• Digital Signature
https://store.theartofservice.com/the-digital-signature-toolkit.html
Electronic business Digital signatures
1
A final way to secure information online would
be to use a digital signature. If a document
has a digital signature on it, no one else is
able to edit the information without being
detected. That way if it is edited, it may be
adjusted for reliability after the fact. In order
to use a digital signature, one must use a
combination of cryptography and a message
digest. A message digest is used to give the
document a unique value. That value is then
encrypted with the sender's private key.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature
1
Digital signatures are commonly used
for software distribution, financial
transactions, and in other cases where
it is important to detect forgery or
tampering.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Explanation
Digital signatures are often used to
implement electronic signatures, a broader
term that refers to any electronic data that
carries the intent of a signature, but not all
electronic signatures use digital
signatures. In some countries, including
the United States, India, and members of
the European Union, electronic signatures
have legal significance.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Explanation
1
Digital signatures can also provide nonrepudiation, meaning that the signer
cannot successfully claim they did not sign
a message, while also claiming their
private key remains secret; further, some
non-repudiation schemes offer a time
stamp for the digital signature, so that
even if the private key is exposed, the
signature is valid
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Definition
1
Public-key cryptography
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Definition
1
A digital signature scheme
typically consists of three
algorithms:
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Definition
1
A key generation algorithm that selects
a private key uniformly at random from
a set of possible private keys. The
algorithm outputs the private key and a
corresponding public key.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Definition
1
A signing algorithm that, given a message and a
private key, produces a signature.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Definition
1
A signature verifying algorithm that, given
a message, public key and a signature,
either accepts or rejects the message's
claim to authenticity.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Definition
1
Two main properties are required. First,
a signature generated from a fixed
message and fixed private key should
verify the authenticity of that message
by using the corresponding public key.
Secondly, it should be computationally
infeasible to generate a valid signature
for a party without knowing that party's
private key.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - History
The first widely marketed software
package to offer digital signature was
Lotus Notes 1.0, released in 1989, which
used the RSA algorithm.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - History
1
Other digital signature schemes were soon
developed after RSA, the earliest being
Lamport signatures, Merkle signatures
(also known as "Merkle trees" or simply
"Hash trees"), and Rabin signatures.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - History
1
In 1988, Shafi Goldwasser, Silvio Micali,
and Ronald Rivest became the first to
rigorously define the security requirements
of digital signature schemes. They
described a hierarchy of attack models for
signature schemes, and also present the
GMR signature scheme, the first that can
be proven to prevent even an existential
forgery against a chosen message attack.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - How they work
1
To create RSA signature keys, generate
an RSA key pair containing a modulus N
that is the product of two large primes,
along with integers e and d such that e d ≡
1 (mod φ(N)), where φ is the Euler phifunction. The signer's public key consists
of N and e, and the signer's secret key
contains d.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - How they work
To sign a message m, the signer
computes σ ≡ md (mod N). To verify, the
receiver checks that σe ≡ m (mod N).
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - How they work
Because of this correspondence,
digital signatures are often described
as based on public-key
cryptosystems, where signing is
equivalent to decryption and
verification is equivalent to
encryption, but this is not the only way
digital signatures are computed.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - How they work
1
Used directly, this type of signature scheme is
vulnerable to a key-only existential forgery attack
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - How they work
1
There are several reasons to sign such a hash
(or message digest) instead of the whole
document.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - How they work
1
For efficiency: The signature will be much
shorter and thus save time since hashing
is generally much faster than signing in
practice.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - How they work
1
For compatibility: Messages are typically
bit strings, but some signature schemes
operate on other domains (such as, in the
case of RSA, numbers modulo a
composite number N). A hash function can
be used to convert an arbitrary input into
the proper format.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - How they work
For integrity: Without the hash
function, the text "to be signed" may
have to be split (separated) in blocks
small enough for the signature scheme
to act on them directly. However, the
receiver of the signed blocks is not
able to recognize if all the blocks are
present and in the appropriate order.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notions of security
1
In their foundational paper, Goldwasser,
Micali, and Rivest lay out a hierarchy of
attack models against digital signatures:
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notions of security
1
In a key-only attack, the attacker is only given
the public verification key.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notions of security
In a known message attack, the
attacker is given valid signatures for a
variety of messages known by the
attacker but not chosen by the
attacker.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notions of security
1
In an adaptive chosen message attack,
the attacker first learns signatures on
arbitrary messages of the attacker's
choice.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notions of security
1
They also describe a
hierarchy of attack
results:
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notions of security
1
A total break results
in the recovery of the
signing key.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notions of security
1
A universal forgery attack results in the ability
to forge signatures for any message.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notions of security
1
A selective forgery attack results in a signature on a
message of the adversary's choice.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notions of security
1
An existential forgery merely results in
some valid message/signature pair not
already known to the adversary.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notions of security
The strongest notion of security,
therefore, is security against
existential forgery under an adaptive
chosen message attack.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Uses of digital signatures
1
Universities including Penn State,
University of Chicago, and Stanford
are publishing electronic student
transcripts with digital signatures.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Uses of digital signatures
1
Below are some common reasons for applying a
digital signature to communications:
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Authentication
1
When ownership of a digital signature
secret key is bound to a specific user, a
valid signature shows that the message
was sent by that user
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Integrity
In many scenarios, the sender and
receiver of a message may have a need
for confidence that the message has not
been altered during transmission
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Non-repudiation
1
Non-repudiation, or more specifically
non-repudiation of origin, is an
important aspect of digital signatures.
By this property, an entity that has
signed some information cannot at a
later time deny having signed it.
Similarly, access to the public key only
does not enable a fraudulent party to
fake a valid signature.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Non-repudiation
Note that these
authentication, nonrepudiation etc
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Putting the private key on a smart card
1
All public key / private key cryptosystems
depend entirely on keeping the private key
secret. A private key can be stored on a
user's computer, and protected by a local
password, but this has two disadvantages:
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Putting the private key on a smart card
1
the user can only sign
documents on that
particular computer
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Putting the private key on a smart card
1
the security of the private key depends entirely
on the security of the computer
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Putting the private key on a smart card
1
If the smart card is stolen, the thief will still need the
PIN code to generate a digital signature
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Using smart card readers with a separate keyboard
1
Entering a PIN code to activate the smart card
commonly requires a numeric keypad
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Other smart card designs
1
Smart card design is an active field, and
there are smart card schemes which are
intended to avoid these particular
problems, though so far with little security
proofs.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Using digital signatures only with trusted applications
1
One of the main differences between a
digital signature and a written signature
is that the user does not "see" what he
signs
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Using digital signatures only with trusted applications
To protect against this scenario, an
authentication system can be set up
between the user's application (word
processor, email client, etc.) and the
signing application. The general idea is to
provide some means for both the user
application and signing application to
verify each other's integrity. For example,
the signing application may require all
requests to come from digitally signed
binaries.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - WYSIWYS
1
WYSIWYS is a necessary requirement for
the validity of digital signatures, but this
requirement is difficult to guarantee
because of the increasing complexity of
modern computer systems.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Digital signatures vs. ink on paper signatures
1
An ink signature could be replicated
from one document to another by
copying the image manually or
digitally, but to have credible
signature copies that can resist some
scrutiny is a significant manual or
technical skill, and to produce ink
signature copies that resist
professional scrutiny is very difficult.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Digital signatures vs. ink on paper signatures
Digital signatures can be applied to an
entire document, such that the digital
signature on the last page will indicate
tampering if any data on any of the pages
have been altered, but this can also be
achieved by signing with ink and
numbering all pages of the contract.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Digital signatures vs. ink on paper signatures
1
Additionally, most digital certificates
provided by certificate authorities to
end users to sign documents can be
obtained by at most gaining access to
a victim's email inbox.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Some digital signature algorithms
1
ElGamal signature scheme as the
predecessor to DSA, and variants
Schnorr signature and Pointcheval–
Stern signature algorithm
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Some digital signature algorithms
Aggregate signature - a signature
scheme that supports aggregation:
Given n signatures on n messages
from n users, it is possible to
aggregate all these signatures into a
single signature whose size is
constant in the number of users. This
single signature will convince the
verifier that the n users did indeed
sign the n original messages.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Some digital signature algorithms
1
Signatures with efficient protocols - are
signature schemes that facilitate efficient
cryptographic protocols such as zeroknowledge proofs or secure computation.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - The current state of use – legal and practical
1
Digital signature schemes share basic
prerequisites that – regardless of
cryptographic theory or legal provision –
they need to have, meaning:
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - The current state of use – legal and practical
1
Some public-key algorithms are known to
be insecure, practical attacks against them
having been discovered.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - The current state of use – legal and practical
Quality
implementations
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - The current state of use – legal and practical
1
If the private key becomes known to
any other party, that party can
produce perfect digital signatures of
anything whatsoever.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - The current state of use – legal and practical
1
The public key
owner must be
verifiable
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - The current state of use – legal and practical
A public key
associated with Bob
actually came from
Bob
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - The current state of use – legal and practical
Users (and their
software) must carry
out the signature
protocol properly.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - The current state of use – legal and practical
1
Only if all of these conditions are met
will a digital signature actually be any
evidence of who sent the message, and
therefore of their assent to its contents.
Legal enactment cannot change this
reality of the existing engineering
possibilities, though some such have
not reflected this actuality.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - The current state of use – legal and practical
Adoption of technical standards for
digital signatures have lagged behind
much of the legislation, delaying a
more or less unified engineering
position on interoperability, algorithm
choice, key lengths, and so on what the
engineering is attempting to provide.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - The current state of use – legal and practical
1
See also: ABA digital
signature guidelines
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Industry standards
Some industries have established
common interoperability standards for the
use of digital signatures between
members of the industry and with
regulators. These include the Automotive
Network Exchange for the automobile
industry and the SAFE-BioPharma
Association for the healthcare industry.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Using separate key pairs for signing and encryption
1
In several countries, a digital signature has
a status somewhat like that of a traditional
pen and paper signature, like in the EU
digital signature legislation
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notes
1
US ESIGN Act of 2000
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notes
1
National Archives of
Australia
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notes
^ a b "Signature Schemes and
Applications to Cryptographic Protocol
Design", Anna Lysyanskaya, PhD thesis,
MIT, 2002.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notes
1
Rivest, R.; A. Shamir; L. Adleman (1978).
"A Method for Obtaining Digital Signatures
and Public-Key Cryptosystems".
Communications of the ACM 21 (2): 120–
126. doi:10.1145/359340.359342.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notes
1
For example any integer r "signs" m=re
and the product s1s2 of any two valid
signatures s1, s2 of m1, m2 is a valid
signature of the product m1m2.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notes
1
"Constructing digital signatures from
a one-way function.", Leslie Lamport,
Technical Report CSL-98, SRI
International, Oct. 1979.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notes
"A certified digital signature", Ralph
Merkle, In Gilles Brassard, ed., Advances
in Cryptology – CRYPTO '89, vol. 435 of
Lecture Notes in Computer Science, pp.
218–238, Spring Verlag, 1990.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notes
1
"Digitalized signatures as intractable as
factorization." Michael O. Rabin, Technical
Report MIT/LCS/TR-212, MIT Laboratory
for Computer Science, Jan. 1979
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notes
^ a b c d "A digital signature scheme
secure against adaptive chosen-message
attacks.", Shafi Goldwasser, Silvio Micali,
and Ronald Rivest. SIAM Journal on
Computing, 17(2):281–308, Apr. 1988.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Notes
1
A. Jøsang, D. Povey and A. Ho. "What
You See is Not Always What You Sign".
Proceedings of the Australian Unix User
Group Symposium (AUUG2002),
Melbourne, September 2002. PDF
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Further reading
J. Katz and Y. Lindell, "Introduction to Modern
Cryptography" (Chapman & Hall/CRC Press, 2007)
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Further reading
1
Stephen Mason, Electronic Signatures in Law (3rd
edition, Cambridge University Press, 2012)
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Further reading
Lorna Brazell, Electronic Signatures
and Identities Law and Regulation (2nd
edn, London: Sweet & Maxwell, 2008);
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Further reading
1
Dennis Campbell, editor, E-Commerce and the
Law of Digital Signatures (Oceana
Publications, 2005).
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Further reading
M. H. M Schellenkens, Electronic
Signatures Authentication Technology
from a Legal Perspective, (TMC Asser
Press, 2004).
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature - Further reading
Jeremiah S. Buckley, John P. Kromer,
Margo H. K. Tank, and R. David Whitaker,
The Law of Electronic Signatures (3rd
Edition, West Publishing, 2010).
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Security token - Digital signature
Trusted as a regular hand-written
signature, the digital signature must be
made with a private key known only to the
person authorized to make the signature.
Tokens that allow secure on-board
generation and storage of private keys
enable secure digital signatures, and can
also be used for user authentication, as
the private key also serves as a proof for
the user’s identity.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Security token - Digital signature
1
For tokens to identify the user, all tokens
must have some kind of number that is
unique. Not all approaches fully qualify as
digital signatures according to some
national laws. Tokens with no on-board
keyboard or another user interface cannot
be used in some signing scenarios, such
as confirming a bank transaction based on
the bank account number that the funds
are to be transferred to.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Pretty Good Privacy - Digital signatures
1
To do so, PGP computes a hash (also
called a message digest) from the
plaintext and then creates the digital
signature from that hash using the
sender's private key.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital Signature Services
1
'Digital Signature Services' (DSS) is an OASIS
(organization)|OASIS standard.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital Signature Services
1
The Digital Signature Services (DSS)
specifications describe two XMLbased request/response protocols – a
signing protocol and a verifying
protocol
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signing - Applications of digital signatures
1
Universities including Penn State,
University of Chicago, and Stanford
are publishing electronic student
transcripts with digital signatures.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signing - Using digital signatures only with trusted applications
1
One of the main differences between a
digital signature and a written signature
is that the user does not see what he
signs
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signing - Some digital signature algorithms
1
*RSA (algorithm)|RSAbased signature
schemes, such as
RSA-PSS
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signing - Some digital signature algorithms
1
*Digital Signature Algorithm|DSA and its
elliptic curve cryptography|elliptic curve
variant Elliptic Curve DSA|ECDSA
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signing - Some digital signature algorithms
1
*ElGamal signature scheme as the
predecessor to DSA, and variants
Schnorr signature and Pointcheval–
Stern signature algorithm
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signing - Some digital signature algorithms
1
*Rabin signature algorithm
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signing - Some digital signature algorithms
*Pairing-based
schemes such as BLS
(cryptography)|BLS
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signing - Some digital signature algorithms
*Aggregate signature - a signature
scheme that supports aggregation: Given
n signatures on n messages from n users,
it is possible to aggregate all these
signatures into a single signature whose
size is constant in the number of users.
This single signature will convince the
verifier that the n users did indeed sign the
n original messages.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signing - Some digital signature algorithms
1
*Signatures with efficient protocols - are
signature schemes that facilitate efficient
cryptographic protocols such as zeroknowledge proofs or secure computation.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Adobe LiveCycle - LiveCycle Digital Signatures ES4
1
LiveCycle Digital Signatures automates
electronic signature workflows for
assurances of authenticity, integrity, and
non-repudiation. Organizations can use
this component to sign documents in
bulk, such as university transcripts,
government documents such as annual
budgets, grants, or tax returns. This
component will also validate previously
signed documents in bulk. The digital
signature capabilities are based on the
functionality available in Adobe Acrobat
and Adobe Reader on the desktop.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Cryptography standards - Digital signature standards
1
* Digital Signature Standard (DSS), based on the
Digital Signature Algorithm (DSA)
https://store.theartofservice.com/the-digital-signature-toolkit.html
List of important publications in cryptography - A Method for Obtaining Digital Signatures
and Public Key Cryptosystems
1
Description: The RSA (algorithm)|RSA
encryption method. The first public-key
encryption method.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital Signature Algorithm
1
It was proposed by the National Institute of
Standards and Technology (NIST) in
August 1991 for use in their 'Digital
Signature Standard' ('DSS') and adopted
as FIPS 186 in
1993.[http://www.itl.nist.gov/fipspubs/fip18
6.htm FIPS PUB 186]: Digital Signature
Standard (DSS), 1994-05-19 Four
revisions to the initial specification have
been released: FIPS 186-1 in
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital Signature Algorithm
1
DSA is covered by , filed July 26,
1991 and attributed to David W
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital Signature Algorithm - Key generation
1
Key generation has two phases. The first
phase is a choice of algorithm parameters
which may be shared between different
users of the system, while the second
phase computes public and private keys
for a single user.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital Signature Algorithm - Parameter generation
1
* Choose an approved cryptographic
hash function H. In the original DSS, H
was always SHA-1, but the stronger
SHA-2 hash functions are approved for
use in the current
DSS.[http://csrc.nist.gov/publications
/fips/fips180-4/fips-180-4.pdf FIPS
PUB 180-4]: Secure Hash Standard
(SHS), March 2012 The hash output
may be truncated to the size of a key
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital Signature Algorithm - Parameter generation
1
* Decide on a key
length L and N
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital Signature Algorithm - Parameter generation
1
* Choose an N-bit prime q. N must be less than or
equal to the hash output length.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital Signature Algorithm - Parameter generation
1
* Choose an L-bit prime modulus p
such that p–1 is a multiple of q.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital Signature Algorithm - Parameter generation
* Choose g, a number whose
multiplicative order modulo p is q. This
may be done by setting g = h(p–1)/q
mod p for some arbitrary h (1 lt; h lt;
p−1), and trying again with a different h
if the result comes out as 1. Most
choices of h will lead to a usable g;
commonly h=2 is used.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital Signature Algorithm - Parameter generation
1
The algorithm parameters (p, q, g) may be
shared between different users of the system.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital Signature Algorithm - Per-user keys
1
Given a set of parameters, the second phase
computes private and public keys for a single
user:
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital Signature Algorithm - Per-user keys
There exist efficient algorithms for
computing the modular
exponentiations h(p–1)/q mod p and gx
mod p, such as exponentiation by
squaring.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital Signature Algorithm - Signing
1
Let H be the hashing
function and m the
message:
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital Signature Algorithm - Signing
1
* Generate a random per-message value k
where 0 1 and q is prime, g must have orderq.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital Signature Algorithm - Sensitivity
1
With DSA, the entropy, secrecy, and uniqueness of
the random signature value k is critical
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital Signature Algorithm - Sensitivity
In December 2010, a group calling
itself fail0verflow announced recovery
of the ECDSA private key used by Sony
to sign software for the PlayStation 3
game console. The attack was made
possible because Sony failed to
generate a new random k for each
signature.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital Signature Algorithm - Sensitivity
This issue can be prevented by
deriving k deterministically from the
private key and the message hash, as
described by RFC 6979. This ensures
that k is different for each H(m) and
unpredictable for attackers who do not
know x.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Collision attack - Digital signatures
1
Because digital signature algorithms
cannot sign a large amount of data
efficiently, most implementations use a
hash function to reduce (compress) the
amount of data that needs to be signed
down to a constant size. Digital
signature schemes are often vulnerable
to hash collisions, unless using
techniques like randomized
hashing.Shai Halevi and Hugo
https://store.theartofservice.com/the-digital-signature-toolkit.html
Collision attack - Digital signatures
1
Note that all public key certificates, like
Transport Layer Security|SSL
certificates, also rely on the security of
digital signatures and are compromised
by hash collisions.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Collision attack - Digital signatures
1
The usual attack scenario
goes like this:
https://store.theartofservice.com/the-digital-signature-toolkit.html
Collision attack - Digital signatures
1
# Mallory creates two different documents A
and B, that have an identical hash value
(collision).
https://store.theartofservice.com/the-digital-signature-toolkit.html
Collision attack - Digital signatures
1
# Mallory then 'sends document A to Alice',
who agrees to what the document says,
signs its hash and sends it back to Mallory.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Collision attack - Digital signatures
# Mallory copies the
signature sent by Alice from
document A to document B.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Collision attack - Digital signatures
1
# Then she 'sends document B to Bob',
claiming that Alice signed the different
document. Because the digital signature
matches the document hash, Bob's
software is unable to detect the
modification.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature in Estonia
Digital signature allows users to
electronically perform the actions for which
they previously had to give a signature on
paper. Estonia's digital signature system is
the foundation for some of its most popular
e-services including registering a company
online, e-banks, the i-voting system and
electronic tax filing – essentially any
services that require signatures to prove
their validity.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature in Estonia - History and usage
1
The first digital signature was given in
2002. A number of freeware programs
were released to end users and system
integrators. All of the components of
the software processed the same
document format – the DigiDoc
format.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature in Estonia - History and usage
1
As of October 2013, over 130 million digital
signatures have been given in Estonia.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature in Estonia - History and usage
In September 2013 the European
Commissioner for Digital Agenda Neelie
Kroes gave her first digital signature with
an Estonian test ID-card issued to her as a
present.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature in Estonia - Legislation
1
Pursuant to the Act it is also necessary to
distinguish between valid and void digital
signatures, any signatures given with a
void or suspended Digital
certificate|certificate are null and void.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature in Estonia - Legislation
1
All Estonian authorities are obliged
to accept digitally signed
documents.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature in Estonia - Prerequisites
Users can create digitally signed
documents with their Estonian ID card|IDcard or Mobile-ID using either the
DigiDoc3 program that is installed into the
computer along with the ID-card software,
in the signing section of the State Portal
www.eesti.ee or in the DigiDoc Portal.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature in Estonia - Prerequisites
1
Digital signature support can be added to all
the applications and programs where it is
required.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature in Estonia - International context
The Estonian digital signatures
corresponds to the European Union
Directive on Electronic Signatures
(1999/93/EC Community Framework for
Electronic Signatures) with the strictest
requirements (advanced electronic
signature, secure-signature-creation
device, qualified certificate, certificationservice-provider issuing qualified
certificates).
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature in Estonia - Certificates
1
Upon the issuance of ID-cards or mobile
ID-s, every user receives two certificates:
one for authentication, the other for digital
signing. The certificate may be compared
to the specimen signature of a person – it
is public and it can be used by anyone to
examine whether the signature given by
the person is authentic. The certificate
also holds the personal data, name and
personal identification code.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signature in Estonia - Certificates
All certificates are different and
correspond to the private keys of
specific persons. The certificate can
be used to examine digital signatures
– if the certificate and the signature
match mathematically (all the
necessary calculations are performed
by the computer on behalf of the user),
it can be claimed that the signature
has been given by the person named
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law
1
Worldwide, legislation concerning the effect
and validity of digital signatures includes:
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Bermuda
*
[http://www.laws.gov.bm/NXT/gateway.dll/L
aws%20of%20Bermuda%20%20PDF/annual%20laws/1999/acts%20of
%20parliament/electronic%20transactions
%20act%201999.pdf Electronic
Transactions Act 1999]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Bermuda
*
[http://www.laws.gov.bm/NXT/gateway.dll/L
aws%20of%20Bermuda%20%20PDF/consolidated%20laws/certificatio
n%20service%20providers%20(relevant%
20criteria%20and%20security%20guidelin
es)%20regulations%202002.pdf
Certification Service Providers (Relevant
Criteria and Security Guidelines)
Regulations 2002]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Brazil
1
*[https://www.planalto.gov.br/ccivil_03/MP
V/Antigas_2001/2200-2.htm Medida
provisória 2.200-2 (Portuguese)] Brazilian law states that any digital
document is valid for the law if it is certified
by 'ICP-Brasil' (the official Brazilian PKI) or
if it is certified by other PKI and the
concerned parties agree as to the validity
of the document.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Canada
Federal [http://lawslois.justice.gc.ca/eng/regulations/SOR200530/?showtoc=instrumentnumber=SOR2005-30 secure electronic signature
regulations] make it clear that a secure
electronic signature is a digital
signature created and verified in a
specific manner
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - China
1
*[http://www.cin.gov.cn/law/other/2005040
803.htm Electronic Signature Law of the
People's Republic of China (Chinese)] The stated purposes include standardizing
the conduct of electronic signatures,
confirming the legal validity of electronic
signatures and safeguarding the legal
interests of parties involved in such
matters.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Colombia
*
[http://www.alcaldiabogota.gov.co/sisju
r/normas/Norma1.jsp?i=4276 LEY 527
DE 1999 (agosto 18) por medio de la
cual se define y reglamenta el acceso y
uso de los mensajes de datos, del
comercio electrónico y de las firmas
digitales, y se establecen las entidades
de certificación y se dictan otras
disposiciones.]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Colombia
*
[http://www.alcaldiabogota.gov.co/sisjur/no
rmas/Norma1.jsp?i=50583 DECRETO
2364 DE 2012 (Noviembre 22) por medio
del cual se reglamenta el artículo 7° de la
Ley 527 de 1999, sobre la firma
electrónica y se dictan otras
disposiciones.]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
1
* European Union Directive establishing the
framework for electronic signatures:
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
**
[http://europa.eu/legislation_summaries/inf
ormation_society/l24118_en.htm Directive
1999/93/EC of the European Parliament
and of the Council] of 13 December 1999
on a Community framework for electronic
signatures. This Directive will be repealed
1 July 2016 and superseded by a
[http://www.europarl.europa.eu/oeil/popup
s/ficheprocedure.do?lang=enreference=20
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
** [http://eurlex.europa.eu/LexUriServ/LexUriServ.d
o?uri=OJ:L:2003:175:0045:0046:EN:PD
F Commission Decision 2003/511/EC]
adopting three CEN Workshop
Agreements as technical standards
presumed to be in accordance with the
Directive
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
1
* Implementing laws: Several countries have already
implemented the Directive 1999/93/EC.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
*** [http://www.asit.at/signatur/rechtsrahmen/SigG_incl_Novel
le2000.pdf Signature Law, 2000]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
***
[http://mineco.fgov.be/information_society/
e-signatures/law_e_signature_002.pdf
Signature Law, 2001]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
***
[http://www.micr.cz/scripts/detail.php?id=1542
Act on Electronic Signatures, 227/2000]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
***
[https://www.retsinformation.dk/Forms/R0710.as
px?id=6193 Lov om elektroniske signaturer]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
***
[http://www.legislation.gov.uk/ukpga/2000/7/
contents Electronic Communications Act, 2000]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
***
[http://www.legislation.gov.uk/uksi/2002
/318/contents The Electronic
Signatures Regulations 2002]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
1
*** [https://www.riigiteataja.ee/ert/act.jsp?id=694375
Digital Signature Law, 2000] (in Estonian).
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
***
[http://www.legaltext.ee/et/andmebaas/par
aframe.asp?loc=textlk=etsk=endok=X3008
1K4.htmquery=digitaalallkirjatyyp=Xptyyp=
RTpg=1fr=no Digital Signatures Act
(consolidated text Dec 2003)]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
***
[http://www.finlex.fi/fi/laki/ajantasa/2003/20
030014 Laki sähköisistä allekirjoituksista,
2003] (in Finnish)
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
***
[http://www.legifrance.gouv.fr/content/dow
nload/1950/13681/version/3/file/Code_22.
pdf Article 1316 of the Civil Code, 13
March 2000] (pdf, English)
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
***
[http://www.legifrance.gouv.fr/affichCode.d
o?cidTexte=LEGITEXT000006070721date
Texte=20060406 Civil Code] (French)
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
***
[http://bundesrecht.juris.de/sigg_2001/inde
x.html German Signature Law of 2001,
changed in 2005]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
***
[http://www.ekt.gr/content/img/product/149
11/pd150_2001.pdf Presidential Decree
150/2001] (in Greek)
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
1
*** [http://www.nhh.hu/dokumentum.php?cid=25054
Hungarian Act on Electronic Signatures 2001]
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
1
** Ireland, Republic of
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
1
*** [https://www.post.trust.ie/reposit/ecommerce.html
Irish Electronic Commerce Act, 2000]
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
***
[http://www.vvc.gov.lv/export/sites/default/
docs/LRTA/Likumi/Electronic_Documents_
Law.doc Electronic Documents Law, 2002]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
*** [http://likumi.lv/doc.php?id=68521
Electronic Documents Law, 2002 (in Latvian)]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
***
[http://www3.lrs.lt/pls/inter2/dokpaieska
.showdoc_l?p_id=204802 Law on
electronic signature, 2002]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
***
[http://www.legilux.public.lu/leg/tex
tescoordonnes/recueils/COMMERCE
_ELECTRONIQUE/SIGNATURE_ELEC
TRONIQUE.pdf Loi du 14 août 2000
relative au commerce électronique,
2000] (in French)
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
***
[http://docs.justice.gov.mt/lom/legis
lation/english/leg/vol_13/chapt426.p
df Maltese Electronic Commerce Act
2001, last amended 2005]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
1
*** [http://www.lovdata.no/all/hl-20010615081.html Electronic Signature Act, 2001] (in
Norwegian).
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
1
***[http://www.mg.gov.pl/NR/rdonlyres/9C5
34966-8336-49C9-80870F4A64F14D66/18224/act_on_eSignature
.pdf act_on_eSignature.pdf]
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
1
***[http://ec.europa.eu/enterprise/sectors/ic
t/files/portugal_en.pdf portugal_en.pdf]
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
1
*** [http://www.legi-internet.ro/lgsemel.htm
Legea semnăturii electronice, 455/2001]
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
*** [http://www.legiinternet.ro/en/e-sign.htm Law on the
Electronic Signature, 455/2001]
(unofficial translation)
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
***
[http://www.zbierka.sk/zz/predpisy/defa
ult.aspx?PredpisID=16414FileName=02z215Rocnik=2002 Act no.215/2002 on
electronic signature (in Slovak)]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
***
[http://www2.gov.si/zak/Zak_vel.nsf/
4c1d8c547755fffac1256616002dd5e1/c1
2563a400338836c12568fd00505349?Op
enDocument Electronic Business and
Electronic Signature Act (in Slovene)] .
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
1
***[http://www.riksdagen.se/webbnav/in
dex.aspx?nid=3911bet=2000:832
Qualified Electronic Signatures Act
(SFS 2000:832) (in Swedish)].
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - European Union and the European Economic Area
1
***[http://www.pts.se/upload/Documents/S
E/Qualified%20Electronic%20Signatures%
20Act%20_SFS%202000_832_English%2
0translation.pdf SFS 2000:832 in English
translation]
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Guatemala
1
*[http://200.12.63.122/archivos/decre
tos/2008/gtdcx47-2008.pdf Ley para el
Reconocimiento de las
Comunicaciones y Firmas
Electrónicas] (in Spanish)
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Japan
1
*[http://www.meti.go.jp/policy/netsecurity/di
gitalsign-law.htm Law Concerning
Electronic Signatures and Certification
Services, 2000 (in Japanese)]
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Korea
1
*[http://www.moleg.go.kr/FileDownload.
mo?flSeq=31063 Digital Signature Act
in english (PDF), 1999-2008]
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Korea
1
*[http://www.law.go.kr/lsInfoP.do?lsiSeq=102472#00
00 Digital Signature Act in Korean]
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Malaysia
*
[http://www.mcmc.gov.my/the_law/Akta%2
0562/ak0562.htm Digital Signature Act
(Act 562), 1997] (in Bahasa Malaysia).
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Malaysia
*
[http://www.mcmc.gov.my/the_law/Act%20
562/a0562.htm Digital Signature Act (Act
562), 1997] (in English).
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Malaysia
*
[http://www.mcmc.gov.my/the_law/View
Law.asp?cc=51171691lg=bltrid=2lrid=62
588 Digital Signature Regulations
(P.U.(A) 359), 1998] (in Bahasa
Malaysia).
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Malaysia
*
[http://www.mcmc.gov.my/the_law/ViewLa
w.asp?cc=73602487lg=eltrid=2lrid=62588
Digital Signature Regulations (P.U.(A)
359), 1998] (in English).
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Moldova
*
[http://lex.justice.md/viewdoc.php?acti
on=viewview=docid=313061lang=1
Lege cu privire la documentul
electronic şi semnătura digitală, July
15, 2004] (in Romanian)
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Moldova
*
[http://lex.justice.md/index.php?action=vie
wview=doclang=2id=313061 Law about
Electronic Document and Digital
Signature] (in Russian)
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - New Zealand
1
*[http://www.legislation.govt.nz/act/public/2
002/0035/latest/DLM154836.html
Electronic Transactions Act 2002, sections
22-24]
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - New Zealand
1
- Commercial Law, paras 8A.7.1-8A.7.4.
(these sources are available on the
[http://www.lexisnexis.com/nz/legal
LexisNexis] subscription-only website)
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Russian Federation
1
*[http://www.rg.ru/oficial/doc/feder
al_zak/1-fz.shtm Federal Law of
Russian Federation about Electronic
Digital Signature (10.01.2002)]
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - South Africa
1
*[http://www.internet.org.za/ect_act.htm
l Electronic Communications and
Transactions Act, 2002]
([http://www.doc.gov.za/documentspublications/acts.html?download=33:el
ectronic-communications-andtransactions-act-2002 PDF])
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Switzerland
1
*[http://www.admin.ch/ch/f/rs/c943_03.html
Federal Law on Certification Services
Concerning the Electronic Signature,
2003]
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - United Nations Commission on International Trade Law
1
*[http://www.uncitral.org/uncitral/e
n/uncitral_texts/electronic_commerc
e/2001Model_signatures.html
UNCITRAL Model Law on Electronic
Signatures (2001), a strong influence
in the field.]
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - United States
*Uniform Electronic
Transactions Act (UETA)
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - United States
*Electronic Signatures in Global and
National Commerce Act (E-SIGN), at
[http://www4.law.cornell.edu/uscode/15/70
01.html 15 U.S.C. 7001] et seq. The law
permits the use of electronic signatures in
many situations, and preempts many state
laws that would otherwise limit the use of
electronic signatures.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Uruguay
1
Uruguay laws include both,
electronic and digital
signatures:
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Uruguay
*
[http://www0.parlamento.gub.uy/leyes/Acc
esoTextoLey.asp?Ley=16736Anchor=#art
695 Concerning passwords or adequate
information technology gestures]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Uruguay
*
[http://www0.parlamento.gub.uy/ley
es/AccesoTextoLey.asp?Ley=17243An
chor=#art25 Concerning electronic
and digital signature and PKI]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Turkey
Turkey has an
[http://www.kamusm.gov.tr/tr/Bilgideposu/
Mevzuat/kanun.jsp Electronic Signature
Law]
[http://www.tbmm.gov.tr/kanunlar/k5070.ht
ml TBMM.gov.tr] since 2004. This law is
stated in European Union Directive
1999/93/EC. Turkey has a
[http://www.kamusm.gov.tr/ Government
Certificate Authority - Kamu SM] for all
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Turkey
* Kamu Sertifikasyon Merkezi
(Governmental Certificate Authority)
[http://www.kamusm.gov.tr/
Kamusm.gov.tr]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Turkey
* E-Güven (owned by Turkish Informatics
Foundation) [http://www.e-guven.com/ E-guven.com]
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Turkey
1
* Turktrust (owned by Turkish Military Force
Solidarity Foundation)
[http://www.turktrust.com.tr
Turktrust.com.tr]
http://web.archive.org/web/20131207201246
/http://www.honline.com/security/news/item/Fatal-errorleads-TURKTRUST-to-issue-dangerous-SSLcertificates1777291.htmlhttps://www.entrust.com/turktr
ust-unauthorized-cacertificates/http://www.techworld.com.au/a
rticle/445612/rogue_google_ssl_certificate_u
sed_dishonest_purposes_turktrust_says/http:
//turktrust.com.tr/en/kamuoyu-aciklamasihttps://store.theartofservice.com/the-digital-signature-toolkit.html
en.html
Digital signatures and law - Legal cases
1
Court decisions discussing the effect and
validity of digital signatures or digital
signature-related legislation:
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Legal cases
*In re Piranha, Inc., 2003 WL 21468504
(N.D. Tex) (Uniform Electronic
Transactions Act|UETA does not preclude
a person from contesting that he executed,
adopted, or authorized an electronic
signature that is purportedly his).
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Legal cases
1
*Cloud Corp. v. Hasbro, 314 F.3d 289
(7th Cir., 2002)
[http://www.emlf.org/Resources/clou
d.pdf EMLF.org] (Electronic
Signatures in Global and National
Commerce Act|E-SIGN does not apply
retroactively to contracts formed
before it took effect in 2000.
Nevertheless, the statute of frauds was
satisfied by the text of E-mail plus an
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Legal cases
*Sea-Land Service, Inc. v. Lozen
International, 285 F.3d 808 (9th Cir., 2002)
[http://www.admiraltylawguide.com/circt/9t
hsealandlozen.pdf Admiraltylawguide.com]
(Internal corporate E-mail with signature
block, forwarded to a third party by
another employee, was admissible over
hearsay objection as a party-admission,
where the statement was apparently within
the scope of the author's and forwarder's
employment.)
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Further reading
1
* [https://www.tractis.com/countries Digital
signatures legislation across the world].
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Further reading
1
For books in English on
electronic signatures,
see:
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Further reading
1
* Stephen Mason, Electronic Signatures in Law
(Cambridge University Press, third edition, 2012);
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Further reading
* Dennis Campbell, editor, ECommerce and the Law of Digital
Signatures (Oceana Publications,
2005);
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Further reading
1
* Lorna Brazell, Electronic Signatures Law and
Regulation, (Sweet Maxwell, 2004);
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Further reading
* M. H. M Schellenkens, Electronic
Signatures Authentication Technology from
a Legal Perspective, (TMC Asser Press,
2004).
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Further reading
1
* Srivastava Aashish, Electronic
Signatures for B2B Contracts:
Evidence from Australia (Springer,
2013)
https://store.theartofservice.com/the-digital-signature-toolkit.html
Digital signatures and law - Further reading
1
For translations of electronic signature
cases from Europe, Brazil, China and
Colombia into English, see the Digital
Evidence and Electronic Signature Law
Review (open source)
http://journals.sas.ac.uk/deeslr
https://store.theartofservice.com/the-digital-signature-toolkit.html
ABA digital signature guidelines
1
The document was the first overview of
principles and a framework for the use of
digital signatures and authentication in
electronic commerce from a legal
viewpoint, including technologies such as
certificate authority|certificate authorities
and public key infrastructure (PKI)
https://store.theartofservice.com/the-digital-signature-toolkit.html
ABA digital signature guidelines
1
The Digital Signature Guidelines were
followed by the Public Key
Infrastructure Assessment Guidelines
published by the ABA in 2003.
https://store.theartofservice.com/the-digital-signature-toolkit.html
ABA digital signature guidelines
1
A similar effort was undertaken in Slovenia
by the Digital Signature Working Group
(within the Chamber of Commerce and
Industry of Slovenia (CCIS)).
https://store.theartofservice.com/the-digital-signature-toolkit.html
Birthday attack - Digital signature susceptibility
1
Digital signatures can
be susceptible to a
birthday attack
https://store.theartofservice.com/the-digital-signature-toolkit.html
Birthday attack - Digital signature susceptibility
1
In a similar manner, Mallory also creates a huge
number of variations on the fraudulent contract
m'
https://store.theartofservice.com/the-digital-signature-toolkit.html
Birthday attack - Digital signature susceptibility
The probabilities differ slightly from the
original birthday problem, as Mallory gains
nothing by finding two fair or two
fraudulent contracts with the same hash.
Mallory's strategy is to generate pairs of
one fair and one fraudulent contract. The
birthday problem equations apply where n
is the number of pairs. The number of
hashes Mallory actually generates is 2n.
1
https://store.theartofservice.com/the-digital-signature-toolkit.html
Birthday attack - Digital signature susceptibility
1
To avoid this attack, the output length
of the hash function used for a
signature scheme can be chosen large
enough so that the birthday attack
becomes computationally infeasible,
i.e. about twice as many bits as are
needed to prevent an ordinary bruteforce attack.
https://store.theartofservice.com/the-digital-signature-toolkit.html
Birthday attack - Digital signature susceptibility
1
Pollard's rho algorithm for logarithms
is an example for an algorithm using a
birthday attack for the computation of
discrete logarithms.
https://store.theartofservice.com/the-digital-signature-toolkit.html
For More Information, Visit:
• https://store.theartofservice.co
m/the-digital-signaturetoolkit.html
The Art of Service
https://store.theartofservice.com
© Copyright 2026 Paperzz