# Digital Signature from Blockchain context

--

A

digital signatureis a mathematical scheme for presenting the authenticity of digital messages or documents. A valid digital signature gives a recipient reason to believe that the message was created by a claimed sender (authentication), that the sender cannot deny having sent the message (non-repudiation), and that the message was not altered in transit (integrity).

Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature, but ** not all electronic signatures use digital signatures**. Digital signatures employ asymmetric cryptography. Asymmetric cryptography, also known as public key cryptography (PKI), uses public and private keys to encrypt and decrypt data. The keys are simply large numbers that have been paired together but are not identical (asymmetric). One key in the pair can be shared with everyone; it is called the

**. The other key in the pair is kept secret; it is called the**

*public key***. Either of the keys can be used to encrypt a message; the opposite key from the one used to encrypt the message is used for decryption.In many instances they provide a layer of validation and security to messages sent through a non-secure channel. Digital signatures are equivalent to traditional handwritten signatures in many respects, but properly implemented digital signatures are more difficult to forge than the handwritten type.**

*private key*Let’s dive into this concept from blockchain perspective with the help of an example:

Public key cryptography is a cryptographic system where you have ** 2 keys — public key (Pu) and a private key(Pr)**. You give out your public key to the entire world and keep the private key to yourself. e.g. Your Ethereum address is a public key and your private key is stored either in your browser / mobile / hardware wallet. Consider public key like an bank account number, for someone to send you money (Ether), they just need to know your public (account) address. However, only you can access the funds in your account because you are the only one who knows your private key, say similar to your bank account password.

Public key cryptography has algorithms that let you encrypt, decrypt, sign and verify messages using your pair of keys. Let’s explore how these steps flows with an example

**Signing the message with private key:**To create a digital signature, signing software (such as an email program) creates a one-way hash of the electronic data to be signed. The private key is then used to encrypt the hash. The encrypted hash — along with other information, such as the hashing algorithm — is the digital signature. The reason for encrypting the hash instead of the entire message or document is that a hash function can convert an arbitrary input into a fixed length value, which is usually much shorter. This saves time since hashing is much faster than signing.**Verifying the message with public key:**This would involve two steps, generate hash of the message and signature decryption. By using the signer’s public key, the hash could be de-crypted. If this de-crypted hash matches a second computed hash of the same data, it proves that the data hasn’t changed since it was signed. If the two hashes don’t match, the data has either been tampered with in some way (integrity) or the signature was created with a private key that doesn’t correspond to the public key presented by the signer (authentication)

*(To develop basic understanding of how digital signatures work in cryptography, it is highly recommended to learn more in detail — **Cryptography** &** Digital Signatures**.)*

**Practical Applications:**

- Digital Signatures are used in software programs, such as browsers, which need to establish a secure connection over an insecure network like the internet. Users and systems need to be certain that a public key is authentic, that it belongs to the person or entity claimed and that it has not been tampered with or replaced by a malicious third party.
- The United States Government Printing Office (GPO) publishes electronic versions of the budget, public and private laws, and congressional bills with digital signatures.
- Digital Signatures can reduce the time to close the contracts that require many parties to validate and sign them. E.g. Mortgage Contracts require number of parties to validate the contract & sign it at different stages of mortgage life cycle.
*Parties involved — Buyer, Lender, Seller, Attorneys, Real Estate Agents, Title Representatives, Closing Agents*

With the immutable nature of blockchain, the contract validity can be trusted at any point in time, so that all these parties can sign these contracts at their convenience (no need to be present at the same time) - Digital Signatures can be used for B2B communications & transactions, that can validate the source & can be sent to only intended party without any middlemen

**Some Digital Signature algorithms**

· RSA-based signature schemes, such as RSA-PSS

· DSA and its elliptic curve variant ECDSA

· Edwards-curve Digital Signature Algorithm and its Ed25519 variant.

· ElGamal signature scheme as the predecessor to DSA, and variants Schnorr signature and Pointcheval–Stern signature algorithm

· Pairing-based schemes such as BLS

· Signatures with efficient protocols — are signature schemes that facilitate efficient cryptographic protocols such as zero-knowledge proofs or secure computation.

**Additional security precautions:**

- Putting the private key on a smart card
- Using smart card readers with a separate keyboard
- Using digital signatures only with trusted applications
- Using a network attached hardware security module
- Digital signatures can also be applied in offline mode

**References:**

https://en.wikipedia.org/wiki/Digital_signature

https://searchsecurity.techtarget.com/definition/asymmetric-cryptography