Digital Signature
4.4 Digital Signature
4.4.1 Sign the Document with Public Key Algorithm
In traditional commercial activities, one usually signs a document to express his agreement with the content of the document, and his willingness to enjoy prescribed rights and assume corresponding responsibilities. Thus the signature should be credible, verifiable, and cannot be counterfeited and reused while the signed document should not be modified or denied. In e-commerce, two parties negotiate and enter into contracts through network. Documents thus formed are mostly in the electronic form. But a problem may arise as to whether we can find a similar way to make both parties sign the electronic documents. To solve this problem, we should first take into consideration the fact that the electronic document is easily copied and reused. Therefore, we must find a new way to sign the electronic document. Now people have found many digital signature algorithms, such as RSA, DSA and discrete logarithmic algorithm, which can solve the above-mentioned problems.
Figure 4.2 RSA digital signature algorithms
4 Security Technologies in E-commerce
In RSA, both public key and private key can be used for encryption, but the effects are different. Encryption with public key and decryption with private key have formed the usual public key encryption system. If encryption is done with Alice’s private key, then decryption can be done only with Alice’s public key. This can be the reliable evidence that Alice has encrypted this message. If a document is encrypted by Alice only when she agrees with its content, a kind of secure digital signature system is thus formed. The procedure of RSA signature is outlined as follows:
(1) Alice encrypts the document with her private key, which means signing the document. (2) Alice sends the signed document to Bob. (3) Bob decrypts the document with Alice’s public key, which is the authentication
of the signature. The signature satisfies the requirements of the user as follows: (1) Verifiable: if the signature is made by Alice, then it can be decrypted with
Alice’s public key.
(2) Credible: if the message can be authenticated with Alice’s public key, it can
be assured that the message is signed by Alice. (3) Non-counterfeited: only Alice knows her private key, and no one else can sign the message with Alice’s private key. (4) Non-reusable: since the signature is the function of the document, the existing signature cannot be transferred to other documents.
(5) Undeniable: if Alice’s public key is known, it can be proved that Alice has signed the document.
The aim of signature is to prove that the signer has the responsibility and obligation related to the document, rather than keep the content of the document secret. Thus two most important insecure elements of digital signature are: first, the signer denies having signed the document. Second, the signature might be counterfeited. If the denier or counterfeiter’s computational power is presumably finite, then the digital signature is secure. However, if his computational power is infinite, then the signature might be successfully denied or counterfeited. To solve such problems, there have been some new methods, which represent a new direction in digital signature research.
4.4.2 Signature with One-way Hash Function and Public Key System
One-way Hash function: if a function ( ) f x satisfies the following two conditions, we call it a one-way function:
(1) There exists a polynomial time algorithm A, such that ( ) Ax fx () y . (2) There is no polynomial time algorithm B, such that ( ) By x . The definition indicates that a one-way function is easy to compute but extremely difficult to compute in an inverse way. If one-way function ( ) f x has
Introduction to E-commerce
fx () 1 and fx () 2 with respect to any of x x and 1 , 2 , () f x and 1 fx () 2 have the same binary digit, we call this function one-way hash function. One-way Hash function is a many-to-one function; it cannot be assured that two documents are the same when the Hash values are the same. If the Hash values are different, however, the probability that the two documents are same is very small. For example, if two documents with 120-digit hash values are different, the probability
that the two hash values are the same is less than 120 2 . Because of this, one-way Hash functions are usually used as the fingerprint of a document or the digest of
the message.
Signature with one-way Hash function and public key algorithm: since the digital signature often requires exponential modular computation, and here modules are all 200- or 300-digit decimal natural numbers, the efficiency of digital signature is very low for its tremendous computation. So the digital signature algorithm and one-way Hash function are usually combined. First we should calculate the function value of the long document with one-way Hash function, and the calculated value is much smaller than the document itself. Then we sign this function value to realize the signing of the original document. The signature procedure is outlined as follows:
(1) Alice generates the one-way Hash value of the document. (2) Alice encrypts the Hash value with her private key. (3) Alice sends the document and the Hash signature to Bob. (4) Bob uses the document sent by Alice to generate the Hash value of the
document, and then uses the public key of Alice to decrypt the Alice’s signature. If the two results match, then the signature is valid.
This method greatly reduces the computational complexity of digital signature.