Digital signatures
Digital signature is one of the two purposes of asymmetric cryptography. In the mid-1970s, mathematician Whitfield Diffie and cryptographer Martin Hellman had the idea of creating a key system where it would be possible not only to encrypt a message but also to prove, without the possibility of denial, that a specific person had digitally signed a document.
In the 1970s, there were no personal computers, and the Internet was still a project under construction. Diffie and Hellman knew, however, that it was only a matter of time before people would need to send documents electronically, and such documents could, in principle, be intercepted and tampered with en route. Let’s consider that a digital message to a bank indicates a $100 transaction. Someone with malicious intent could intercept this message and change the value from 100 to 10,000 dollars. Very soon, Diffie thought, a mathematical scheme would be needed to thwart such type of attack.
The need to create a digital signature scheme based on cryptography led Diffie and Hellman to propose asymmetric cryptography, which was later implemented by other cryptographers. Using a private key, the sender can sign the message to be sent, and any change in the message content, however small, can be easily detected by the recipient. In possession of the message, the signature, and the sender’s public key, it is possible to make sure that:
- The sender is who he says he is. In more technical terms, ensure the message was sent by someone with the correct private key.
- The message has not been tampered with along the way. Any slight change would be immediately recognized through the sender’s public key.
Currently, digital signature is used in several ways. Most countries have or accept digital certification that uses asymmetric cryptography. Websites considered secure have a digital certificate that guarantees that the content someone is sending cannot be stolen during traffic between the client and the server. This is critical for transactions with sensitive data such as credit card numbers.
On the blockchain, the digital signature guarantees that transactions sent to a node were written by the owner of an account and not forged by a third party. Theoretically, a digital signature is perhaps the first totally fraud-proof security scheme. But great power also requires great responsibility. If you lose your private key, you will not be able to prove that you are the actual owner of that account. There is no central authority to appeal to. There is no forgot my password button.
There are some implementations for the scheme proposed by Diffie and Hellman. Currently, the most used is RSA, which is based on the factorization of prime numbers. Asymmetric cryptography is built on complex but elegant mathematical ideas. The largest blockchains often use another scheme: asymmetric cryptography based on elliptic curves, also known as Elliptic Curve Digital Signature Algorithm (ECDSA). The most significant advantage of elliptic curve cryptography over RSA is the key size, which makes it faster and more user-friendly.