What is a Digital Signature and How Does it Work?

Introduction

A digital signature is a cryptographic tool employed in fields such as cybersecurity, e-commerce, and software distribution. They provide a method for verifying the origin and integrity of digital messages or documents.

However, Blockchain technology popularized the use of digital signatures as an integral part of its decentralized and transaction verification process. This article closely examines how digital signature works, various algorithms used by blockchains, and their applications in the Web3 space.

Understanding Digital Signatures

Source: CoinGeek

A digital signature is a cryptographic technique used to verify the authenticity and integrity of digital messages, documents, or transactions. Digital signatures are considered more secure than electronic signatures.

Traditionally, signatures ensure agreements are legally binding, validate the identities of the involved parties, and have definite acceptance of the terms of the contract. Digital signatures go a step further to solve the problem of alteration and forgery, which makes it a more secure form of signature.

Features of Digital Signature

The main features of a digital signature are:

• Authentication: A Digital Signature proves that the message was sent by the claimed sender by verifying the message with the sender’s public keys.
• Non-repudiation: Digital Signatures use the public keys of the sender to decrypt the signature, if successful, the sender cannot deny sending the message.
• Integrity: The ability to verify the hash value/digest proves that the data was not altered in transit.

Asymmetric Cryptography

Source: WikiBooks

Asymmetric cryptography is a method of encrypting and decrypting data with two different keys, thus making one of the keys, (that’s the public key) openly shared with anyone. The other key, known as the private key, is a confidential and securely stored key known only to the signer. The data encrypted with one can only be decrypted with the other.

In cryptography, a key is often a string of numbers and letters, used for scrambling data so that it appears random. However, anyone with the right key for decrypting the data can unscramble it back to its original form.

For example, suppose we take an image and encrypt it with a key; let’s say the key is 28j932d8kd8. Encrypted with this key, our image is seen as “X5CSycg14=xJ”. However, by decrypting it with the right key, we can get our image back.

Key Terms You Need to Understand

Hashing

Hashing is the process of converting data (texts, files), an input of variable size into an output of fixed-length of letters and numbers, by using hash functions. It is a one-way process, where hash values cannot be reverted to the original input, but the same piece of input will always generate the same hash value.

Source: CyberHoot

In the image above, a piece of text (a riddle) passes through a hash function (SHA-256) and is converted to a hash (a fixed length of numbers and letters).

What are Hash Functions?

An algorithm that processes the data to be signed, producing a fixed-size hash value. The hash function ensures that the signature remains a fixed length, regardless of the size of the original data.

Hash Value

The final output of the hash function is the hash value, also known as digest, which is unique to each input. The size of the hash value ranges from 32-bit to 256-bit, depending on the hash function used. Hash values are only required for a single use in processes such as data authentication or the creation of digital signatures. Therefore, a digital signature is unique per transaction.

How do Digital Signatures Work?

To execute a digital signature, you would need the following:

1. A Key Pair: The key pair consists of a public/private key pair. The private key is used to create a signature, and the corresponding public key is used to verify the signature.

2. The Data to be Signed: The content or message that you want to sign. This could be a document, a transaction, or any digital data.

3. Hash Function: A hash function is applied to the data to create a fixed-size hash value. This hash value is then encrypted with the private key to generate the digital signature.

4. Digital Signature Algorithm: An algorithm that combines the private key with the data to be signed, typically involving a hash function. This algorithm generates the digital signature.

5. Verification Mechanism: Anyone who wants to verify the digital signature needs access to the public key and the same digital signature algorithm. The public key is used to decrypt the digital signature and reveal the hash value, which is then compared with the hash value calculated from the original data.

How Do They Combine to Make it Work?

Source: CamCert — The sender signs (encrypts) the hash value with their private key, and the receiver verifies the authenticity of the message by comparing hash values

Step 1: Create a digest/hash value by passing the original data through a hash function

Step 2: Sign the digest with the private key of the sender to create an encryption.

Step 3: Send the encrypted file to the recipient, who can decrypt it using the public key of the sender to generate a digest.

Step 4: Following decryption, run the data through the same hash function to generate an equivalent digest.

Step 5: Validate data integrity by comparing the newly generated hash with the hash value received alongside the data. A match confirms the integrity of the data.

Let’s use this illustration of a transfer of a document between Mark the sender and Karen the recipient.

1. Signing and Sending: Mark initiates the process by sending a document. The document is passed through a hash algorithm, creating a digest/hash value. This digest is then encrypted with Mark’s private key, finalizing the digital signature; a combination of the document and his private key.
2. Receiving and Verifying: Karen, the recipient, employs Mark’s public key to decrypt the digital signature, obtaining the original digest. Independently, Karen applies the same hash algorithm to the received document, generating another digest.
3. Karen compares the two digests: one from the decrypted signature and one independently generated. If they match, Karen is assured of the document’s integrity and Mark’s authenticity as the sender.

Signature Algorithms Used in Blockchains

The choice of Digital Signature algorithms depends on factors such as security requirements, key size, and performance considerations. Each algorithm has its strengths and weaknesses, and its usage may evolve based on advancements in cryptography and emerging security challenges.

This section discusses the most commonly used digital signature algorithms in blockchain technology.

1. ECDSA (Elliptic Curve Digital Signature Algorithm): This uses shorter keys and demands fewer computational resources and utilizes “elliptic curve cryptography keys” which are finite groups of points on a curve where certain operations are easily executed in one direction but challenging in the reverse direction. For security, ECDSA relies on the discrete log problem. It is the most popular signature algorithm used in blockchain technology.

2. EdDSA (Edwards-curve Digital Signature Algorithm): This is a modern and efficient digital signature algorithm based on elliptic curve cryptography. It was introduced to address certain concerns and improve performance compared to other signature schemes like ECDSA. The algorithm is designed to provide strong security with relatively small key sizes, making it well-suited for various applications, including blockchain technology e.g. Cardano, and Solana.

3. The Schnorr Algorithm: A Schnorr signature is a type of digital signature algorithm that enables aggregation, that’s. multiple signatures on the same message can be bundled into one signature. This signature is not only more space-efficient but also facilitates a more efficient verification process.
   It proves effective in scenarios involving multiple parties signing a common message, like authorizing a transaction from a multi-signature (multisig) address. In such cases, each participant must provide their public key and signature. Consequently, if three parties intend to sign the same message, the proof will encompass three public keys and three signatures. This appears to be inefficient in computation and storage since each node is required to execute the signature verification function three times and store three distinct sets of signatures and public keys.
   The Schnorr algorithm simply produces a signature that is valid for the sum of their public keys. Key aggregation can reduce gas fees and improve base-layer scalability as signatures coming from a multi-signature transaction take up the same amount of space in a block as signatures coming from a single-party transaction.

4. The BLS Signature: The BLS (Boneh-Lynn-Shacham) cryptographic algorithm is based on bilinear pairings over elliptic curve groups. It was introduced by Dan Boneh, Ben Lynn, and Hovav Shacham in 2001. The primary focus of BLS cryptography is on efficient and secure signature schemes that support unique properties like aggregation. Additionally, the BLS Signature is used on Ethereum 2.0 and Chia.

Blockchains, their Hashing Algorithm, and Signature Algorithm

1. Bitcoin (BTC):
   Hashing Algorithm: SHA-256
   Digital Signature Algorithm: ECDSA, Schnoor (TapRoot Soft Fork)

2. Ethereum (ETH):
   Hashing Algorithm: Keccak
   Digital Signature Algorithm: ECDSA

3. Litecoin (LTC):
   Hashing Algorithm: Scrypt
   Digital Signature Algorithm: ECDSA

4. Ripple (XRP):
   Hashing Algorithm: SHA-256
   Digital Signature Algorithm: ECDSA

5. Cardano (ADA):
   Hashing Algorithm: Keccak
   Digital Signature Algorithm: EdDSA (Edwards-curve Digital Signature Algorithm)

6. Polkadot (DOT):
   Hashing Algorithm: Blake2
   Digital Signature Algorithm: EdDSA

7. Tezos (XTZ):
   Hashing Algorithm:Blake2b
   Digital Signature Algorithm: EdDSA

8. BNB Chain (BNB):
   Hashing Algorithm: Keccak (used for BEP-2 tokens)
   Digital Signature Algorithm: ECDSA

How Bitcoin Uses Digital Signature

Bitcoin utilizes the Elliptic Curve Digital Signature Algorithm (ECDSA) to generate a unique signature for each transaction. However, with recent advancements, the Schnorr algorithm has been introduced through the TapRoot soft fork. This algorithm, known for its efficiency in terms of storage efficiency and verification speed, can enhance Bitcoin’s scalability by up to 30%, with its transaction aggregation feature.

)

Source: TimesofIndia — Only signed transactions can be propagated and validated by the network nodes

The basic mechanism of Bitcoin transactions involves a series of steps which includes the use of digital signature.

Here’s an overview:

1. The sender decides to make a bitcoin transaction, This could involve sending bitcoins to another user or multiple users.
2. The sender creates a transaction message containing key details, such as the recipient’s wallet address, the amount of BTC being sent, any associated fees, and the origin of the bitcoin (unspent transaction outputs or UTXOs) being used as inputs for the transaction.
3. The sender signs the transaction message with their private key using the Elliptic Curve Digital Signature Algorithm (ECDSA). This digital signature provides proof that the transaction has been authorized by the rightful owner of the sending address.
4. The transaction message is hashed using the SHA-256 (Secure Hash Algorithm 256-bit) and then further hashed using RIPEMD-160 (RACE Integrity Primitives Evaluation Message Digest 160-bit). This process generates a fixed-length hash, commonly known as the transaction ID or hash.
5. The signed transaction is broadcasted to the Bitcoin network, where it becomes visible to all nodes (computers participating in the Bitcoin network). Nodes in the network, including miners, verify the validity of the transaction. This verification includes checking the digital signature to ensure that it matches the sender’s public key and that the inputs (UTXOs) used in the transaction are unspent and valid.
6. Valid transactions are collected by miners, who compete to solve a complex mathematical problem (proof-of-work). The first miner to solve the problem adds a block containing the verified transactions to the blockchain.
7. The newly added block is broadcast to the network, and other nodes verify the proof-of-work and the validity of the transactions within the block. Once a consensus is reached, the block is considered confirmed, and the transaction is permanently recorded in the blockchain.
8. The recipient’s wallet balance is updated to reflect the received bitcoins, and the sender’s wallet balance is adjusted to account for the spent UTXOs.

Applications of Digital Signatures in Web3

Now that we understand the workings and importance of signatures. Let’s highlight the practical applications of digital signatures in securing transactions, authenticating identities, and ensuring the integrity of data in the Web3 ecosystem.

Transaction Authentication

Take, for instance, Alice wants to transfer Ethereum to Bob. She signs the transaction with her private key, generating a digital signature. The Ethereum network verifies the signature using Alice’s public key, ensuring the transaction is authorized by her. This is also applicable to the transfer of ownership of an NFT, as it is recorded on the blockchain with a signed transaction, ensuring the legitimacy of the ownership change.

Smart Contracts Execution

Smart contracts are built to interact with the signatures and can execute transactions upon verification. For example, in a decentralized lending platform, a user initiates a loan request. The request triggers a smart contract execution. The user signs the transaction with their private key, and the smart contract verifies the signature to execute the loan agreement.

Decentralized Identity and Authentication

A user logs into a decentralized application (dApp) using their blockchain identity, e.g. Ethereum address. The dApp requests a signed message from the user (private key), serving as proof of ownership. The digital signature authenticates the user’s identity.

This can also be an easy way to onboard new Web3 users, as they don’t need to create an account and store yet another password, users can hide their identity and don’t have to necessarily reveal private details like their email address.

Data Integrity and Non-Repudiation of NFTs

An artist signs a digital art file with their private key before minting it as an NFT. The digital signature ensures the integrity of the artwork, and the artist cannot later deny authorship.

Voting Systems

In a decentralized voting platform, voters cast their ballots by signing their choices with their private keys. The digital signatures authenticate the votes and ensure each voter can verify their contribution. This application is seen in governance voting and consensus protocol voting.

Cross-Chain Interoperability

A user transfers a token from one blockchain to another using a bridge protocol. The user signs a transaction on the source chain, and the destination chain verifies the signature, allowing the cross-chain transfer.

Challenges and Future Trends

The Challenge of Quantum Attacks

Digital signatures remain one of the foolproof ways of authentication on the blockchain. However, the development of large-scale quantum computers will pose a threat to the security of blockchains, because cryptographic algorithms can be swiftly deciphered by quantum computers.

Quantum computers can process tasks at incredible speeds, accomplishing in seconds what would take traditional computers hours, bad actors can use a quantum computer to lead quantum attacks that could compromise a whole blockchain.

Nevertheless, they can be prevented by post-quantum signatures, which are already in development, although they would take up a larger storage space on the blockchain.

Conclusion

Digital Signatures verify the authenticity and integrity of data, based on the principles of asymmetric cryptography and hashing. It works by using the sender’s private key to authenticate the hashed form of the data, and the receiver verifying with the sender’s public key. The most commonly used cryptographic algorithms by blockchains are the ECDSA, EdDSA, Schnoor, and BLS signatures.

Additionally, the use of digital signatures is mostly applicable in transaction authentication, smart contract execution, governance voting, cross-chain transfers, and data integrity of NFTs.