**If you are interested to learn about the security standards**

A digital signature—a type of electronic signature—is **a mathematical algorithm routinely used to validate the authenticity and integrity of a message** (e.g., an email, a credit card transaction, or a digital document). A digital signature is a mathematical technique which validates the authenticity and integrity of a message, software or digital documents. It allows us to verify the author name, date and time of signatures, and authenticate the message contents. The digital signature offers far more inherent security and intended to solve the problem of tampering and impersonation (Intentionally copy another person’s characteristics) in digital communications.

The computer-based business information authentication interrelates both technology and the law. It also calls for cooperation between the people of different professional backgrounds and areas of expertise. The digital signatures are different from other electronic signatures not only in terms of process and result, but also it makes digital signatures more serviceable for legal purposes. Some electronic signatures that legally recognizable as signatures may not be secure as digital signatures and may lead to uncertainty and disputes.

## Application of Digital Signature

The important reason to implement digital signature to communication is:

- Authentication
- Non-repudiation
- Integrity

## Authentication

Authentication is a process which verifies the identity of a user who wants to access the system. In the digital signature, authentication helps to authenticate the sources of messages.

## Non-repudiation

Non-repudiation means assurance of something that cannot be denied. It ensures that someone to a contract or communication cannot later deny the authenticity of their signature on a document or in a file or the sending of a message that they originated.

## Integrity

Integrity ensures that the message is real, accurate and safeguards from unauthorized user modification during the transmission.

## Algorithms in Digital Signature

A digital signature consists of three algorithms:

**1. Key generation algorithm**

The key generation algorithm selects private key randomly from a set of possible private keys. This algorithm provides the private key and its corresponding public key.

**2. Signing algorithm**

A signing algorithm produces a signature for the document.

**3. Signature verifying algorithm**

A signature verifying algorithm either accepts or rejects the document’s authenticity.

## How digital signatures work

Digital signatures are created and verified by using public key cryptography, also known as asymmetric cryptography. By the use of a public key algorithm, such as RSA, one can generate two keys that are mathematically linked- one is a private key, and another is a public key.

The user who is creating the digital signature uses their own private key to encrypt the signature-related document. There is only one way to decrypt that document is with the use of signer’s public key. This technology requires all the parties to trust that the individual who creates the signature has been able to keep their private key secret. If someone has access the signer’s private key, there is a possibility that they could create fraudulent signatures in the name of the private key holder. The steps which are followed in creating a digital signature are:

- Select a file to be digitally signed.
- The hash value of the message or file content is calculated. This message or file content is encrypted by using a private key of a sender to form the digital signature.
- Now, the original message or file content along with the digital signature is transmitted.
- The receiver decrypts the digital signature by using a public key of a sender.
- The receiver now has the message or file content and can compute it.
- Comparing these computed message or file content with the original computed message. The comparison needs to be the same for ensuring integrity.

## Types of Digital Signature

Different document processing platform supports different types of digital signature. They are described below:

## Certified Signatures

The certified digital signature documents display a unique blue ribbon across the top of the document. The certified signature contains the name of the document signer and the certificate issuer which indicate the authorship and authenticity of the document.

## Approval Signatures

The approval digital signatures on a document can be used in the organization’s business workflow. They help to optimize the organization’s approval procedure. The procedure involves capturing approvals made by us and other individuals and embedding them within the PDF document. The approval signatures to include details such as an image of our physical signature, location, date, and official seal.

## Visible Digital Signature

The visible digital signature allows a user to sign a single document digitally. This signature appears on a document in the same way as signatures are signed on a physical document.

## Invisible Digital Signature

The invisible digital signatures carry a visual indication of a blue ribbon within a document in the taskbar. We can use invisible digital signatures when we do not have or do not want to display our signature but need to provide the authenticity of the document, its integrity, and its origin.

## Method[edit]

One digital signature scheme (of many) is based on RSA. To create signature keys, generate an RSA key pair containing a modulus, *N*, that is the product of two random secret distinct large primes, along with integers, *e* and *d*, such that *e* *d* ≡ 1 (mod *φ*(*N*)), where *φ* is Euler’s totient function. The signer’s public key consists of *N* and *e*, and the signer’s secret key contains *d*. To sign a message, *m*, the signer computes a signature, *σ*, such that *σ* ≡ *m*^{d} (mod *N*). To verify, the receiver checks that *σ*^{e} ≡ *m* (mod *N*).

Several early signature schemes were of a similar type: they involve the use of a trapdoor permutation, such as the RSA function, or in the case of the Rabin signature scheme, computing square modulo composite, *N*. A trapdoor permutation family is a family of permutations, specified by a parameter, that is easy to compute in the forward direction, but is difficult to compute in the reverse direction without already knowing the private key (“trapdoor”). Trapdoor permutations can be used for digital signature schemes, where computing the reverse direction with the secret key is required for signing, and computing the forward direction is used to verify signatures.

Used directly, this type of signature scheme is vulnerable to key-only existential forgery attack. To create a forgery, the attacker picks a random signature σ and uses the verification procedure to determine the message, *m*, corresponding to that signature. In practice, however, this type of signature is not used directly, but rather, the message to be signed is first hashed to produce a short digest, that is then padded to larger width comparable to *N*, then signed with the reverse trapdoor function. This forgery attack, then, only produces the padded hash function output that corresponds to σ, but not a message that leads to that value, which does not lead to an attack. In the random oracle model, hash-then-sign (an idealized version of that practice where hash and padding combined have close to *N* possible outputs), this form of signature is existentially unforgeable, even against a chosen-plaintext attack.^{[clarification needed]}

There are several reasons to sign such a hash (or message digest) instead of the whole document.For efficiencyThe signature will be much shorter and thus save time since hashing is generally much faster than signing in practice.For compatibilityMessages are typically bit strings, but some signature schemes operate on other domains (such as, in the case of RSA, numbers modulo a composite number *N*). A hash function can be used to convert an arbitrary input into the proper format.For integrityWithout the hash function, the text “to be signed” may have to be split (separated) in blocks small enough for the signature scheme to act on them directly. However, the receiver of the signed blocks is not able to recognize if all the blocks are present and in the appropriate order.

## Notions of security[edit]

In their foundational paper, Goldwasser, Micali, and Rivest lay out a hierarchy of attack models against digital signatures:

- In a
*key-only*attack, the attacker is only given the public verification key. - In a
*known message*attack, the attacker is given valid signatures for a variety of messages known by the attacker but not chosen by the attacker. - In an
*adaptive chosen message*attack, the attacker first learns signatures on arbitrary messages of the attacker’s choice.

They also describe a hierarchy of attack results:

- A
*total break*results in the recovery of the signing key. - A universal forgery attack results in the ability to forge signatures for any message.
- A selective forgery attack results in a signature on a message of the adversary’s choice.
- An existential forgery merely results in some valid message/signature pair not already known to the adversary.

The strongest notion of security, therefore, is security against existential forgery under an adaptive chosen message attack.