1041:
applications, and this is done through a combination of hardware and software based processes on a computer system. The problem is that the semantic interpretation of bits can change as a function of the processes used to transform the bits into semantic content. It is relatively easy to change the interpretation of a digital document by implementing changes on the computer system where the document is being processed. From a semantic perspective this creates uncertainty about what exactly has been signed. WYSIWYS (What You See Is What You Sign) means that the semantic interpretation of a signed message cannot be changed. In particular this also means that a message cannot contain hidden information that the signer is unaware of, and that can be revealed after the signature has been applied. WYSIWYS is a requirement for the validity of digital signatures, but this requirement is difficult to guarantee because of the increasing complexity of modern computer systems. The term WYSIWYS was coined by
1408:. Generally, these provisions mean that anything digitally signed legally binds the signer of the document to the terms therein. For that reason, it is often thought best to use separate key pairs for encrypting and signing. Using the encryption key pair, a person can engage in an encrypted conversation (e.g., regarding a real estate transaction), but the encryption does not legally sign every message he or she sends. Only when both parties come to an agreement do they sign a contract with their signing keys, and only then are they legally bound by the terms of a specific document. After signing, the document can be sent over the encrypted link. If a signing key is lost or compromised, it can be revoked to mitigate any future transactions. If an encryption key is lost, a backup or
964:). It can be arranged that the private key never leaves the smart card, although this is not always implemented. If the smart card is stolen, the thief will still need the PIN code to generate a digital signature. This reduces the security of the scheme to that of the PIN system, although it still requires an attacker to possess the card. A mitigating factor is that private keys, if generated and stored on smart cards, are usually regarded as difficult to copy, and are assumed to exist in exactly one copy. Thus, the loss of the smart card may be detected by the owner and the corresponding certificate can be immediately revoked. Private keys that are protected by software only may be easier to copy, and such compromises are far more difficult to detect.
38:
136:. In many instances, they provide a layer of validation and security to messages sent through a non-secure channel: Properly implemented, a digital signature gives the receiver reason to believe the message was sent by the claimed sender. Digital signatures are equivalent to traditional handwritten signatures in many respects, but properly implemented digital signatures are more difficult to forge than the handwritten type. Digital signature schemes, in the sense used here, are cryptographically based, and must be implemented properly to be effective. They can also provide
1289:. Other countries have also passed statutes or issued regulations in this area as well and the UN has had an active model law project for some time. These enactments (or proposed enactments) vary from place to place, have typically embodied expectations at variance (optimistically or pessimistically) with the state of the underlying cryptographic engineering, and have had the net effect of confusing potential users and specifiers, nearly all of whom are not cryptographically knowledgeable.
3699:
773:—if the bank's offices simply encrypted the messages they exchange, they could still be vulnerable to forgery. In other applications, such as software updates, the messages are not secret—when a software author publishes a patch for all existing installations of the software to apply, the patch itself is not secret, but computers running the software must verify the authenticity of the patch before applying it, lest they become victims to malware.
1324:
506:
484:, the first that could be proved to prevent even an existential forgery against a chosen message attack, which is the currently accepted security definition for signature schemes. The first such scheme which is not built on trapdoor functions but rather on a family of function with a much weaker required property of one-way permutation was presented by
1183:– a signature scheme that supports aggregation: Given n signatures on n messages from n users, it is possible to aggregate all these signatures into a single signature whose size is constant in the number of users. This single signature will convince the verifier that the n users did indeed sign the n original messages. A scheme by
1001:
replace the user application with a foreign substitute, in effect replacing the user's own communications with those of the attacker. This could allow a malicious application to trick a user into signing any document by displaying the user's original on-screen, but presenting the attacker's own documents to the signing application.
851:. Very roughly this is analogous to a vendor who receives credit-cards first checking online with the credit-card issuer to find if a given card has been reported lost or stolen. Of course, with stolen key pairs, the theft is often discovered only after the secret key's use, e.g., to sign a bogus certificate for espionage purpose.
788:. For example, the branch office may legitimately request that bank transfer be issued once in a signed message. If the bank doesn't use a system of transaction ids in their messages to detect which transfers have already happened, someone could illegitimately reuse the same signed message many times to drain an account.
832:, or more specifically non-repudiation of origin, is an important aspect of digital signatures. By this property, an entity that has signed some information cannot at a later time deny having signed it. Similarly, access to the public key only does not enable a fraudulent party to fake a valid signature.
1276:
Legislatures, being importuned by businesses expecting to profit from operating a PKI, or by the technological avant-garde advocating new solutions to old problems, have enacted statutes and/or regulations in many jurisdictions authorizing, endorsing, encouraging, or permitting digital signatures and
758:
With a digital signature scheme, the central office can arrange beforehand to have a public key on file whose private key is known only to the branch office. The branch office can later sign a message and the central office can use the public key to verify the signed message was not a forgery before
1272:
Only if all of these conditions are met will a digital signature actually be any evidence of who sent the message, and therefore of their assent to its contents. Legal enactment cannot change this reality of the existing engineering possibilities, though some such have not reflected this actuality.
1057:
An ink signature could be replicated from one document to another by copying the image manually or digitally, but to have credible signature copies that can resist some scrutiny is a significant manual or technical skill, and to produce ink signature copies that resist professional scrutiny is very
1004:
To protect against this scenario, an authentication system can be set up between the user's application (word processor, email client, etc.) and the signing application. The general idea is to provide some means for both the user application and signing application to verify each other's integrity.
794:
A signature itself cannot be used to uniquely identify the message it signs—in some signature schemes, every message has a large number of possible valid signatures from the same signer, and it may be easy, even without knowledge of the private key, to transform one valid signature into another. If
754:
If a bank's central office receives a letter claiming to be from a branch office with instructions to change the balance of an account, the central bankers need to be sure, before acting on the instructions, that they were actually sent by a branch banker, and not forged—whether a forger fabricated
1000:
One of the main differences between a digital signature and a written signature is that the user does not "see" what they sign. The user application presents a hash code to be signed by the digital signing algorithm using the private key. An attacker who gains control of the user's PC can possibly
1061:
Digital signatures cryptographically bind an electronic identity to an electronic document and the digital signature cannot be copied to another document. Paper contracts sometimes have the ink signature block on the last page, and the previous pages may be replaced after a signature is applied.
955:
and his students). In a typical digital signature implementation, the hash calculated from the document is sent to the smart card, whose CPU signs the hash using the stored private key of the user, and then returns the signed hash. Typically, a user must activate their smart card by entering a
1268:), the possibility of mistaken attestation is non-trivial. Commercial PKI operators have suffered several publicly known problems. Such mistakes could lead to falsely signed, and thus wrongly attributed, documents. 'Closed' PKI systems are more expensive, but less easily subverted in this way.
1040:
Technically speaking, a digital signature applies to a string of bits, whereas humans and applications "believe" that they sign the semantic interpretation of those bits. In order to be semantically interpreted, the bit string must be transformed into a form that is meaningful for humans and
976:. Some card readers have their own numeric keypad. This is safer than using a card reader integrated into a PC, and then entering the PIN using that computer's keyboard. Readers with a numeric keypad are meant to circumvent the eavesdropping threat where the computer might be running a
734:
as well as acknowledging informed consent and approval by a signatory. The United States
Government Printing Office (GPO) publishes electronic versions of the budget, public and private laws, and congressional bills with digital signatures. Universities including Penn State,
720:
Without the hash function, the text "to be signed" may have to be split (separated) in blocks small enough for the signature scheme to act on them directly. However, the receiver of the signed blocks is not able to recognize if all the blocks are present and in the appropriate
1062:
Digital signatures can be applied to an entire document, such that the digital signature on the last page will indicate tampering if any data on any of the pages have been altered, but this can also be achieved by signing with ink and numbering all pages of the contract.
208:
Secondly, it should be computationally infeasible to generate a valid signature for a party without knowing that party's private key. A digital signature is an authentication mechanism that enables the creator of the message to attach a code that acts as a signature. The
821:. In some signature schemes, given a signed message, it is easy to construct a public key under which the signed message will pass verification, even without knowledge of the private key that was used to make the signed message in the first place.
144:
remains secret. Further, some non-repudiation schemes offer a timestamp for the digital signature, so that even if the private key is exposed, the signature is valid. Digitally signed messages may be anything representable as a
750:
A message may have letterhead or a handwritten signature identifying its sender, but letterheads and handwritten signatures can be copied and pasted onto forged messages. Even legitimate messages may be modified in transit.
445:
algorithm, which could be used to produce primitive digital signatures (although only as a proof-of-concept – "plain" RSA signatures are not secure). The first widely marketed software package to offer digital signature was
661:
Used directly, this type of signature scheme is vulnerable to key-only existential forgery attack. To create a forgery, the attacker picks a random signature σ and uses the verification procedure to determine the message,
41:
Alice signs a message—"Hello Bob!"—by appending a signature computed from the message and her private key. Bob receives both the message and signature. He uses Alice's public key to verify the authenticity of the signed
50:
is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature on a message gives a recipient confidence that the message came from a sender known to the recipient.
1736:
1017:
based digital signature service and a locally provided one is risk. Many risk averse companies, including governments, financial and medical institutions, and payment processors require more secure standards, like
931:
All public key / private key cryptosystems depend entirely on keeping the private key secret. A private key can be stored on a user's computer, and protected by a local password, but this has two disadvantages:
73:, which include any electronic data that carries the intent of a signature, but not all electronic signatures use digital signatures. Electronic signatures have legal significance in some countries, including
682:. This forgery attack, then, only produces the padded hash function output that corresponds to σ, but not a message that leads to that value, which does not lead to an attack. In the random oracle model,
1924:
1178:
730:
As organizations move away from paper documents with ink signatures or authenticity stamps, digital signatures can provide added assurances of the evidence to provenance, identity, and status of an
843:
of a key-pair is a required ability, else leaked secret keys would continue to implicate the claimed owner of the key-pair. Checking revocation status requires an "online" check; e.g., checking a
429:
first described the notion of a digital signature scheme, although they only conjectured that such schemes existed based on functions that are trapdoor one-way permutations. Soon afterwards,
1594:
480:
became the first to rigorously define the security requirements of digital signature schemes. They described a hierarchy of attack models for signature schemes, and also presented the
2413:"A digital signature scheme secure against adaptive chosen-message attacks.", Shafi Goldwasser, Silvio Micali, and Ronald Rivest. SIAM Journal on Computing, 17(2):281–308, Apr. 1988.
1954:
763:
know the sender's private key can't sign a different message, or even change a single digit in an existing message without making the recipient's signature verification fail.
1728:
1384:
Some industries have established common interoperability standards for the use of digital signatures between members of the industry and with regulators. These include the
992:
Smart card design is an active field, and there are smart card schemes which are intended to avoid these particular problems, despite having few security proofs so far.
1830:
30:
This article is about a cryptographic construct derived from a mathematical scheme which is hard to forge. For a data record not secured by cryptographic scheme, see
1412:
should be utilized to continue viewing encrypted content. Signing keys should never be backed up or escrowed unless the backup destination is securely encrypted.
2115:
3679:
3509:
1920:
1173:
1864:
769:
can hide the content of the message from an eavesdropper, but encryption on its own may not let recipient verify the message's authenticity, or even detect
3124:
1292:
Adoption of technical standards for digital signatures have lagged behind much of the legislation, delaying a more or less unified engineering position on
710:
Messages are typically bit strings, but some signature schemes operate on other domains (such as, in the case of RSA, numbers modulo a composite number
1662:
980:, potentially compromising the PIN code. Specialized card readers are also less vulnerable to tampering with their software or hardware and are often
2834:
2793:
Jeremiah S. Buckley, John P. Kromer, Margo H. K. Tank, and R. David
Whitaker, The Law of Electronic Signatures (3rd Edition, West Publishing, 2010).
2615:
1703:
666:, corresponding to that signature. In practice, however, this type of signature is not used directly, but rather, the message to be signed is first
205:
First, the authenticity of a signature generated from a fixed message and fixed private key can be verified by using the corresponding public key.
2693:
1188:
3252:
214:
2548:. European Symposium on Research in Computer Security—ESORICS. Lecture Notes in Computer Science. Vol. 8713. Springer. pp. 313–326.
3347:
1638:
1587:
3247:
2346:
1950:
1805:
2976:
1081:
2447:
Handbook of
Applied Cryptography by Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone. Fifth Printing (August 2001) page 445.
1108:
2431:"Modern Cryptography: Theory & Practice", Wenbo Mao, Prentice Hall Professional Technical Reference, New Jersey, 2004, pg. 308.
3155:
3149:
1620:
1536:
784:
A digital signature scheme on its own does not prevent a valid signed message from being recorded and then maliciously reused in a
1770:
1256:
The public key owner must be verifiable: A public key associated with Bob actually came from Bob. This is commonly done using a
1228:
Quality algorithms: Some public-key algorithms are known to be insecure, as practical attacks against them have been discovered.
570:
1400:
In several countries, a digital signature has a status somewhat like that of a traditional pen and paper signature, as in the
918:
The strongest notion of security, therefore, is security against existential forgery under an adaptive chosen message attack.
874:
attack, the attacker is given valid signatures for a variety of messages known by the attacker but not chosen by the attacker.
542:
3273:
2827:
2746:
2728:
2573:
2511:
2478:
2198:
2184:
859:
In their foundational paper, Goldwasser, Micali, and Rivest lay out a hierarchy of attack models against digital signatures:
1838:
1893:
198:
algorithm that, given the message, public key and signature, either accepts or rejects the message's claim to authenticity.
1264:). For 'open' PKIs in which anyone can request such an attestation (universally embodied in a cryptographically protected
1049:
to describe some of the principles in delivering secure and legally binding digital signatures for Pan-European projects.
1198:
549:
2172:
2891:
2790:
M. H. M Schellenkens, Electronic
Signatures Authentication Technology from a Legal Perspective, (TMC Asser Press, 2004)
1565:
1345:
848:
671:
523:
704:
The signature will be much shorter and thus save time since hashing is generally much faster than signing in practice.
3732:
3340:
2959:
2916:
2436:
1371:
589:
17:
2881:
1353:
2871:
2820:
2784:
Lorna
Brazell, Electronic Signatures and Identities Law and Regulation (2nd edn, London: Sweet & Maxwell, 2008)
1308:
556:
3035:
2949:
2896:
1860:
1401:
1247:
The private key must remain private: If the private key becomes known to any other party, that party can produce
177:
1224:
Most digital signature schemes share the following goals regardless of cryptographic theory or legal provision:
3558:
3489:
3060:
1496:
1349:
957:
527:
538:
2944:
2422:
Moni Naor, Moti Yung: Universal One-Way Hash
Functions and their Cryptographic Applications. STOC 1989: 33–43
1466:
1431:
1219:
1654:
3333:
3201:
3134:
1451:
951:. Many smart cards are designed to be tamper-resistant (although some designs have been broken, notably by
140:, meaning that the signer cannot successfully claim they did not sign a message, while also claiming their
59:
2590:
3674:
3629:
3432:
3298:
3191:
3040:
2954:
2876:
2622:
1684:
1385:
1076:
844:
770:
667:
643:
210:
1886:"LEY-19799 SOBRE DOCUMENTOS ELECTRONICOS, FIRMA ELECTRONICA Y SERVICIOS DE CERTIFICACION DE DICHA FIRMA"
149:: examples include electronic mail, contracts, or a message sent via some other cryptographic protocol.
3727:
3553:
3050:
2939:
2921:
2685:
2156:"New Directions in Cryptography", IEEE Transactions on Information Theory, IT-22(6):644–654, Nov. 1976.
1153:
1136:
1122:
981:
1005:
For example, the signing application may require all requests to come from digitally signed binaries.
3669:
3303:
3283:
2465:. Lecture Notes in Computer Science. Vol. 1070. Berlin, Heidelberg: Springer. pp. 399–416.
1481:
1257:
1159:
1145:
1141:
1128:
1113:
961:
3186:
2218:
3659:
3649:
3504:
3242:
3013:
2037:"Digital signature scheme for information non-repudiation in blockchain: a state of the art review"
1334:
1100:
335:
133:
2781:
J. Katz and Y. Lindell, "Introduction to Modern
Cryptography" (Chapman & Hall/CRC Press, 2007)
1635:
3654:
3644:
3437:
3397:
3390:
3375:
3370:
3196:
2843:
2787:
Dennis
Campbell, editor, E-Commerce and the Law of Digital Signatures (Oceana Publications, 2005)
2380:"A certified digital signature", Ralph Merkle, In Gilles Brassard, ed., Advances in Cryptology –
1491:
1456:
1338:
697:
There are several reasons to sign such a hash (or message digest) instead of the whole document.
691:
516:
458:
158:
2756:
2338:
3442:
3385:
3278:
3129:
3068:
3003:
2213:
1486:
1446:
1265:
1234:
1149:
840:
563:
180:
from a set of possible private keys. The algorithm outputs the private key and a corresponding
55:
3702:
3548:
3494:
3144:
2901:
2858:
2458:
1794:
1261:
1202:
1092:
736:
2544:
Decker, Christian; Wattenhofer, Roger (2014). Kutyłowski, Mirosław; Vaidya, Jaideep (eds.).
2035:
Fang, Weidong; Chen, Wei; Zhang, Wuxiong; Pei, Jun; Gao, Weiwei; Wang, Guohui (2020-03-04).
881:
attack, the attacker first learns signatures on arbitrary messages of the attacker's choice.
3664:
3588:
3055:
2866:
1461:
1260:(PKI) and the public key↔user association is attested by the operator of the PKI (called a
1168:
1132:
225:
70:
31:
8:
3417:
3161:
1389:
940:
911:
731:
346:
1617:
1527:
795:
signatures are misused as transaction ids in an attempt by a bank-like system such as a
755:
the whole letter, or just modified an existing letter in transit by adding some digits.
3533:
3517:
3459:
3008:
2931:
2911:
2906:
2886:
2649:
Landrock, Peter; Pedersen, Torben (1998). "WYSIWYS? – What you see is what you sign?".
2549:
2231:
2066:
2017:
2004:
1977:
1758:
1441:
1206:
914:
merely results in some valid message/signature pair not already known to the adversary.
835:
Note that these authentication, non-repudiation etc. properties rely on the secret key
690:
possible outputs), this form of signature is existentially unforgeable, even against a
627:
610:, that is the product of two random secret distinct large primes, along with integers,
481:
2662:
2103:
739:, and Stanford are publishing electronic student transcripts with digital signatures.
3593:
3583:
3211:
3139:
3025:
2742:
2724:
2569:
2507:
2474:
2432:
2384:'89, vol. 435 of Lecture Notes in Computer Science, pp. 218–238, Spring Verlag, 1990.
2107:
2070:
2058:
2021:
2009:
1476:
1104:
977:
904:
897:
686:(an idealized version of that practice where hash and padding combined have close to
679:
454:
63:
714:). A hash function can be used to convert an arbitrary input into the proper format.
3528:
3380:
3114:
2658:
2559:
2466:
2394:
2235:
2223:
2180:
2099:
2086:
2048:
1999:
1994:
1989:
1921:"Major Standards and Compliance of Digital Signatures – A World-Wide Consideration"
1523:
1293:
952:
683:
469:
422:
2239:
1277:
providing for (or limiting) their legal effect. The first appears to have been in
1201:– are signature schemes that facilitate efficient cryptographic protocols such as
742:
Below are some common reasons for applying a digital signature to communications:
453:
Other digital signature schemes were soon developed after RSA, the earliest being
2564:
2397:, Technical Report MIT/LCS/TR-212, MIT Laboratory for Computer Science, Jan. 1979
2176:
1885:
1642:
1624:
1436:
1071:
1014:
829:
603:
462:
442:
137:
58:
suites, and are commonly used for software distribution, financial transactions,
1802:
3603:
3523:
3479:
3422:
3407:
2368:
2053:
2036:
1569:
1042:
973:
426:
366:
169:
126:
530: in this Method section. Unsourced material may be challenged and removed.
3721:
3684:
3639:
3598:
3578:
3469:
3427:
3402:
2527:
Brendel, Jacqueline; Cremers, Cas; Jackson, Dennis; Zhao, Meng (2020-10-14).
2470:
2169:
2111:
2062:
1519:
1471:
1282:
1184:
1163:
785:
477:
473:
430:
86:
3634:
3474:
3464:
3454:
3412:
3356:
3308:
3288:
2499:
2013:
1699:
1046:
606:. To create signature keys, generate an RSA key pair containing a modulus,
110:
82:
2227:
1242:
Users (and their software) must carry out the signature protocol properly.
995:
799:
exchange to detect replays, this can be exploited to replay transactions.
3613:
3206:
3083:
2459:"The Exact Security of Digital Signatures-How to Sign with RSA and Rabin"
1685:"Electronic Communications and Transactions Act [No. 25 of 2002]"
447:
438:
141:
118:
2199:"A Method for Obtaining Digital Signatures and Public-Key Cryptosystems"
191:
algorithm that, given a message and a private key, produces a signature.
3573:
3543:
3538:
3499:
3232:
2964:
2537:
1409:
1388:
for the automobile industry and the SAFE-BioPharma
Association for the
1301:
1286:
1019:
948:
766:
434:
27:
Mathematical scheme for verifying the authenticity of digital documents
1395:
37:
3563:
2986:
1421:
1297:
907:
attack results in a signature on a message of the adversary's choice.
489:
485:
146:
102:
2796:
1944:
1942:
1914:
1912:
1910:
1323:
1052:
1008:
967:
505:
3608:
3568:
3293:
3227:
3098:
3093:
3088:
2991:
2969:
2686:"Technology roadmap – Schnorr signatures and signature aggregation"
2528:
2170:
Signature Schemes and Applications to Cryptographic Protocol Design
1233:
Quality implementations: An implementation of a good algorithm (or
1023:
972:
Entering a PIN code to activate the smart card commonly requires a
163:
A digital signature scheme typically consists of three algorithms:
2554:
1978:"Digital signature schemes with strong existential unforgeability"
900:
attack results in the ability to forge signatures for any message.
3119:
3078:
1939:
1907:
1213:
1192:
1118:
1035:
1026:
certification, to ensure the signature is validated and secure.
796:
114:
90:
2520:
62:, and in other cases where it is important to detect forgery or
3484:
3237:
2381:
1514:
1512:
867:
attack, the attacker is only given the public verification key.
106:
94:
78:
74:
405:
denotes that the adversary may not directly query the string,
3073:
3030:
2998:
2981:
2533:(Technical report). IACR Cryptology ePrint Archive. 2020/823.
1426:
1405:
1086:
122:
98:
2367:"Constructing digital signatures from a one-way function.",
1509:
936:
the user can only sign documents on that particular computer
2616:"Chip and Skim: cloning EMV cards with the pre-play attack"
1304:, and so on what the engineering is attempting to provide.
1278:
947:
A more secure alternative is to store the private key on a
461:(also known as "Merkle trees" or simply "Hash trees"), and
2393:"Digitalized signatures as intractable as factorization."
1951:"Recommendations for Providing Digital Signature Services"
926:
235:
is a triple of probabilistic polynomial time algorithms, (
3166:
3020:
2526:
2041:
EURASIP Journal on Wireless Communications and Networking
1976:
Chia, Jason; Chin, Ji-Jian; Yip, Sook-Chin (2021-09-16).
1560:
1558:
1556:
2741:(1. publ. ed.), Cambridge : Cambridge Univ. Press,
2591:"Signature misuse vulnerability in draft-barnes-acme-04"
2371:, Technical Report CSL-98, SRI International, Oct. 1979.
939:
the security of the private key depends entirely on the
2644:
2642:
2494:
2492:
2490:
996:
Using digital signatures only with trusted applications
334:
if for every non-uniform probabilistic polynomial time
3510:
Cryptographically secure pseudorandom number generator
1553:
218:
2582:
2530:
The Provable Security of Ed25519: Theory and Practice
2506:(3rd ed.). Chapman & Hall/CRC. p. 281.
1655:"Secure Electronic Signature Regulations SOR/2005-30"
1281:
in the United States, followed closely by the states
450:
1.0, released in 1989, which used the RSA algorithm.
2804:
2798:
Digital Evidence and Electronic Signature Law Review
2639:
2487:
1065:
813:, but not the other way around—prior knowledge of a
2196:
2147:
Goldreich's FoC, vol. 2, def 6.1.2. Pass, def 135.2
1835:
Communication and Information Technology Commission
1396:
Using separate key pairs for signing and encryption
602:One digital signature scheme (of many) is based on
2739:Foundations of cryptography II: Basic Applications
2085:
921:
885:They also describe a hierarchy of attack results:
54:Digital signatures are a standard element of most
2543:
2087:"Securing digital signatures for non-repudiation"
1572:(2007). "Chapter 12: Digital Signature Schemes".
1518:
1053:Digital signatures versus ink on paper signatures
1009:Using a network attached hardware security module
968:Using smart card readers with a separate keyboard
3719:
2648:
2034:
1526:(July 2008). "Chapter 10: Digital signatures".
69:Digital signatures are often used to implement
2456:
1214:The current state of use – legal and practical
215:National Institute of Standards and Technology
3341:
2828:
2164:
2162:
771:selective modifications like changing a digit
2409:
2407:
2405:
2403:
2197:Rivest, R.; Shamir, A.; Adleman, L. (1978).
1890:Ley Chile – Biblioteca del Congreso Nacional
2842:
1975:
1564:
1352:. Unsourced material may be challenged and
987:
893:results in the recovery of the signing key.
817:cannot be used to verify authenticity of a
224:In the following discussion, 1 refers to a
3348:
3334:
2835:
2821:
2721:Foundations of cryptography I: Basic Tools
2546:Bitcoin Transaction Malleability and MtGox
2159:
792:Uniqueness and malleability of signatures.
2736:
2723:, Cambridge: Cambridge University Press,
2718:
2563:
2553:
2457:Bellare, Mihir; Rogaway, Phillip (1996).
2400:
2217:
2134:
2132:
2052:
2003:
1993:
1372:Learn how and when to remove this message
590:Learn how and when to remove this message
1769:(in Turkish). Resmî Gazete. 2004-01-23.
1103:as the predecessor to DSA, and variants
809:can be used to verify authenticity of a
670:to produce a short digest, that is then
254:(key-generator) generates a public key (
36:
2498:
2083:
927:Putting the private key on a smart card
654:, and the signer's secret key contains
14:
3720:
2463:Advances in Cryptology — EUROCRYPT '96
2129:
1811:from the original on 18 September 2017
1804:. The Gazette of India Extraordinary.
1795:"THE INFORMATION TECHNOLOGY ACT, 2000"
1013:One of the main differences between a
854:
646:. The signer's public key consists of
3329:
2816:
2678:
2669:
2651:Information Security Technical Report
2608:
2441:
2425:
2416:
2387:
2374:
2361:
2331:
2315:is a valid signature of the product,
2256:
2150:
2141:
2077:
2028:
1878:
1853:
1823:
1787:
1739:from the original on November 5, 2018
1665:from the original on 28 February 2020
1313:
1109:Pointcheval–Stern signature algorithm
3156:Naccache–Stern knapsack cryptosystem
2588:
1957:from the original on 9 February 2016
1927:from the original on 9 February 2016
1721:
1677:
1647:
1629:
1611:
1580:
1350:adding citations to reliable sources
1317:
528:adding citations to reliable sources
499:
258:), and a corresponding private key (
2190:
1761:[Electronic Signature Law]
1574:Introduction to Modern Cryptography
1402:1999 EU digital signature directive
1199:Signatures with efficient protocols
674:to larger width comparable to
24:
2775:
2696:from the original on 24 March 2018
1918:
1733:Official Journal, February 1, 2015
849:Online Certificate Status Protocol
824:
381:denotes the set of the queries on
276:, on the inputs: the private key (
202:Two main properties are required:
25:
3744:
2504:Cryptography: Theory and Practice
2339:"The History of Notes and Domino"
1709:from the original on 1 April 2019
1066:Some digital signature algorithms
745:
3698:
3697:
3355:
2754:
2502:(2006). "7: Signature Schemes".
2084:Zhou, J.; Lam, K.Y. (May 1999).
1322:
1309:ABA digital signature guidelines
1237:) with mistake(s) will not work.
504:
3187:Discrete logarithm cryptography
2692:. Bitcoin Core. 23 March 2017.
2450:
2349:from the original on 2013-03-05
2287:, of any two valid signatures,
2118:from the original on 2023-07-01
1969:
1896:from the original on 2019-12-26
1867:from the original on 2018-02-02
1776:from the original on 2022-03-22
1600:from the original on 2011-05-22
1542:from the original on 2022-04-20
1251:digital signatures of anything.
922:Additional security precautions
725:
678:, then signed with the reverse
515:needs additional citations for
298:on the inputs: the public key (
3559:Information-theoretic security
1995:10.12688/f1000research.72910.1
1948:
1751:
1636:National Archives of Australia
1497:Probabilistic signature scheme
958:personal identification number
776:
393:, and the security parameter,
389:, which knows the public key,
330:A digital signature scheme is
13:
1:
2712:
2663:10.1016/S0167-4048(98)80005-8
2104:10.1016/s0140-3664(99)00031-6
1529:Lecture Notes on Cryptography
1467:Electronic signatures and law
1432:Advanced electronic signature
1406:2014 EU follow-on legislation
1220:Electronic signatures and law
152:
3202:Non-commutative cryptography
2565:10.1007/978-3-319-11212-1_18
1831:"Electronic Transaction Law"
1452:Digital signature in Estonia
1218:For International uses, see
960:or PIN code (thus providing
803:Authenticating a public key.
60:contract management software
7:
3675:Message authentication code
3630:Cryptographic hash function
3433:Cryptographic hash function
3299:Identity-based cryptography
3192:Elliptic-curve cryptography
2589:Ayer, Andrew (2015-08-11).
1415:
1386:Automotive Network Exchange
845:certificate revocation list
839:prior to its usage. Public
759:acting on it. A forger who
211:Digital Signature Algorithm
10:
3749:
3554:Harvest now, decrypt later
2054:10.1186/s13638-020-01665-w
1892:(in Spanish). 2002-04-12.
1306:
1217:
1033:
1029:
416:
266:is the security parameter.
156:
132:Digital signatures employ
29:
3693:
3670:Post-quantum cryptography
3622:
3363:
3325:
3304:Post-quantum cryptography
3261:
3253:Post-Quantum Cryptography
3220:
3179:
3107:
3049:
2930:
2857:
2850:
2812:
2808:
2461:. In Maurer, Ueli (ed.).
2262:For example any integer,
2206:Communications of the ACM
1641:November 9, 2014, at the
1482:Public key infrastructure
1258:public key infrastructure
1114:Rabin signature algorithm
962:two-factor authentication
495:
272:(signing) returns a tag,
173:algorithm that selects a
125:and the countries of the
3733:Cryptographic primitives
3660:Quantum key distribution
3650:Authenticated encryption
3505:Random number generation
2758:A Course in Cryptography
2737:Goldreich, Oded (2004),
2719:Goldreich, Oded (2001),
2471:10.1007/3-540-68339-9_34
1759:"ELEKTRONİK İMZA KANUNU"
1700:Republic of South Africa
1502:
1160:quantum-resistant scheme
1146:quantum-resistant scheme
1129:quantum-resistant scheme
1101:ElGamal signature scheme
988:Other smart card designs
644:Euler's totient function
233:digital signature scheme
221:of a signing algorithm.
213:(DSA), developed by the
3655:Public-key cryptography
3645:Symmetric-key algorithm
3438:Key derivation function
3398:Cryptographic primitive
3391:Authentication protocol
3376:Outline of cryptography
3371:History of cryptography
3197:Hash-based cryptography
2844:Public-key cryptography
2092:Computer Communications
1492:Server-based signatures
1457:Electronic lab notebook
1121:-based schemes such as
879:adaptive chosen message
837:not having been revoked
692:chosen-plaintext attack
630: 1 (mod
159:Public-key cryptography
134:asymmetric cryptography
3443:Secure Hash Algorithms
3386:Cryptographic protocol
1588:"US ESIGN Act of 2000"
1487:Public key fingerprint
1447:Public key certificate
1266:public key certificate
1127:CRYSTALS-Dilithium, a
56:cryptographic protocol
43:
3549:End-to-end encryption
3495:Cryptojacking malware
2859:Integer factorization
2228:10.1145/359340.359342
1767:Mevzuat Bilgi Sistemi
1262:certificate authority
1203:zero-knowledge proofs
1169:Undeniable signatures
805:Prior knowledge of a
737:University of Chicago
262:), on input 1, where
71:electronic signatures
40:
3665:Quantum cryptography
3589:Trusted timestamping
1841:on 17 September 2017
1659:Justice Laws Website
1462:Electronic signature
1346:improve this section
524:improve this article
513:This Method section
482:GMR signature scheme
290:(verifying) outputs
32:Electronic signature
3418:Cryptographic nonce
3162:Three-pass protocol
1390:healthcare industry
1174:Aggregate signature
912:existential forgery
855:Notions of security
732:electronic document
539:"Digital signature"
196:signature verifying
178:uniformly at random
3534:Subliminal channel
3518:Pseudorandom noise
3460:Key (cryptography)
2932:Discrete logarithm
2175:2022-09-08 at the
1692:Government Gazette
1623:2006-09-25 at the
1442:Detached signature
1314:Industry standards
1207:secure computation
455:Lamport signatures
365:has access to the
44:
3728:Digital signature
3715:
3714:
3711:
3710:
3594:Key-based routing
3584:Trapdoor function
3450:Digital signature
3321:
3320:
3317:
3316:
3269:Digital signature
3212:Trapdoor function
3175:
3174:
2892:Goldwasser–Micali
2748:978-0-521-83084-3
2730:978-0-511-54689-1
2575:978-3-319-11212-1
2513:978-1-58488-508-5
2480:978-3-540-68339-1
2274:and the product,
1702:. 2 August 2002.
1661:. 10 March 2011.
1524:Goldwasser, Shafi
1477:GNU Privacy Guard
1382:
1381:
1374:
1191:may be used with
1105:Schnorr signature
905:selective forgery
898:universal forgery
707:For compatibility
680:trapdoor function
600:
599:
592:
574:
459:Merkle signatures
314:For correctness,
280:), and a string (
48:digital signature
18:Digital Signature
16:(Redirected from
3740:
3701:
3700:
3529:Insecure channel
3381:Classical cipher
3350:
3343:
3336:
3327:
3326:
3158:
3059:
3054:
3014:signature scheme
2917:Okamoto–Uchiyama
2855:
2854:
2837:
2830:
2823:
2814:
2813:
2810:
2809:
2806:
2805:
2801:Free open source
2771:
2770:
2768:
2763:
2751:
2733:
2706:
2705:
2703:
2701:
2682:
2676:
2673:
2667:
2666:
2646:
2637:
2636:
2634:
2633:
2627:
2621:. Archived from
2620:
2612:
2606:
2605:
2603:
2602:
2586:
2580:
2579:
2567:
2557:
2541:
2535:
2534:
2524:
2518:
2517:
2500:Stinson, Douglas
2496:
2485:
2484:
2454:
2448:
2445:
2439:
2429:
2423:
2420:
2414:
2411:
2398:
2395:Michael O. Rabin
2391:
2385:
2378:
2372:
2365:
2359:
2358:
2356:
2354:
2335:
2329:
2260:
2254:
2253:
2251:
2250:
2244:
2238:. Archived from
2221:
2203:
2194:
2188:
2181:Anna Lysyanskaya
2166:
2157:
2154:
2148:
2145:
2139:
2136:
2127:
2126:
2124:
2123:
2089:
2081:
2075:
2074:
2056:
2032:
2026:
2025:
2007:
1997:
1973:
1967:
1966:
1964:
1962:
1953:. Cryptomathic.
1946:
1937:
1936:
1934:
1932:
1923:. Cryptomathic.
1916:
1905:
1904:
1902:
1901:
1882:
1876:
1875:
1873:
1872:
1857:
1851:
1850:
1848:
1846:
1837:. Archived from
1827:
1821:
1820:
1818:
1816:
1810:
1799:
1791:
1785:
1784:
1782:
1781:
1775:
1764:
1755:
1749:
1748:
1746:
1744:
1725:
1719:
1718:
1716:
1714:
1708:
1689:
1681:
1675:
1674:
1672:
1670:
1651:
1645:
1633:
1627:
1615:
1609:
1608:
1606:
1605:
1599:
1592:
1584:
1578:
1577:
1562:
1551:
1550:
1548:
1547:
1541:
1534:
1516:
1377:
1370:
1366:
1363:
1357:
1326:
1318:
1294:interoperability
1182:
978:keystroke logger
595:
588:
584:
581:
575:
573:
532:
508:
500:
470:Shafi Goldwasser
463:Rabin signatures
423:Whitfield Diffie
21:
3748:
3747:
3743:
3742:
3741:
3739:
3738:
3737:
3718:
3717:
3716:
3707:
3689:
3618:
3359:
3354:
3313:
3257:
3221:Standardization
3216:
3171:
3154:
3103:
3051:Lattice/SVP/CVP
3045:
2926:
2872:Blum–Goldwasser
2846:
2841:
2778:
2776:Further reading
2766:
2764:
2761:
2749:
2731:
2715:
2710:
2709:
2699:
2697:
2690:bitcoincore.org
2684:
2683:
2679:
2674:
2670:
2647:
2640:
2631:
2629:
2625:
2618:
2614:
2613:
2609:
2600:
2598:
2587:
2583:
2576:
2542:
2538:
2525:
2521:
2514:
2497:
2488:
2481:
2455:
2451:
2446:
2442:
2430:
2426:
2421:
2417:
2412:
2401:
2392:
2388:
2379:
2375:
2366:
2362:
2352:
2350:
2337:
2336:
2332:
2327:
2321:
2314:
2307:
2300:
2293:
2286:
2280:
2261:
2257:
2248:
2246:
2242:
2219:10.1.1.607.2677
2201:
2195:
2191:
2177:Wayback Machine
2167:
2160:
2155:
2151:
2146:
2142:
2138:Pass, def 135.1
2137:
2130:
2121:
2119:
2082:
2078:
2033:
2029:
1974:
1970:
1960:
1958:
1947:
1940:
1930:
1928:
1917:
1908:
1899:
1897:
1884:
1883:
1879:
1870:
1868:
1859:
1858:
1854:
1844:
1842:
1829:
1828:
1824:
1814:
1812:
1808:
1797:
1793:
1792:
1788:
1779:
1777:
1773:
1762:
1757:
1756:
1752:
1742:
1740:
1727:
1726:
1722:
1712:
1710:
1706:
1687:
1683:
1682:
1678:
1668:
1666:
1653:
1652:
1648:
1643:Wayback Machine
1634:
1630:
1625:Wayback Machine
1616:
1612:
1603:
1601:
1597:
1590:
1586:
1585:
1581:
1570:Lindell, Yehuda
1563:
1554:
1545:
1543:
1539:
1535:. p. 168.
1532:
1517:
1510:
1505:
1437:Blind signature
1418:
1398:
1378:
1367:
1361:
1358:
1343:
1327:
1316:
1311:
1222:
1216:
1176:
1068:
1055:
1047:Torben Pedersen
1038:
1032:
1011:
998:
990:
970:
943:of the computer
929:
924:
857:
830:Non-repudiation
827:
825:Non-repudiation
779:
748:
728:
596:
585:
579:
576:
533:
531:
521:
509:
498:
419:
247:), satisfying:
161:
155:
138:non-repudiation
35:
28:
23:
22:
15:
12:
11:
5:
3746:
3736:
3735:
3730:
3713:
3712:
3709:
3708:
3706:
3705:
3694:
3691:
3690:
3688:
3687:
3682:
3680:Random numbers
3677:
3672:
3667:
3662:
3657:
3652:
3647:
3642:
3637:
3632:
3626:
3624:
3620:
3619:
3617:
3616:
3611:
3606:
3604:Garlic routing
3601:
3596:
3591:
3586:
3581:
3576:
3571:
3566:
3561:
3556:
3551:
3546:
3541:
3536:
3531:
3526:
3524:Secure channel
3521:
3515:
3514:
3513:
3502:
3497:
3492:
3487:
3482:
3480:Key stretching
3477:
3472:
3467:
3462:
3457:
3452:
3447:
3446:
3445:
3440:
3435:
3425:
3423:Cryptovirology
3420:
3415:
3410:
3408:Cryptocurrency
3405:
3400:
3395:
3394:
3393:
3383:
3378:
3373:
3367:
3365:
3361:
3360:
3353:
3352:
3345:
3338:
3330:
3323:
3322:
3319:
3318:
3315:
3314:
3312:
3311:
3306:
3301:
3296:
3291:
3286:
3281:
3276:
3271:
3265:
3263:
3259:
3258:
3256:
3255:
3250:
3245:
3240:
3235:
3230:
3224:
3222:
3218:
3217:
3215:
3214:
3209:
3204:
3199:
3194:
3189:
3183:
3181:
3177:
3176:
3173:
3172:
3170:
3169:
3164:
3159:
3152:
3150:Merkle–Hellman
3147:
3142:
3137:
3132:
3127:
3122:
3117:
3111:
3109:
3105:
3104:
3102:
3101:
3096:
3091:
3086:
3081:
3076:
3071:
3065:
3063:
3047:
3046:
3044:
3043:
3038:
3033:
3028:
3023:
3018:
3017:
3016:
3006:
3001:
2996:
2995:
2994:
2989:
2979:
2974:
2973:
2972:
2967:
2957:
2952:
2947:
2942:
2936:
2934:
2928:
2927:
2925:
2924:
2919:
2914:
2909:
2904:
2899:
2897:Naccache–Stern
2894:
2889:
2884:
2879:
2874:
2869:
2863:
2861:
2852:
2848:
2847:
2840:
2839:
2832:
2825:
2817:
2803:
2802:
2794:
2791:
2788:
2785:
2782:
2777:
2774:
2773:
2772:
2755:Pass, Rafael,
2752:
2747:
2734:
2729:
2714:
2711:
2708:
2707:
2677:
2668:
2638:
2607:
2597:(Mailing list)
2581:
2574:
2536:
2519:
2512:
2486:
2479:
2449:
2440:
2424:
2415:
2399:
2386:
2373:
2369:Leslie Lamport
2360:
2345:. 2007-11-14.
2343:developerWorks
2330:
2325:
2319:
2312:
2305:
2298:
2291:
2284:
2278:
2255:
2212:(2): 120–126.
2189:
2183:, PhD thesis,
2158:
2149:
2140:
2128:
2098:(8): 710–716.
2076:
2027:
1968:
1938:
1919:Turner, Dawn.
1906:
1877:
1852:
1822:
1786:
1750:
1720:
1676:
1646:
1628:
1610:
1579:
1576:. p. 399.
1566:Katz, Jonathan
1552:
1520:Bellare, Mihir
1507:
1506:
1504:
1501:
1500:
1499:
1494:
1489:
1484:
1479:
1474:
1469:
1464:
1459:
1454:
1449:
1444:
1439:
1434:
1429:
1424:
1417:
1414:
1397:
1394:
1380:
1379:
1330:
1328:
1321:
1315:
1312:
1270:
1269:
1254:
1252:
1245:
1243:
1240:
1238:
1231:
1229:
1215:
1212:
1211:
1210:
1196:
1171:
1166:
1164:hash functions
1156:
1139:
1125:
1116:
1111:
1098:
1097:ECDSA with SHA
1095:
1089:
1084:
1079:
1074:
1067:
1064:
1054:
1051:
1043:Peter Landrock
1034:Main article:
1031:
1028:
1010:
1007:
997:
994:
989:
986:
974:numeric keypad
969:
966:
945:
944:
937:
928:
925:
923:
920:
916:
915:
908:
901:
894:
883:
882:
875:
868:
856:
853:
838:
826:
823:
815:signed message
811:signed message
778:
775:
747:
746:Authentication
744:
727:
724:
723:
722:
718:
715:
708:
705:
702:
701:For efficiency
684:hash-then-sign
598:
597:
512:
510:
503:
497:
494:
427:Martin Hellman
418:
415:
355:
354:
328:
327:
312:
311:
306:), and a tag (
285:
267:
200:
199:
192:
185:
170:key generation
157:Main article:
154:
151:
127:European Union
26:
9:
6:
4:
3:
2:
3745:
3734:
3731:
3729:
3726:
3725:
3723:
3704:
3696:
3695:
3692:
3686:
3685:Steganography
3683:
3681:
3678:
3676:
3673:
3671:
3668:
3666:
3663:
3661:
3658:
3656:
3653:
3651:
3648:
3646:
3643:
3641:
3640:Stream cipher
3638:
3636:
3633:
3631:
3628:
3627:
3625:
3621:
3615:
3612:
3610:
3607:
3605:
3602:
3600:
3599:Onion routing
3597:
3595:
3592:
3590:
3587:
3585:
3582:
3580:
3579:Shared secret
3577:
3575:
3572:
3570:
3567:
3565:
3562:
3560:
3557:
3555:
3552:
3550:
3547:
3545:
3542:
3540:
3537:
3535:
3532:
3530:
3527:
3525:
3522:
3519:
3516:
3511:
3508:
3507:
3506:
3503:
3501:
3498:
3496:
3493:
3491:
3488:
3486:
3483:
3481:
3478:
3476:
3473:
3471:
3470:Key generator
3468:
3466:
3463:
3461:
3458:
3456:
3453:
3451:
3448:
3444:
3441:
3439:
3436:
3434:
3431:
3430:
3429:
3428:Hash function
3426:
3424:
3421:
3419:
3416:
3414:
3411:
3409:
3406:
3404:
3403:Cryptanalysis
3401:
3399:
3396:
3392:
3389:
3388:
3387:
3384:
3382:
3379:
3377:
3374:
3372:
3369:
3368:
3366:
3362:
3358:
3351:
3346:
3344:
3339:
3337:
3332:
3331:
3328:
3324:
3310:
3307:
3305:
3302:
3300:
3297:
3295:
3292:
3290:
3287:
3285:
3282:
3280:
3277:
3275:
3272:
3270:
3267:
3266:
3264:
3260:
3254:
3251:
3249:
3246:
3244:
3241:
3239:
3236:
3234:
3231:
3229:
3226:
3225:
3223:
3219:
3213:
3210:
3208:
3205:
3203:
3200:
3198:
3195:
3193:
3190:
3188:
3185:
3184:
3182:
3178:
3168:
3165:
3163:
3160:
3157:
3153:
3151:
3148:
3146:
3143:
3141:
3138:
3136:
3133:
3131:
3128:
3126:
3123:
3121:
3118:
3116:
3113:
3112:
3110:
3106:
3100:
3097:
3095:
3092:
3090:
3087:
3085:
3082:
3080:
3077:
3075:
3072:
3070:
3067:
3066:
3064:
3062:
3057:
3052:
3048:
3042:
3039:
3037:
3034:
3032:
3029:
3027:
3024:
3022:
3019:
3015:
3012:
3011:
3010:
3007:
3005:
3002:
3000:
2997:
2993:
2990:
2988:
2985:
2984:
2983:
2980:
2978:
2975:
2971:
2968:
2966:
2963:
2962:
2961:
2958:
2956:
2953:
2951:
2948:
2946:
2943:
2941:
2938:
2937:
2935:
2933:
2929:
2923:
2922:Schmidt–Samoa
2920:
2918:
2915:
2913:
2910:
2908:
2905:
2903:
2900:
2898:
2895:
2893:
2890:
2888:
2885:
2883:
2882:Damgård–Jurik
2880:
2878:
2877:Cayley–Purser
2875:
2873:
2870:
2868:
2865:
2864:
2862:
2860:
2856:
2853:
2849:
2845:
2838:
2833:
2831:
2826:
2824:
2819:
2818:
2815:
2811:
2807:
2800:
2799:
2795:
2792:
2789:
2786:
2783:
2780:
2779:
2760:
2759:
2753:
2750:
2744:
2740:
2735:
2732:
2726:
2722:
2717:
2716:
2695:
2691:
2687:
2681:
2672:
2664:
2660:
2656:
2652:
2645:
2643:
2628:on 2018-05-16
2624:
2617:
2611:
2596:
2595:acme@ietf.org
2592:
2585:
2577:
2571:
2566:
2561:
2556:
2551:
2547:
2540:
2532:
2531:
2523:
2515:
2509:
2505:
2501:
2495:
2493:
2491:
2482:
2476:
2472:
2468:
2464:
2460:
2453:
2444:
2438:
2437:0-13-066943-1
2434:
2428:
2419:
2410:
2408:
2406:
2404:
2396:
2390:
2383:
2377:
2370:
2364:
2348:
2344:
2340:
2334:
2324:
2318:
2311:
2304:
2297:
2290:
2283:
2277:
2273:
2269:
2265:
2259:
2245:on 2008-12-17
2241:
2237:
2233:
2229:
2225:
2220:
2215:
2211:
2207:
2200:
2193:
2186:
2182:
2178:
2174:
2171:
2165:
2163:
2153:
2144:
2135:
2133:
2117:
2113:
2109:
2105:
2101:
2097:
2093:
2088:
2080:
2072:
2068:
2064:
2060:
2055:
2050:
2046:
2042:
2038:
2031:
2023:
2019:
2015:
2011:
2006:
2001:
1996:
1991:
1987:
1983:
1982:F1000Research
1979:
1972:
1956:
1952:
1945:
1943:
1926:
1922:
1915:
1913:
1911:
1895:
1891:
1887:
1881:
1866:
1862:
1861:"Cómo se usa"
1856:
1840:
1836:
1832:
1826:
1807:
1803:
1796:
1790:
1772:
1768:
1760:
1754:
1738:
1734:
1730:
1724:
1705:
1701:
1697:
1693:
1686:
1680:
1664:
1660:
1656:
1650:
1644:
1640:
1637:
1632:
1626:
1622:
1619:
1614:
1596:
1589:
1583:
1575:
1571:
1567:
1561:
1559:
1557:
1538:
1531:
1530:
1525:
1521:
1515:
1513:
1508:
1498:
1495:
1493:
1490:
1488:
1485:
1483:
1480:
1478:
1475:
1473:
1472:eSign (India)
1470:
1468:
1465:
1463:
1460:
1458:
1455:
1453:
1450:
1448:
1445:
1443:
1440:
1438:
1435:
1433:
1430:
1428:
1425:
1423:
1420:
1419:
1413:
1411:
1407:
1403:
1393:
1391:
1387:
1376:
1373:
1365:
1355:
1351:
1347:
1341:
1340:
1336:
1331:This section
1329:
1325:
1320:
1319:
1310:
1305:
1303:
1299:
1295:
1290:
1288:
1284:
1283:Massachusetts
1280:
1274:
1267:
1263:
1259:
1255:
1253:
1250:
1246:
1244:
1241:
1239:
1236:
1232:
1230:
1227:
1226:
1225:
1221:
1208:
1204:
1200:
1197:
1194:
1190:
1189:Gregory Neven
1186:
1185:Mihir Bellare
1180:
1175:
1172:
1170:
1167:
1165:
1161:
1157:
1155:
1151:
1147:
1143:
1140:
1138:
1134:
1130:
1126:
1124:
1120:
1117:
1115:
1112:
1110:
1106:
1102:
1099:
1096:
1094:
1090:
1088:
1085:
1083:
1080:
1078:
1075:
1073:
1070:
1069:
1063:
1059:
1050:
1048:
1044:
1037:
1027:
1025:
1021:
1016:
1006:
1002:
993:
985:
983:
979:
975:
965:
963:
959:
954:
953:Ross Anderson
950:
942:
938:
935:
934:
933:
919:
913:
909:
906:
902:
899:
895:
892:
888:
887:
886:
880:
876:
873:
872:known message
869:
866:
862:
861:
860:
852:
850:
846:
842:
836:
833:
831:
822:
820:
816:
812:
808:
804:
800:
798:
793:
789:
787:
786:replay attack
783:
774:
772:
768:
764:
762:
756:
752:
743:
740:
738:
733:
719:
717:For integrity
716:
713:
709:
706:
703:
700:
699:
698:
695:
693:
689:
685:
681:
677:
673:
669:
665:
659:
657:
653:
649:
645:
641:
637:
633:
629:
625:
621:
617:
613:
609:
605:
594:
591:
583:
572:
569:
565:
562:
558:
555:
551:
548:
544:
541: –
540:
536:
535:Find sources:
529:
525:
519:
518:
511:
507:
502:
501:
493:
491:
487:
483:
479:
478:Ronald Rivest
475:
474:Silvio Micali
471:
466:
464:
460:
456:
451:
449:
444:
441:invented the
440:
436:
432:
431:Ronald Rivest
428:
424:
414:
412:
408:
404:
400:
396:
392:
388:
384:
380:
376:
372:
368:
364:
361:denotes that
360:
352:
348:
344:
343:
342:
341:
337:
333:
325:
324:
323:
322:must satisfy
321:
317:
309:
305:
302:), a string (
301:
297:
293:
289:
286:
283:
279:
275:
271:
268:
265:
261:
257:
253:
250:
249:
248:
246:
242:
238:
234:
229:
227:
222:
220:
219:many examples
216:
212:
206:
203:
197:
193:
190:
186:
183:
179:
176:
172:
171:
166:
165:
164:
160:
150:
148:
143:
139:
135:
130:
128:
124:
120:
116:
112:
108:
104:
100:
96:
92:
88:
87:United States
84:
80:
76:
72:
67:
65:
61:
57:
52:
49:
39:
33:
19:
3635:Block cipher
3475:Key schedule
3465:Key exchange
3455:Kleptography
3449:
3413:Cryptosystem
3357:Cryptography
3309:OpenPGP card
3289:Web of trust
3268:
2945:Cramer–Shoup
2797:
2765:, retrieved
2757:
2738:
2720:
2698:. Retrieved
2689:
2680:
2671:
2657:(2): 55–61.
2654:
2650:
2630:. Retrieved
2623:the original
2610:
2599:. Retrieved
2594:
2584:
2545:
2539:
2529:
2522:
2503:
2462:
2452:
2443:
2427:
2418:
2389:
2376:
2363:
2353:17 September
2351:. Retrieved
2342:
2333:
2322:
2316:
2309:
2302:
2295:
2288:
2281:
2275:
2271:
2267:
2263:
2258:
2247:. Retrieved
2240:the original
2209:
2205:
2192:
2152:
2143:
2120:. Retrieved
2095:
2091:
2079:
2044:
2040:
2030:
1985:
1981:
1971:
1959:. Retrieved
1929:. Retrieved
1898:. Retrieved
1889:
1880:
1869:. Retrieved
1855:
1845:17 September
1843:. Retrieved
1839:the original
1834:
1825:
1815:17 September
1813:. Retrieved
1801:
1789:
1778:. Retrieved
1766:
1753:
1743:February 20,
1741:. Retrieved
1732:
1723:
1713:23 September
1711:. Retrieved
1695:
1691:
1679:
1667:. Retrieved
1658:
1649:
1631:
1613:
1602:. Retrieved
1582:
1573:
1544:. Retrieved
1528:
1399:
1383:
1368:
1362:January 2015
1359:
1344:Please help
1332:
1291:
1275:
1271:
1248:
1223:
1158:SPHINCS+, a
1060:
1056:
1039:
1022:level 3 and
1012:
1003:
999:
991:
971:
946:
930:
917:
890:
884:
878:
871:
864:
858:
834:
828:
818:
814:
810:
806:
802:
801:
791:
790:
781:
780:
765:
760:
757:
753:
749:
741:
729:
726:Applications
711:
696:
687:
675:
663:
660:
655:
651:
647:
639:
635:
631:
623:
619:
618:, such that
615:
611:
607:
601:
586:
580:January 2022
577:
567:
560:
553:
546:
534:
522:Please help
517:verification
514:
467:
452:
420:
410:
406:
402:
398:
394:
390:
386:
382:
378:
374:
370:
362:
358:
356:
350:
339:
331:
329:
319:
315:
313:
307:
303:
299:
295:
291:
287:
281:
277:
273:
269:
263:
259:
255:
251:
244:
240:
236:
232:
231:Formally, a
230:
226:unary number
223:
217:, is one of
207:
204:
201:
195:
188:
181:
174:
168:
162:
131:
111:Saudi Arabia
83:South Africa
68:
53:
47:
45:
3623:Mathematics
3614:Mix network
3279:Fingerprint
3243:NSA Suite B
3207:RSA problem
3084:NTRUEncrypt
2767:31 December
1949:JA, Ashiq.
1729:"Law 15-04"
1618:State of WI
1302:key lengths
1177: [
1058:difficult.
984:certified.
891:total break
847:or via the
777:Limitations
448:Lotus Notes
439:Len Adleman
175:private key
142:private key
119:Switzerland
3722:Categories
3574:Ciphertext
3544:Decryption
3539:Encryption
3500:Ransomware
3233:IEEE P1363
2851:Algorithms
2713:References
2632:2018-04-06
2601:2023-06-12
2266:, "signs"
2249:2012-11-27
2122:2020-10-26
1900:2020-01-21
1871:2018-02-01
1780:2022-03-11
1604:2006-05-10
1546:2023-06-11
1410:key escrow
1307:See also:
1287:California
1020:FIPS 140-2
949:smart card
841:revocation
819:public key
807:public key
767:Encryption
638:)), where
550:newspapers
435:Adi Shamir
182:public key
153:Definition
3564:Plaintext
2555:1403.6676
2214:CiteSeerX
2112:0140-3664
2071:212613803
2063:1687-1499
2022:239387758
1961:7 January
1931:7 January
1698:(23708).
1422:21 CFR 11
1333:does not
1298:algorithm
1162:based on
1148:based on
1131:based on
1091:RSA with
490:Moti Yung
486:Moni Naor
468:In 1988,
421:In 1976,
345:Pr <
336:adversary
147:bitstring
103:Indonesia
64:tampering
3703:Category
3609:Kademlia
3569:Codetext
3512:(CSPRNG)
3490:Machines
3294:Key size
3228:CRYPTREC
3145:McEliece
3099:RLWE-SIG
3094:RLWE-KEX
3089:NTRUSign
2902:Paillier
2694:Archived
2675:RFC 5758
2347:Archived
2173:Archived
2116:Archived
2014:36798451
1955:Archived
1925:Archived
1894:Archived
1865:Archived
1806:Archived
1771:Archived
1737:Archived
1704:Archived
1663:Archived
1639:Archived
1621:Archived
1595:Archived
1537:Archived
1416:See also
1300:choice,
1235:protocol
1154:lattices
1137:lattices
1024:FIPS 201
941:security
865:key-only
782:Replays.
385:made by
326:Pr = 1.
296:rejected
292:accepted
42:message.
3364:General
3140:Lamport
3120:CEILIDH
3079:NewHope
3026:Schnorr
3009:ElGamal
2987:Ed25519
2867:Benaloh
2700:1 April
2236:2873616
2187:, 2002.
2005:9925878
1988:: 931.
1354:removed
1339:sources
1249:perfect
1193:Bitcoin
1119:Pairing
1036:WYSIWYS
1030:WYSIWYS
797:Bitcoin
761:doesn't
564:scholar
417:History
377:, · ),
189:signing
115:Uruguay
91:Algeria
3485:Keygen
3262:Topics
3238:NESSIE
3180:Theory
3108:Others
2965:X25519
2745:
2727:
2572:
2510:
2477:
2435:
2382:CRYPTO
2234:
2216:
2110:
2069:
2061:
2020:
2012:
2002:
1669:19 May
1142:Falcon
877:In an
721:order.
672:padded
668:hashed
626:
622:
566:
559:
552:
545:
537:
496:Method
476:, and
437:, and
397:, and
367:oracle
357:where
332:secure
107:Mexico
95:Turkey
85:, the
79:Canada
75:Brazil
3520:(PRN)
3074:Kyber
3069:BLISS
3031:SPEKE
2999:ECMQV
2992:Ed448
2982:EdDSA
2977:ECDSA
2907:Rabin
2762:(PDF)
2626:(PDF)
2619:(PDF)
2550:arXiv
2243:(PDF)
2232:S2CID
2202:(PDF)
2067:S2CID
2047:(1).
2018:S2CID
1809:(PDF)
1798:(PDF)
1774:(PDF)
1763:(PDF)
1707:(PDF)
1688:(PDF)
1598:(PDF)
1591:(PDF)
1540:(PDF)
1533:(PDF)
1503:Notes
1427:X.509
1181:]
1087:EdDSA
1082:ECDSA
1015:cloud
870:In a
863:In a
571:JSTOR
557:books
409:, on
123:Chile
99:India
3274:OAEP
3248:CNSA
3125:EPOC
2970:X448
2960:ECDH
2769:2015
2743:ISBN
2725:ISBN
2702:2018
2570:ISBN
2508:ISBN
2475:ISBN
2433:ISBN
2355:2014
2108:ISSN
2059:ISSN
2045:2020
2010:PMID
1963:2016
1933:2016
1847:2017
1817:2017
1745:2018
1715:2019
1671:2020
1404:and
1337:any
1335:cite
1285:and
1279:Utah
1187:and
1144:, a
1107:and
1045:and
982:EAL3
650:and
614:and
543:news
488:and
425:and
347:negl
318:and
3284:PKI
3167:XTR
3135:IES
3130:HFE
3061:SIS
3056:LWE
3041:STS
3036:SRP
3021:MQV
3004:EKE
2955:DSA
2940:BLS
2912:RSA
2887:GMR
2659:doi
2560:doi
2467:doi
2301:of
2224:doi
2185:MIT
2179:",
2100:doi
2049:doi
2000:PMC
1990:doi
1696:446
1348:by
1205:or
1152:in
1150:CVP
1135:in
1133:LWE
1123:BLS
1093:SHA
1077:DSA
1072:RSA
910:An
642:is
604:RSA
526:by
443:RSA
294:or
101:,
77:,
3724::
3115:AE
2950:DH
2688:.
2653:.
2641:^
2593:.
2568:.
2558:.
2489:^
2473:.
2402:^
2341:.
2308:,
2294:,
2230:.
2222:.
2210:21
2208:.
2204:.
2161:^
2131:^
2114:.
2106:.
2096:22
2094:.
2090:.
2065:.
2057:.
2043:.
2039:.
2016:.
2008:.
1998:.
1986:10
1984:.
1980:.
1941:^
1909:^
1888:.
1863:.
1833:.
1800:.
1765:.
1735:.
1731:.
1694:.
1690:.
1657:.
1593:.
1568:;
1555:^
1522:;
1511:^
1392:.
1296:,
1179:ru
903:A
896:A
889:A
694:.
658:.
492:.
472:,
465:.
457:,
433:,
413:.
401:∉
391:pk
375:sk
369:,
353:),
338:,
310:).
300:pk
284:).
278:sk
260:sk
256:pk
243:,
239:,
228:.
194:A
187:A
167:A
129:.
121:,
117:,
113:,
109:,
105:,
97:,
93:,
89:,
81:,
66:.
46:A
3349:e
3342:t
3335:v
3058:/
3053:/
2836:e
2829:t
2822:v
2704:.
2665:.
2661::
2655:3
2635:.
2604:.
2578:.
2562::
2552::
2516:.
2483:.
2469::
2357:.
2328:.
2326:2
2323:m
2320:1
2317:m
2313:2
2310:m
2306:1
2303:m
2299:2
2296:s
2292:1
2289:s
2285:2
2282:s
2279:1
2276:s
2272:r
2270:=
2268:m
2264:r
2252:.
2226::
2168:"
2125:.
2102::
2073:.
2051::
2024:.
1992::
1965:.
1935:.
1903:.
1874:.
1849:.
1819:.
1783:.
1747:.
1717:.
1673:.
1607:.
1549:.
1375:)
1369:(
1364:)
1360:(
1356:.
1342:.
1209:.
1195:.
712:N
688:N
676:N
664:m
656:d
652:e
648:N
640:φ
636:N
634:(
632:φ
628:≡
624:d
620:e
616:d
612:e
608:N
593:)
587:(
582:)
578:(
568:·
561:·
554:·
547:·
520:.
411:S
407:x
403:Q
399:x
395:n
387:A
383:S
379:Q
373:(
371:S
363:A
359:A
351:n
349:(
340:A
320:V
316:S
308:t
304:x
288:V
282:x
274:t
270:S
264:n
252:G
245:V
241:S
237:G
184:.
34:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.