First
I recently researched encryption and digital signatures because I needed them in my work.
In the process, I came across some things that I was confused about, and what’s more, there are articles on the internet where they are also misunderstanding.
Therefore, I would like to summarize it here.
That is as the title suggests, ‘Digital signature is not a measure to prevent spoofing.’
What is digital signature
Before explaining the details, let’s review what a digital signature is.
- Alice creates a private key and public key
- Alice creates a signature from the private key and the message
- Alice sends message, signature, and public key to Bob
- Bob verifies the signature using the public key
Details of misunderstanding
Common misunderstanding is like below:
- Verification with the public key shows that the signature was definitely created by Alice.
- If the signature was created by someone other than Alice, verification should fail.
That is, digital signature can detect spoofing.
What is wrong?
The details to be verified at 4 are as follows.
- The signature was created using the message in Bob’s hands and the private key paired with the public key.
This guarantees the following facts:
- The person who created the message and the person who signed it are the same person
- The message content has not changed since it was signed.
Isn’t 1 anti-spoofing measure? Did you think so? You can understand it is not when you read carefully.
The signature was certainly created by the person who created the message. However, it is unclear whether it was created by the person expected.
What the above says is
“The message created by Alice has not been modified by a malicious third party, Mallory”.
On the other hand, if Mallory acts like below, the verification will succeed.
- Signs the message she created with her private key, which she created by herself.
- Sends messages, signatures, and public keys with claiming that she is Alice.
This is because the signature was definitely created by the (Mallory’s) public key used for verification and the corresponding private key.
Expected objections
Q. Since only Alice has the private key, if we can confirm that the signature was created by that key, wouldn’t it be possible to prove that the signature was created by Alice?
A. When you think of it in analogy with a physical key, you tend to fall into this misunderstanding.
A private key and public key are pairs of numbers that have a certain rule. It’s just a number. Anyone can make it as long as they know the rule.
Q. Since it is impossible to create a correct key without knowing the correspondence rules between private keys and public keys, wouldn’t it be possible to prove that Alice created the private key?
A. The correspondence rules for private keys and public keys are publicly available. Anyone can create one.
Of course, only the person who created the public key can create the private key that pairs with the “public key used for verification.”
However, anyone can create a “public key/private key pair that satisfies the correct correspondence rules’’.
The validity of a digital signature is ensured by the fact that even if you know the value of the public key and the key creation rules, you cannot create the private key that pairs with it.
It does not rely on “knowing the secret of the public-private key correspondence rules.”
(As a side note, in the world of cryptography, it is forbidden to come up with unique algorithms, and it is preferable for algorithms verified publicly.)
So what can you do to prevent spoofing?
Generally, to prevent spoofing, a “certificate’’ is created that proves “This signature was created by Alice.’’
Of course, if you just create your own certificate, others cannot trust it, so you should ask a trusted third party (such as a public institution) to create the certificate, or ask multiple people to create the certificate.
Summary
What can be guaranteed with a digital signature is
- The person who created the message and the person who signed it are the same.
- The message content has not been changed since it was signed.
However, there is no guarantee that the sender of the message (and signature and public key) is who you expect.
To guarantee this, certificate is necessary.
