Digital Signatures - Interactive Learning Module

Introduction to Digital Signatures

Digital Signature is a cryptographic technique that verifies the authenticity, integrity, and origin of a digital message or document. It is created using the sender's private key and verified using their public key.

Simplified Depiction of Digital Signature Process

Key Features of Digital Signatures

Authenticity: Confirms the message is from the claimed sender (verified via public key).
Integrity: Ensures the message hasn't been altered; any change breaks the signature.
Non-repudiation: The sender cannot deny sending the message after signing it.

Important Notes:

Third-Party Authentication in Digital Signatures
A digital signature must be publicly verifiable, meaning a trusted third party can check its validity — not just the sender and receiver. This is often done using a Certificate Authority (CA).
Signatures Are Not Unconditionally Secure
Digital signatures are not 100% secure. An attacker might eventually break the algorithm, exploit weak random number generators, or use forgery attacks. Expiration dates help reduce this risk over time.

Obtaining certificates from Certificate Authority

Attacks and Forgeries

Scenario: Assume Alice is a server that runs an automated document-signing service. An attacker (Mallory) wants to forge her signature.

Attack Type	What the Attacker Does	Example with Alice	Threat Level
Key-only Attack	Tries to forge a signature knowing only Alice's public key.	Mallory downloads Alice's public key and tries to create fake signed documents.	Low
Known Message Attack	Uses a set of valid signed documents to help forge a new one.	Mallory collects Alice's old signed contracts and studies the signatures to learn patterns.	Moderate
Generic Chosen Message Attack	Gets signatures on a pre-made list of messages to break the system.	Mallory sends 100 prepared contracts to Alice's API to be signed to find weaknesses.	Moderate
Directed Chosen Message Attack	Chooses messages to be signed after seeing the public key to target it.	After getting Alice's key, Mallory designs 100 specific contracts tailored to exploit it.	High
Adaptive Chosen Message Attack	Sends messages one by one, adapting each new message based on the last signature.	Mallory sends 1 contract, sees signature, then sends an adjusted one to extract info and forge.	Critical

Key Differences Between Attack Types

🔍 Generic Chosen Message vs. Known Message Attack

In Generic, the attacker chooses the messages. In Known, the attacker only observes messages chosen by others.
In Generic, the attacker interacts with the signer. In Known, it's passive observation.

🎯 Generic vs. Directed Chosen Message Attack

In Generic, messages are chosen *before* knowing the public key. In Directed, they're chosen *after* to specifically target the key.

🔄 Adaptive vs. Directed Chosen Message Attack

In Directed, all messages are chosen at once. In Adaptive, the attacker learns from each signature and adjusts the next message, making it a dynamic, interactive attack.

Forgery Types

Forgery Type	What It Means	Threat Level
Total Break	Attacker recovers the signer's private key. They can sign anything.	Catastrophic
Universal Forgery	Attacker can forge a signature for any message without the key (finds an algorithm flaw).	Critical
Selective Forgery	Attacker forges a signature for a specific, pre-chosen message.	High
Existential Forgery	Attacker forges a signature for at least one message they didn't get to choose (often a nonsensical one).	Low (but still a break)

RSA Signature Scheme

Direct Digital Signature with RSA

The RSA algorithm can be used to create a direct digital signature, where the sender signs a message with their private key, and the receiver verifies it with the sender's public key.

Adding Confidentiality

RSA Signature Implementation with Confidentiality

For confidentiality, the entire signed message can be encrypted using a symmetric key shared between the sender and receiver. This protects both the message content and the signature from eavesdropping.

Review Questions

(1) List two disputes that can arise in message authentication.

A sender might deny sending a message. A receiver might forge a message and claim it came from the sender.

(2) What are the properties a digital signature should have?

It must verify the author and the date/time of the signature. It must authenticate the contents at the time of signing. It must be verifiable by third parties to resolve disputes.

(3) What requirements should a digital signature scheme satisfy?

The signature must be a bit pattern depending on the message being signed. It must use information unique to the sender. It must be easy to produce, easy to recognize/verify, and computationally infeasible to forge.

(4) What is the difference between direct and arbitrated digital signatures?

Direct: Involves only the sender and receiver. The receiver verifies the signature with the sender's public key. Arbitrated: Involves a trusted third party (an arbiter) who participates in the signature process to validate it.

(5) In what order should signing and encryption be applied?

Sign first, then encrypt. This ensures the signature is protected along with the message and allows the receiver to decrypt and then verify the signature on the original content.

(6) What are some threats to a direct digital signature scheme?

The main threat is forgery. An attacker might try to forge a signature using the public key (key-only attack) or by analyzing existing signed messages (known message attack). The sender could also later disown a signature by claiming their private key was lost or stolen.

Data Security Learning Module

Introduction to Digital Signatures

Key Features of Digital Signatures

Important Notes: