Digital Signatures

A digital signature is a cryptographic mechanism that provides authentication, integrity, and non-repudiation for digital documents, messages, and transactions. It is the digital equivalent of a handwritten signature — but far more secure and verifiable.

---

What Digital Signatures Provide

Property	Description
Authentication	Confirms the identity of the signer
Integrity	Proves the message has not been altered since signing
Non-repudiation	The signer cannot deny having signed the document

Note: Digital signatures do not provide confidentiality — the message itself is not encrypted. Use encryption separately if confidentiality is required.

---

How Digital Signatures Work

Signing Process

1. Hash the message:       digest = SHA-256(message)
2. Sign the hash:          signature = Encrypt(digest, signer's PRIVATE key)
3. Send:                   message + signature + signer's certificate

Verification Process

1. Hash the received message:   digest₁ = SHA-256(received message)
2. Decrypt the signature:       digest₂ = Decrypt(signature, signer's PUBLIC key)
3. Compare:                     if digest₁ == digest₂ → signature is VALID
                                if digest₁ != digest₂ → signature is INVALID

Signer                                Verifier
  │                                      │
  │  1. Hash message ──▶ digest          │
  │  2. Encrypt digest with private key  │
  │     ──▶ signature                    │
  │                                      │
  │  ──── message + signature ────▶      │
  │                                      │
  │                    1. Hash message ──▶ digest₁
  │                    2. Decrypt signature with public key ──▶ digest₂
  │                    3. Compare digest₁ and digest₂

---

Digital Signature Algorithms

RSA Signatures

• Based on the RSA algorithm (factorisation problem)
• Signs the hash of the message using the private key
• PKCS#1 v1.5 — legacy padding scheme (still widely used)
• RSA-PSS (Probabilistic Signature Scheme) — recommended; includes randomness for stronger security

RSA Key Size	Security Level
2048 bits	112-bit security (minimum recommended)
3072 bits	128-bit security
4096 bits	~152-bit security

ECDSA (Elliptic Curve Digital Signature Algorithm)

• Based on elliptic curve cryptography
• Significantly smaller signatures and keys than RSA

ECDSA Key Size	Equivalent RSA Key Size	Signature Size
256 bits	3072 bits	~64 bytes
384 bits	7680 bits	~96 bytes

• Used in TLS, Bitcoin (secp256k1), and many modern protocols
• Requires high-quality randomness — a weak random nonce can leak the private key (this vulnerability caused the PlayStation 3 signing key to be recovered in 2010)

EdDSA (Edwards-curve Digital Signature Algorithm)

• A modern signature scheme using twisted Edwards curves
• Ed25519 (based on Curve25519) is the most popular variant

Property	Value
Key size	256 bits
Signature size	64 bytes
Deterministic	Yes — no random nonce needed, eliminating a class of implementation vulnerabilities
Speed	Very fast signature generation and verification
Usage	SSH keys, Signal Protocol, Tor, WireGuard

EdDSA/Ed25519 is considered the best choice for new implementations due to its speed, small size, and resistance to implementation errors.

Comparison of Signature Algorithms