Abstract
The literature review is on the digital signature and the opinions of different writers who have written on this topic. There have been some articles written on the topic of digital signature, a problem on cryptography needs to be solved, there are different companies and organizations that continuously use computers to carry out transactions between them and their customers. A system that cannot allow outsiders to access the insider information on these companies needs to be set up; this will help to prevent the possibility of the company computers being hacked into.
Introduction
A digital signature is quite effective in the sense that any person who tries to get into the companies database but does not have the access code is immediately denied access. The administrators can also be able to determine whether the information that they are receiving from their clients is genuine. The digital signature helps a person to know that the information is original and that it has not been interfered with.
Companies that make use of digital signatures are able to curb the possibility of receiving falsified information. These signatures are used in some countries as a form of authenticating the information that has been put on the internet or in any computer application, this helps to determine whether the information is just as the writer intended it to be. A lot of companies are establishing the use of digital signatures in most of their transactions, thereby enhancing the importance of encryption of data in all companies’ computer systems. Cryptography is important as it facilitates the maintenance of security of any company’s data and ensures that only the right people access the company data.
In an article on a method for obtaining a digital signature, Rivest et al (1978) have discussed their view of encryption widely. They state that:
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intended recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature (p.120).
They give information on the encryption concept and an explanation of how it works. According to them, the process is quite useful because even when a person knows the key-encryption key, he would not be able to access the data contained in that computer if the person was not able to access the decryption key. It, therefore, means that only the person who knows both keys can be able to access the company data.
There are two issues on cryptography that have been discussed by Diffie and Hellman (1976) in their article on cryptography. They state that “Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature.” They also claim that there is a need to find solutions to the problems that arise due to encryption. Their article also “discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long-standing” (p. 644).
There is a connection between the issues that the article writers talked about. They seem to have been writing about how the majority of companies are trying to protect the data that they have saved in their computers, the majority of the transactions between the companies and their clients are electronic. With the advent of electronic transactions, there are risks that the data could be accessed by unauthorized persons and therefore be interfered with.
The notion of digital signature was coined by Heyst and Chaum (1991), the idea of a person signing on behalf of other persons on receiving a message on a computer is quite convenient for the whole company. The idea that an employee can sign documents on behalf of others in a company, without the receiver realizing that the message that he received was not signed by who he expects to have signed, saves time for the other employees. Only one person has access to the group signature password so the signature cannot be used by unauthorized persons, the administrators can therefore be able to verify who it was that used the signature (p.257).
The concept of signatures based on identity has been recommended, this is according to Rivest et al (1978). However, this concept had certain disadvantages that include the expensive “Bilinear pairing” from which it comes from. The use of this ring without pairing is, therefore, more affordable. There is therefore a recommendation for use of ring signature based on “quadratic residue” which is more efficient (p.122).
Miyazaki et al (2006), claim that when a digital signature has been used, the contents of the documents cannot be changed thereafter. This is mostly done to reduce the possibility of the contents being interfered with and the meaning of the document being changed (p.343). An article by Niccache et al (2008), introduces the notion of “twinning”, which makes the signing of short messages possible, and the writer, therefore, has to sign twice in his message by a signature scheme (p.20).
Wireless network sensor (WNS) makes it impossible to use “asymmetrical cryptography”; this is according to Driessen et al (2008), in the article that they wrote on the security of the wireless network. There is also a need for the concerned parties to make sure that they receive each other’s signatures on the internet, this will enhance security for both companies as they will have evidence of each other’s commitments to the contract that they had both agreed to honor (p.31), this is what Wang (2005) states in his article about the conference on the world wide web in Japan (p.412).
Summary/ Evaluation
The ten articles that have been reviewed contain information on encryption by different companies, and why it is important in the security of any company, with encryption the company’s data and private information cannot be assessed by unauthorized people. The use of digital signatures also ensures that only genuine businesses are conducted and that the company is not conned by online fraudsters.
Electronic signatures use can be found in many different transactions, among them is in the use of e-mail on the internet and also in money transfer which is carried out electronically. Diffie and Hellman (1976), claim that it is easy to use encryption and decryption and that both processes are similar; in both, there is the use of public numbers and confidential numbers (p.646).
The companies today always conduct their transactions electronically, that being the case, Subramanya and Li (2006) in their article on digital signatures, claim that there is a need for the companies who conduct their businesses electronically to guard their data against their competition and online fraudsters, this ensures that the data has not been interfered with and that the information on the company that they had offered to their customers is still the same and is authentic. Digital signatures serve the same purpose as manual signatures; their function is to authenticate documents that are sent online as opposed to being sent manually. The concept of digital signatures is relatively new but there is a high possibility that many more companies will adopt it accordingly (p.5).
Group signatures are a quite important concept in all companies, Chaum and Heyst (1991) came up with it, a person can be able to make signatures for other people whom she works with, if she has a prestigious position, then she can not only be able to sign for fellow workers who are in similar positions, but also for workers who are of lower status. The data can be a lot or little depending on the number of people involved but in some cases, the person who makes the signatures can be easily recognized.
The article was written on ring signatures by Rivest, Shamir, et al (1978) contains a lot of information on identity-based ring signatures, the writers state that these kinds of signatures have been under scrutiny by different people just as they have been recommended by a lot of people. The fact that the signatures which are not paired are more popular is apparent, based on the article, the ring signatures which are made from “bilinear pairing” are too costly and that is why the majority of people prefer to use the “ID-based ring signatures based on quadratic residues (p.123).”
These kinds of signatures are more efficient as compared to the ones which are paired. What makes it more efficient is the fact that is less likely to be falsified by the people who would like to sabotage the company. Only the person who gave the mandate to make the signature can be able to use the ID-based ring signatures as compared to other signatures.
When a document has been written and a digital signature has been put on the document, the content of the documents cannot be changed under any circumstance. This is according to Miyazaki et al (2006) in a document that they wrote concerning a conference on “Information, computer, and communications Security”, which was held in Taiwan. They however recommend that there is a need for an opportunity for the document to have some form of changes done on the document; nonetheless, the modifications should be done about the safety of the overall documents. The information contained in the document should be changed accordingly so that the meaning of the document does not change (p.344).
The writers further say that in the case of formal documents, the private information is in most cases shrouded in such a way that, only an authorized person can be able to assess the information. The same case applies in “national security” documents which the state does not want to fall into the wrong hands. In most cases, only certain information can be revealed when a person asks for it. When the information that has been requested is done through the “current digital signature scheme”, there is a possibility that the person requesting the information will not be able to assess the information that they are looking for because the private information, in that case, has been protected from interference (p.345).
“Digital document sanitizing problem” is where the privacy of the information is contrary to its validity. The use of digital signatures can enable the person using them to have control over the information that is revealed and also the quantity of the information that is accessible by unauthorized persons. The person is also able to control the provision of the information, the system that the article writers are recommending is found in the bilinear maps and it is the most effective form of digital signature (p.346).
Niccache et al (2001) in their article wrote about twin signatures, the signing of short messages is done through signing they call “twinning”; it is a substitute to the “hash-and-sign paradigm”. This sort of signature is done by putting two signatures in a small message by use of the system that the person deems efficient. According to the writers “analysis of the concept in different settings yields the following results: — We prove that no generic algorithm can efficiently forge a twin DSA signature” (p.22).
In their article on wireless network security conference, Driessen et al (2008) state that there is a need to keep an eye on the link in the system to make sure that the information that is contained there is essential to the well being of the company through the use of Wireless Sensor Network(WSN). According to them, the safety measures have to be put in place in all the messages that are being sent and this can be realized through cryptography (p.32), however has to be symmetric which is considered workable and practical when using WSN.
Through the use of these symmetric keys, then it is possible to store data in computers and thereby ensure effective communication for all people involved, the use of digital signatures in algorithms is quite efficient for the companies as they make work easier. However, there exists a possibility of efficient algorithms which are asymmetric. The writers further state that in their article, they had decided to look into how efficient the digital signatures for algorithms are when a wireless sensor network is used. They looked at XTR-DSA, NTRUSign, ECDSA, AND MICAz, XTR-DSA and NTRUSign were applied (p.33).
There was an international conference in Japan concerning the World Wide Web and the contract signing protocol based on a signature. Wang (2005) wrote an article on the same. In his article, he claimed that signing a contract brings together different people, they pledge to adhere to the contract, the pledge is through the digital signature; this is done online. Signing a contract is quite important because the two parties can do business on the fairground when they obtain each other’s signature (p. 413).
In his article Wang (2005) writes about the RSA signature scheme and recommends another procedure of signing using digital signatures. In the other signing process, a third person comes into the picture only when one of those involved in the contract is not adhering to the terms of the contract or there has been a communication barrier, it is also free from interference by outsiders (p.414).
The new signing procedure is highly effective, not unless otherwise, both parties can deal with the intermediary confidentially without each other’s knowledge. There has been some information that has been provided to give more details to those who want to use the new scheme. It is safe and valuable to all who use it. In his article, Wang, therefore, introduces a scheme that is effective and also makes use of the RSA signature; it cannot be interfered with (p.415).
Concurrent signatures have been initiated by Chen et al (2004), who has written about these kinds of signatures. These signatures are quite important as they enable the two companies involved to sign in such a way that another person cannot be able to differentiate between the two signatures, the only way they can be differentiated is if more information is provided to the person by one of the companies. This information is known as “the keystone” after the information is provided the signer can thereby be identified and his signature verified. These signatures help in offering solutions to the companies in that, the company can have a binding contract with their clients. These concurrent signatures are also cost-effective; the two parties do not have to be physically in the same place; neither does the intermediary have to be there personally. The level of contact is also minimized; this means that international businesses can thereby be conducted efficiently (p.287).
Chen et al (2004) offer a representation of concurrent signature safety in their “oracle model” by use of logarithm (p.288). When it comes to the problem experienced when using concurrent signatures in cryptography, the issue of trust comes to the forefront, there are instances where the parties involved are not reliable, the use of these sorts of signatures ensures that none of the parties go back on their word. The signing of the signatures should be done openly, the two parties should receive each other’s signatures, or they may agree not to use signatures. There should not be an instance where one party opts out of the contract without the knowledge of the other, or without first agreeing on the way forward. In their article on the concurrent signature, Chen et al (2004) state that:
A concurrent signature protocol can be built using the ambiguity property enjoyed by ring signatures [RST01, AOS02] and designated verifier signatures [JSI96]. This introduces the key technical idea of our paper. A two-party ring signature has the property that it could have been produced by either of the two parties. A similar property is shared by designated verifier signatures. We will refer to any signature scheme with this property as an ambiguous signature scheme and we will formalize the notion of ambiguity for signatures in the sequel. Since either of two parties could have produced such an ambiguous signature, both parties can deny having produced it. However, we note that if A creates an ambiguous signature which only either A or B could have created, and sends this to B, then B is convinced of the authorship of the signature (since he knows that he did not create it himself) (p.289).
Concurrent signatures are those that have many numerals and are made up of digital signatures which have several algorithms. The person who writes the first signature is the “initial signer”, while the one who responds is known as the matching signer so long as he responds using a similar keystone.
Conclusion
The above review is on ten articles that were written by different writers. The majority of the articles have been written by more than one writer. The articles however dwell on basically the same topic; the main topic is the digital signatures. In many companies today, there has been a need for encrypting their files; this has been necessitated by the risk of hackers or even the risk of the company data being interfered with or being altered by people who want to compromise the company.
Cryptography is quite important in protecting company data. Some writers have looked at this aspect in their articles. Digital signature comes in handy when the company wants to conduct business online, with the use of the digital signature, the company and the client do not have to be in the same place physically, they just exchange the important information online and they put digital signatures. The articles have also looked at the aspect of contract signing; the digital signatures have been very effective in making sure that the contract that is signed between two parties is binding. Therefore, it prevents the possibility of one party opting out of the agreement without informing the other party. The concepts of twin and group signing have also been discussed in some of the articles.
Reference List
Chaum, D and Heyst, E. (1991). V “Group Signatures”, Advances in Cryptology — EUROCRYPT’91, vol, 547, pp257-265.
Chen, L, Kudla, C and Paterson, K, G (2004). Hawlett Holloway laboratories, Bristol UK, ‘Concurrent Signatures’, University of London. Pp287-305.
Diffie, W, Hellman, M (1976). ‘New Directions in Cryptography’, Information Theory, IEEE Transactions on, vol. 22, no. 6, pp 644-654.
Driessen, B, Poschmann, A and Paar, C. (2008). Comparison of innovative Signature Algorithms for WSN’, WiSec ’08: Proceedings of the first ACM conference on Wireless network security, Alexandria, Virginia, USA, New York, NY, USA, ACM , pp-30-35.
Miyazaki, K, Hanaoka, G and Imai, H. Digitally signed document sanitizing scheme based on bilinear maps’, ASIACCS ’06: Proceedings of the ACM Symposium on Information, computer and communications Security, Taipei, Taiwan, New York, NY, USA, ACM, 2006, pp 343 – 354.
Naccache, D, Pointcheval, D and Stern, J (2001). Twin signatures: an alternative to the hash-and-sign paradigm, CCS ’01: Proceedings of the 8th ACM conference on Computer and Communications Security, press, pp 20-27.
Rivest,R,L, Shamir,A and Adleman,L. (1978) A Method for Obtaining Digital Signatures and Public Key Cryptosystems Communications of the ACM, vol. 21 no. 2, page 120- 126.
Rivest, R, Shamir, A et al, (2006) How to Leak a Secret: Theory and Applications of Ring Signatures, Theoretical Computer Science.pp164-186.
Subramanya, S.R, and Yi, B.K (2006) Digital Signatures, IEEE, vol. 25, no. 2, pp5-8.
Wang, G. (2005). An abuse-free fair contract signing protocol based on the RSA, signature, Proceedings of the 14th international conference on World Wide Web, Chiba, Japan, ACM, pp.412-421.