DIGITAL SIGNATURES

In Protocol 2.5 (p. 21) we saw the twofold use of public-key cryptography (PKC) as a means for

• making messages unintelligible before they are transmitted on an untrusted communication line; and

• ensuring the authenticity of messages, or digital documents in general, by digitally signing them.

Protocol 2.5 exemplifies the dual role of private keys. They may be used to decipher a message that was encrypted with an agent's public key; on the other hand, they may be used to sign messages, and the signature can then be verified with the corresponding public key. Implementations usually employ different PKCs, or at least different parameters, for each of these functional roles of private keys. (See the exercises that follow for possible reasons.) It is beyond the scope of this text to discuss more advanced types of realizable digital signature systems, but we mention them in passing.

Protocol 4.1 (Fail-Stop Digital Signature)

A digital signature system has this property if a signer can prove that a message that was signed with her key, based on a fraudulent attack, is a fake.

Protocol 4.2 (Proxy Digital Signature)

A digital signature system has this property if a signer can give his authority to sign a message to someone else without revealing his secret signature key.

Protocol 4.3 (Designated-Confirmer Digital Signatures)

These are protocols that allow a signer to designate a confirmer, possibly herself, whose cooperation is necessary for the verification of digital signatures. This prevents the exact copying of digital signatures.