Lecture 12 - Digital Signatures

Definition of digital signatures. Recall that we had the following picture: Private Key Public Key Secrecy Private Key Encryption Public key Encryption Integrity Message Authentication Codes (MAC) ?? Digital signatures complete this picture by giving a public key analog of message authentication codes. Digital signatures were suggested by Diffie and Hellman in their seminal paper, but unlike the case of public key encryption schemes (where they had a key exchange protocol that could be made into a probabilistic encryption scheme) they did not have a reasonable candidate for such signatures until the RSA system was invented a year later by Rivest, Shamir and Adelman. However, even the RSA system was quickly seen not to have sufficient security and only later Goldwasser, Micali and Rivest gave what is now considered to be the “right” definition for digital signatures, and also a factoring-based construction meeting this definition. This definition is called existential forgery under chosen-message attack but we’ll simply call it secure signature schemes.