9 Digital signatures
This chapter covers
- Using asymmetric cryptography for message authenticity
- Understanding practical uses of digital signatures
- Understanding forgery attacks on digital signatures
- Exploiting ECDSA signatures with reused nonces
- Exploiting the PKCS #1 v1.5 padding scheme using Bleichenbacher’s \(e=3\) signature forgery attack
Digital signatures are proofs of authenticity of a message that are hard to forge but easy to verify. The counterfeiting features built into modern paper currencies are a great real-world analogy for these properties. Such features (color-shifting ink, micro-printing, 3D ribbons, watermarks, security threads, and so on) are prohibitively hard (or expensive) for bad people to replicate but are easy for interested parties to check to prove the authenticity of the bills (or messages) they’re on.
9.1 Message authenticity using symmetric and asymmetric secrets
We started our exploration of cryptography by discussing the basic properties it broadly aims to achieve: confidentiality, integrity, and authenticity. Table 9.1 shows symmetric and asymmetric approaches for satisfying these properties. Digital signatures allow proving that a message is authentic: that is, it indeed came from who it’s claiming to be from.
Table 9.1 Security properties of cryptographic algorithms
| Confidentiality | Integrity | Authenticity | |
| Symmetric | Stream / Block ciphers | Hashing | Message authentication codes |
| Asymmetric | Integer factorization / Discrete logarithms | Digital signatures |