A digital signature is a mathematical procedure that allows recipients to verify the authenticity of digital messages, documents, or transactions with almost total certainty. A new digital signature is created for each new document, email, or message being signed, so each signature is unique, resistant to tampering, and virtually impossible to counterfeit. When properly implemented, a recipient should have no reason to doubt the veracity of a digital signature or the integrity of the sender’s message. Digital signatures are widely used today, from PDF signing and emails to the SSL protocol and cryptocurrency transactions.
In this article, we’ll look at why digital signatures are important and how they’re used in various technologies, including blockchain networks. We’ll then outline the major milestones of digital signature algorithms over the years. Finally, we’ll assess the advantages and disadvantages of using digital signatures.
How Does A Digital Signature Work?
To understand how a digital signature works, let’s look at this technology step by step. Note that the steps involved are very similar to the steps used in digital signatures whether it’s for a Bitcoin transaction, PDF document, SSL, or email.
The first step in creating a digital signature is to create a cryptographic hash of the document, message, or transaction being signed. This is created by putting the appropriate data into a hash function. Hash functions have a few very useful properties:
- Given the same input, a hash function will always produce the same output.
- All outputs are always of the same length and appear completely random.
- It’s virtually impossible to determine the input from knowledge of the output alone.
- It’s virtually impossible to find two inputs that produce the same output.
- Ordinary computers can perform the operations of a hash function very quickly.
After a specific message or document is put through a hash function, the output serves as an electronic fingerprint for that message or document. The hash is then used as one component of the digital signature. This will eventually enable the receiver of the message or transaction to verify that nothing has been altered and that the accompanying digital signature is authentic.
Creating a Digital Signature
After the data is hashed, the sender needs to sign the message with a digital signature. As mentioned in the introduction, each digital signature is unique to the message or transaction being signed. After a digital signature is used once, it can never be reused or repurposed.
From an end user’s perspective, the process of creating a digital signature is seamless. All of the technical steps in the process happen automatically behind the scenes. In reality, digital signature creation is quite complex.
Let’s take a look at how exactly a digital signature is made. For the purposes of this example, we will assume that the signature is being created with the Elliptic Curve Digital Signature Algorithm (ECDSA).
Each digital signature consists of two parts: a random component and a signature component. Here’s how each one is produced.
To create the random component, a random number is generated and multiplied with a point often referred to as the generator point. In elliptic curve cryptography (ECC), different implementations use different curves, and parameters such as the generator point are known in advance. For instance, the Bitcoin protocol implements the curve known as secp2561k. The generator point used for digital signatures is actually the same generator point used to produce a public key from a Bitcoin private key.
After the random number is multiplied by the generator point, the product is a new point with an x-coordinate and a y-coordinate. The x-coordinate becomes the random component used in the digital signature. We can call this random component r.
To produce the second component of a digital signature, the sender’s private key is multiplied by r, the random component. Then the product is added to the hash of the message created in the data hashing section above. Finally, the result is divided by the same random number used to derive r. The result is the signature component, which we can call s. Notice that the both the sender’s private key and the hash of the thing being signed are used to create s.
This combination of data— that is, r and s— is the digital signature. The sender shares r and s with the recipient so they can verify that the sender who generated the digital signature is, in fact, the holder of the private key, and that the data received wasn’t altered.
In order to verify the message or transaction, the recipient takes both components of the digital signature (r and s) and finds three different points on the elliptic curve in use.
Point 1 is found by dividing the hash of the transaction script (which can be easily derived locally) by s, the signature component, then multiplying the result with the generator point on the specific elliptic curve in use.
Point 2 is found by dividing r (the random component) by s (the signature component) and multiplying the result by the sender’s public key.
Point 3 is found by adding Point 1 and Point 2 together using elliptic curve addition. This should result in a third point that also lies on the secp256k1 elliptic curve. The x-coordinate of Point 3 should be the same as the x-coordinate the sender derived when producing r. If the two values are the same, the recipient has mathematically proven the digital signature was indeed produced by the owner of the private key that corresponds to the sender's public key.
If Point 3 doesn’t lie on the elliptic curve, one of two events has likely occurred. The data has either been tampered with, or the signature was created with a private key that doesn't match the public key presented by the signer. These potential issues bring into question the security of the hash function and/or digital signature scheme itself.
Why Do We Need A Digital Signature For Blockchain Transactions?
A Bitcoin transaction authorizes the transfer of funds from one user’s wallet to another user’s wallet. Technically speaking, these funds are held in the form of an unspent transaction output (UTXO). If you’re not familiar with this concept, check out this guide to UTXO. Transfers can be made using a variety of different transaction types, including Pay to Pubkey (P2PK), Pay to Pubkey Hash (P2PKH), and Pay to Script Hash (P2SH).
In all cases, the sender needs to prove to the blockchain’s network that they are the legitimate owner of the UTXO. To do this, the sender needs to fulfill the conditions of the UTXO's "ScriptPubKey." which is the locking script. In most cases, the conditions simply require the sender to prove that they own the Bitcoin private key of the address to which the UTXO was locked in a previous transaction.
The challenge is proving ownership of a private key without actually revealing it to the blockchain’s peer to peer network. For obvious reasons, revealing the private key itself to the public would mean that anyone could spend that private key’s funds. That’s where digital signatures come in.
Bitcoin uses a programming language called Bitcoin Script to create locking and unlocking scripts that set the conditions for spending a specific UTXO. An unlocking script is part of every transaction input and contains a public key (or address) as well as a digital signature. This allows the network to verify the spender of a UTXO actually holds the correct private key.
The Bitcoin network uses the Elliptic Curve Digital Signature Algorithm (ECDSA) as its digital signature scheme. The digital signature shows that a sender of a transaction holds the private key belonging to a corresponding BTC address. Therefore, the person who creates that digital signature can also unlock funds sent to the corresponding pubkey or address. In other words, a digital signature ensures that funds in a BTC wallet can only be spent by the legitimate owner.
Historical Overview of Digital Signature Technologies
Digital signature technology has only been around for a little over 50 years. In this time, major advancements have been made in the creation of secure digital signature schemes as well as the emergence of use cases. Here’s a basic overview of some of the most notable events in this timespan.
Note that this is a concise list. There are several other people who have contributed to the development of digital signature schemes and important catalysts towards the adoption/usage of this technology in the modern web.
1969 — James H. Ellis, Clifford Cocks, and Malcolm J. Williamson of Government Communications Headquarters (the British signals intelligence agency) are the first to show how public key cryptography could be achieved.
1976 — The Diffie–Hellman key exchange is originally published, providing one of the earliest examples of a public key exchange implemented within the field of cryptography.
1977 — Ronald Rivest, Adi Shamir, and Len Adleman introduce the RSA algorithm.
1988 — Lotus Notes 1.0 implements the RSA algorithm, becoming the first widely-marketed software package to offer digital signatures.
1992 — The Elliptic Curve Digital Signature Algorithm (ECDSA) is first proposed by Scott Vanstone.
1995 — SSL 2.0 implements the RSA algorithm, becoming a foundational component for web security.
1999 — PDFs first support embedded digital signatures for documents.
2000 — The ESIGN Act is passed, making electronic signatures legally binding in the United States. This opens up use cases for cryptographically-protected digital signatures in a range of economic sectors, including healthcare, real estate, supply chain logistics, and more.
2009 — Bitcoin launches as the world’s first blockchain, deploying ECDSA as the backbone of secure cryptocurrency transactions. This opens up use cases for digital signatures in the financial sector and eventually allows other blockchain protocols to support decentralized finance (DeFi) applications.
Advantages And Disadvantages Of Digital Signature Schemes
Do the advantages of using a digital signature scheme outweigh the disadvantages? Let’s look at three points on each side you should know about before making this assessment.
Cryptographic Security — Digital signatures are generally a highly secure option for sending and receiving information. That’s because they are backed by time-tested cryptographic techniques. Unless there is a known flaw in a specific digital signature scheme, people can trust that digital signatures are valid.
Saving Time and Costs — Just a few decades ago, documents required handwritten signatures. It was common for many businesses to require physical mailing of documents. Today, the process of using digital signatures, along with the emergence of PDFs and email, potentially saves several weeks of time and reduces the costs of business operations. Because digital signatures are legally-binding in the overwhelming majority of jurisdictions around the globe, they have now been adopted in a wide range of industries.
Open Standards — According to Adobe, “Without a standard, providers are required to build their own proprietary interfaces and protocols. Doing so creates a dizzying array of compatibility questions and deployment limitations.” Adobe as well as many other prominent organizations are part of The Cloud Signature Consortium, which helps ensure a common standard for cloud-based digital signatures across industry and academia. Having open standards enables users to enjoy a seamless experience regardless of signature provider, device type, or other factors.
Reliant On Private Key Security — Digital signatures rely upon private keys for authorized accessibility. In other words, if a private key is stolen or lost, the digital signature could be used by another person. If a security breach of a signature provider’s server occurs, it’s possible that the private keys (and hence digital signatures) of millions of users might be compromised. In the case of non-custodial cryptocurrency wallets, the threat is vastly minimized/. Still, each individual user has a responsibility to maintain private key security.
Algorithm Depreciation and Vulnerabilities — Digital signature algorithms inevitably erode over time. Take RSA for example. It’s easy to find plenty of sources, such as this report, which describe its vulnerabilities. RSA might have been the best option among all digital signature schemes in the late 1980s and early 1990s. This is no longer the case a few decades later with the advances in technology leading to discoveries of significant vulnerabilities.
The same principle holds true for ECDSA today. Although it’s still a solid digital signature scheme in 2020, the theoretical problem of quantum attacks makes it increasingly necessary for applications to switch to a quantum-secure digital signature scheme like Dilithium. Essentially, there is a never-ending cycle in which cryptographers need to develop newer, more secure digital signature schemes to replace older ones. To maintain a high level of security, the replacement process should take place well before new technologies capable of breaking a digital signature become available.
Vulnerabilities In Applications — Even the most commonly used digital signature providers don’t always implement perfect code. Vulnerabilities aren’t just theoretical. They can also cause real-world problems if exploits are properly executed. In 2018, researchers from Ruhr-University Bochum in Germany were able to fake signatures on 21 of 22 desktop PDF viewer apps and 5 out of 7 online PDF digital signing services. Thankfully, in this case, signature providers were able to fix the code issues before any end users were affected by any malicious attacks.
Komodo’s Quantum Security Contract
Note: "Antara Framework' has been renamed Komodo Custom Contracts. 'Modules' have been renamed "contracts." Older blog posts or developer documentation might refer to the old terminology.
In 2019, Komodo’s Lead Dev James ‘jl777’ Lee implemented a quantum-secure digital signature algorithm to a UTXO smart contract within Komodo Custom Contracts. The contract is simply called Dilithium, and it is based upon the Dilithium-Crystals quantum secure digital signature scheme first developed by a team of researchers at IBM Zurich. The Dilithium Contract allows anyone to create a quantum-secured blockchain within the Komodo ecosystem.
The Dilithium contract also enables users to create unique, human-readable handles in place of traditional blockchain addresses. To learn more about Dilithium, you can read this introduction or check out the Dilithium tutorial. To learn more about Komodo's technology, the Developer Documentation is the best place to start.
If you'd like to learn more about blockchain technology and keep up with Komodo's progress, subscribe to our newsletter. Begin your blockchain journey with Komodo today.