Digital Signatures

     In order to understand this scheme let's recall some attributes of the usual handwritten signature. Suppose that Dr. Benson, has signed a prescription. Then ideally her signature should have the following characteristics:

     * Only Dr. Benson may produce this signature, and
     * Anyone may verify that this signature is hers.

     We can only achieve these characteristics using asymmetric systems like public key:

     1. Dr. Benson wants to sign a message m ,then she

     * enciphers m with her private key Da (which she exclusively knows)
     * publishes the message signed in this way Da(m) along with the message m itself. (While the encrypted message itself can serve as the signature, both the plain document and the encrypted message form a stronger unity and take the title of "certificate" for personal authentication.)

     2. Any other participant may verify the electronic signature Da(m) by using Dr. Benson's public key Ea and checking whether m and Da(m) fit.

     If we work with RSA, the verification works by applying ea to the signature Da(m) and checking whether the following equation holds.

     Ea(Da(m)) = m

     Signatures can be used in a more flexible way too. The signer can only publish Da(m). The verifier applies Ea to the signature; if the outcome yields a sensible message then this proves the signature. Yet this verification works only if the original signed message is in a normal language rather than mere arbitrary symbols.

Advantage of Digital Signatures Vs. Handwritten Signatures

     The crucial difference of the handwritten signature is that the electronic signature Da(m) is intimately connected with the message, whereas the handwritten signature is added to the message and always looks the same and that's why is easy to forge. As a consequence no one can alter the signed message Da(m) and trying to make it seem as if the signature is by the real person. For, if Da(m) is altered at all, then the application of the public key Ea to the altered signed message Da(m)" yields a clear text which will appear totally random.

Problem With Digital Signatures

     Once an entire signature is published by the signer, anyone can verify it. But moreover once the signature has been verified, (assuming that this is an originally signed document with no copies after being signed) no one else may verify the signature.

     One obvious solution to this would be to make copies of the signed document.

     Another solution could turn the problem of digital signature into an advantage. Using digital signatures we can specify who will verify the signature exclusively:

     If, for instance, Mrs. Johnson wants only Mr. Whipkey to be able to verify her signature, she can proceed as follows. She signs her message: Da(m). Now she enciphers her signed message using Mr. Whipkey's public key: Ea(Da(m)). Then Mr. Whipkey may decipher the signed message using his secret key: Da(Ea(Da(m))) and get Da(m), the signature everyone would normally get. Yet in this only Mr. Whipkey can get it.

Special Variants

Invisible Signature Schemes      There are certain cases where the signer might not want anyone but the receiver to be able to verify his/her signature. A good example is if the sender is borrowing money. The sender would want to protect the signature so the receiver could not inform/brag to friends about the debt. The sender would then use an invisible signature, which is only "visible" with the signer's cooperation. Once the receiver has initially verified the signature, the money transaction can take place, and the signer need not worry about information about his/her personal affairs being compromised. If, though, the sender does not make good on the debt, the receiver can take the signature to court and the court (through a warrant) can force the sender's cooperation to reveal the signature. In this way, the receiver is protected also.

Company Signatures

     A company can have a single signature which several of its employees can use to indicate a specific document came from that company. The downside is that it is not possible to tell from which employee the message was sent. To insure that the company signature is not misused, some programs require a quorum of company members to activate the key. For instance, one president, or two vice-presidents, or 99 employees might be needed for activation; but if there were only 98 employees or only one vice-president, the signature wouldn't work because there would not be enough authority to activate it.


     With the original digital signatures, the mention of "forgery" sent terror into the hearts of senders. This is because the sender bears all risk. If a public key could open the message, then the courts would accept it has the real signature, holding the supposed sender responsible for the fraudulent message.

     So the fail-stop signature scheme was devised. I t normally works the same way as a regular digital signature, except there is an attempted forgery. In the making of the fail-stop key, there are algorithms added so that a forgery actually creates proof that the sender can use to defend him/herself. Once the scheme fails, the sender stops using the digital signature entirely (hence the name "fail-stop".) This increases security to the point that the only way a forgery can go undetected (or unable to be proven at least) is if the private key is stolen.