Digital signatures

• Also introduced by Diffie and Hellman in 1976.

• Given a secret key w, the corresponding public key y, and a message M, generate a number S such that

  • S is easy to compute if you know w and M
  • S is computationally infeasible to compute if you don’t know w
  • S is easy to “check” if you know M and y, that is, a certain equation involving M and S and y must hold

• So to “sign” a message M, compute S using your secret key. Anyone can check S by using your public key.

• If the message was tampered with, the signature won’t check. [integrity]

• No one else could have produced S, since producing S requires knowing your secret key. [authentication and non-repudiation]

Previous slide

Next slide

Back to first slide

View graphic version