Security of Digital Signatures

334.

The extent of security provided by a digital signature depends on the nature of the exercise undertaken to prove access to or control of a private key. Signing a message with a private key produces an output such that the Verify algorithm can be run to ensure that this message was signed by the person with the private key. The message must be a new one, since otherwise the recipient could simply copy a signed message and later hold it out as proof of ownership of the underlying private key (a process known as a “replay attack”). It is for this reason that a user must be asked to sign a new message. This explanation is significant for the topic of the Sartre message.

335.

As with any validation process, there are certain steps in the digital signature process which require trust and verification, so that a party can be as sure as possible that what is being demonstrated is what it purports to be. If a user controls the software performing the signature verification or the software contains a bug, then the signature can appear to be verified when it is not truly verified. Trust in the software that is being used is therefore important. In a section of her report agreed by Mr Gao, Prof Meiklejohn set out several requirements which must be fulfilled to establish possession of a private key:

335.1.

Unique message – The message to be signed must not have been signed before for that public key.

335.2.

Method of and result of verification – The verification algorithm must be run using the public key, the new message and the signature given by the user.

335.3.

Semi-manual verification – Verification is rarely if ever performed on paper due to the size of the numbers involved. If instead it is done using software on a computing device, then the verifier must trust that the computing device is accurately performing each step.

335.4.

Software integrity – Usually, the verifier runs the verification algorithm using an existing piece of software. Here, the person must trust that the correct algorithm is being run, that it is using the correct inputs and that the software is secure and has not been altered. This would include that it has been downloaded properly and not over an unsecure connection.

335.5.

Software and hardware integrity of the computing device – It is also necessary that the verifier trusts the hardware, operating system and software on any computing device (i.e. not limited to the verification software itself).