sign): Takes a message m and private key sk to produce a signature σ.

3. Verify (Verify): Takes a message m, signature σ, and public key pk to output a

boolean value indicating validity.

2 Mathematical Framework
Let H(m) denote a cryptographic hash function. The signing and verification processes can be
described as follows:

σ = Signsk (H(m))
(
True if valid,
Verify: V erif ypk (m, σ) =
False otherwise.

1
Blockchain Lecture Notes: Digital Signatures

2.1 Greatest Common Divisor

• The greatest common divisor (gcd) of two integers a and b, denoted gcd(a, b), is the
largest positive integer d such that d | a and d | b.

Euclidean Algorithm
The Euclidean algorithm is a highly efficient method for computing the greatest common divisor
of two integers. It is based on the following recursive property:
(
b if b = 0,
gcd(a, b) =
gcd(b, a mod b) if b ̸= 0.

2.2 Bezout’s Theorem

• For any integers a and b, there exist integers x and y such that:

ax + by = gcd(a, b).

2.3 Modular Arithmetic: Zn and Z∗n

• Definition of Zn : The set of integers modulo n, defined as:

Zn = {[0]n , [1]n , [2]n , . . . , [n − 1]n },

where [k]n represents the equivalence class of k modulo n.

• Definition of Z∗n : The set of elements in Zn that are multiplicatively invertible.

Claim

Z∗n = {[k]n ∈ Zn | gcd(k, n) = 1}.

Proof. To prove that an element [k]n ∈ Zn is multiplicatively invertible if and only if gcd(k, n) = 1,
we consider two cases:
Case 1: gcd(k, n) = 1
By Bezout’s theorem, there exist integers x and y such that:

kx + ny = 1.

Taking modulo n on both sides, we have:

kx + ny ≡ 1 (mod n).

Since ny ≡ 0 (mod n), this simplifies to:

kx ≡ 1 (mod n).

Thus, [x]n serves as the multiplicative inverse of [k]n , proving that [k]n is invertible.

2
Blockchain Lecture Notes: Digital Signatures

Case 2: gcd(k, n) = d > 1

If gcd(k, n) = d > 1, then k and n can be expressed as:

k = βd and n = αd for some integers α, β.

By Bezout’s theorem, there exist integers x and y such that:

kx + ny = d.

Multiplying through by α, we get:

αkx + αny = αd.
Taking modulo n on both sides, we have:

(αx (mod n)) · (k (mod n)) ≡ 0 (mod n).

This implies that k (mod n) cannot have a multiplicative inverse, since any candidate for the inverse
would fail to satisfy kx ≡ 1 (mod n).
Hence, [k]n is not invertible when gcd(k, n) > 1.

Conclusion
Combining both cases, we conclude that [k]n ∈ Zn is multiplicatively invertible if and only
if gcd(k, n) = 1.

2.4 Special Case: n as a Prime

When n = p is a prime number:

• Every nonzero element of Zp is coprime to p.

• Z∗p = Zp \ {[0]p }, which has p − 1 elements.

Conclusion
For a prime p, Z∗p is a cyclic group of order p − 1. Each element in Z∗p has a unique
multiplicative inverse.

2.5 Multiplication by a in Z∗p

• For any a ∈ Z∗p , multiplication by a permutes the elements of Z∗p .

Proof. Let a ∈ Z∗p and consider the map f : Z∗p → Z∗p defined by:

f (x) = a · x (mod p).

• Since a ∈ Z∗p , it has an inverse a−1 such that a · a−1 ≡ 1 (mod p).

• For any x1 , x2 ∈ Z∗p , if f (x1 ) = f (x2 ), then:

a · x1 ≡ a · x2 (mod p).

3
Blockchain Lecture Notes: Digital Signatures

• Multiplying both sides by a−1 , we get:

x1 ≡ x2 (mod p).

• Thus, f is injective. Since Z∗p is finite, f is also surjective.

Hence, multiplication by a permutes the elements of Z∗p .

3 Fermat’s Little Theorem

• Consider the set {x1 , x2 , x3 , . . . , xk } in Z∗p , where k is the cardinality of the set Z∗p .

• Multiplying all elements of this set by some a ∈ Z∗p results in the set {ax1 , ax2 , ax3 , . . . , axk },
with all elements taken modulo p.

• Since a ∈ Z∗p is invertible, the new set {ax1 , ax2 , . . . , axk } is a permutation of the original set
{x1 , x2 , . . . , xk } modulo p.

• Therefore, the product of all elements in both sets is congruent modulo p, leading to:

ak · (x1 x2 · · · xk ) ≡ x1 x2 · · · xk (mod p).

• Canceling the common product x1 x2 · · · xk (which is nonzero modulo p), we get:

ak ≡ 1 (mod p).

• Since the cardinality of Z∗p is p − 1, this gives the statement of Fermat’s Little Theorem:

ap−1 ≡ 1 (mod p), for all a ∈ Z∗p .

Conclusion
For any integer a coprime to p, Fermat’s Little Theorem states:

ap−1 ≡ 1 (mod p),

where p is a prime number. This result follows from the properties of the group Z∗p under
multiplication modulo p. We will see later that we can generalise this result even if n is not
prime.

4 Applications
• Blockchain transactions

• Secure email communication

References
• Lecture notes by Professor Tony Zacob