Cryptographic Concepts - Cryptographic Signatures
2017-10-09 -  7:23
Cryptographic Signatures are an extension of Asymmetric Cryptography and Cryptographic Hashes. A message is hashed so it creates a fixed length output and that hash value is encrypted (signed) with the user's asymmetric private key. Anyone with the user's public key can prove that the message was signed with the correct private key, and because only the user should have their own private key, any signed message can be assumed to have come from that the user.
The use of a cryptographic hash allows the signature to be a set length, no matter the length of the message being signed. The use of an asymmetric private key lets people assume the owner of the private key signed the message.
We already discussed in the Asymmetric Cryptography post about RSA. It turns out you can also encrypt information with the private key that is created as well that can be decrypted by the public key. This means signing can work out of the box with RSA.
Elliptic Curve Digital Signature Algorithm (ECDSA)
Elliptic Curve Cryptography can be used to make cryptographic signatures as well. The benefits of elliptic curves over RSA are that the key sizes are much smaller for the same level of mathematical integrity of message signatures and is much faster to compute. An alternative to the elliptic curves used in ECDSA (which was produced by NIST) was created by Daniel J. Bernstein and is called "ed25519" which is a curve that can be used in EdDSA (Edwards-Curve Digital Signature Algorithm). EdDSA with the ed25519 curve are what I personally use for many of my projects.
A Problem With Modern Cryptographic Signature Algorithms
Just like with other forms of Asymmetric Cryptography, the integrity of cryptographic signatures currently rely heavilies on the fact that as far as we know, factoring large numbers is hard. Quantum computers will make that problem much easier to calculate using Shor's Algorithm.
Post-Quantum Cryptographic Signature Algorithms are currently being worked out to no longer need to rely on multiplication or the factoring of large numbers, but will likely take some time to prove effectiveness for and to be implemented in everyday cryptography.
Using Asymmetric Cryptography and Cryptographic Hashes, a user is able to Mathematically and digitally sign a message. This signature shows that data came from the specific user and provides data integrity, as only the user with the specific private key can sign the message.
In the next post in the Cryptographic Concepts series, we will be going over how random numbers are generated on a computer.
Cryptographic Concepts Series Posts
- Random Number Generators
- Password hashing
- Key Derivation
- In Transit Encryption
- End-to-End Encryption