Digital Signatures and MACs
Week 7: 2025-03-11
CH2.4 Digital Signatures and Verification using Public
Keys
Digital Signatures: Tags (Bit Strings) that are computed using a public-key
algorithm and accompany the message. Similar to a real life signature. Each tag is
a mathematical function of a message (its exact bitstring) and a unique per sender
private key. Most commonly used for authentication services. There are three
properties for a digital signature:
1. Data origin authentication: Assurance of who originated (signed) a
message or file.
2. Data integrity: Assurance that received content is the same as that
originally signed.
3. Non-repudiation: Ensures that the sender cannot deny having signed a
message, which is a benefit over a Message Authentication Code (MAC).
Public Key Signature Steps:
1. The message is sent to the signing algorithm, which uses a signing key (a
verification key is also generated).
2. A tag (bit string) is produced.
3. The message and tag are sent to the recipient.
4. The recipient inputs the message and tag into the verification algorithm.
Conditions must be met:
1. The message and digital signature must arrive without tampering.
2. The recipient must retrieve the correct verification key.
Digital Signatures and MACs
1
Replay Attacks: Even if a message is valid, someone could resend an old signed
message as if it were new.
Key Differences From Encryption: In encryption, the sender encrypts using the
recipient's public key, and the recipient decrypts using their private key.
In digital signatures, this is reversed:
The sender signs using their private key.
The recipient verifies using the sender’s public key.
CH2.6 Message Authentication (Data Origin
Authentication)
Message Authentication: Ensures data integrity (no alterations) and data origin
authentication (who sent it). Achieved using a Message Authentication Code
(MAC), a special tag sent along with the message
MAC Steps:
1. Alice sends a message m along with its MAC tag t to Bob.
2. Bob, who shares the secret key, verifies the MAC.
3. If the MAC is valid, message is authentic and unaltered.
Limitations of MAC:
Since the key is shared, both Alice and Bob could have created the MAC.
No non-repudiation: Alice can falsely deny sending the message, and a third
party cannot prove otherwise.
Digital Signatures and MACs
2
0
