In many respects, digital signatures are equivalent to traditional handwritten signatures; properly implemented digital signatures are more difficult to copy than handwritten signatures. Digital signatures are implemented using cryptography and can provide acknowledgment, which means that the signer cannot successfully claim they did not sign a message while also claiming their private key remains secret.

Digital signatures are widely used in private and government organizations worldwide to sign business-related documents or to file income tax returns.

These are often used to implement electronic signatures, a broader term that refers to any electronic data that holds the meaning of a signature, but not all electronic signatures use digital signatures. In some countries, including the United States, and the European Union, electronic signatures may have legal significance. Electronic signatures are not accepted in India, but digital signatures are.

1. Algorithms in a Digital Signature

A digital signature system typically consists of two algorithms;

• A signing algorithm that inputs a message and a private key to output a signature.
• A signature verifying algorithm that gives a message, public key, and a signature, decides either to accept or reject.

Two main properties are required by the digital signature system;

• A signature generated from a fixed message and fixed private key should verify that message and the corresponding public key.
• It should be computationally infeasible to generate a valid signature for a person who does not own the private key.

2. Digital Signature Security and Attacks

In 1984, Shafi Goldwasser, Silvio Micali, and Ronald Rivest became the first to strictly define the security requirements of digital signature schemes. They described a hierarchy of attack models for signature schemes, they also present the GMR Signature Scheme. GMR Scheme was proven to be secure against adaptive chosen-message attacks - even when an attacker receives signatures for messages of his choice, this does not allow him to copy a signature for a single additional message.

In their foundational paper, Goldwasser, Micali, and Rivest lay out a hierarchy of attack models against digital signatures.

1. In a key-only attack, the attacker is only given the public verification key.
2. In a known message attack, the attacker is given valid signatures for a variety of messages known by the attacker but not chosen by the attacker.
3. In an adaptive chosen message attack, the attacker first learns signatures on arbitrary messages of the attacker's choice.

They also described a hierarchy of attack results;

1. A total break results in the recovery of the signing key.
2. A universal forgery attack results in the ability to forge signatures for any message.
3. A selective forgery attack results in a signature on a message of the adversary's choice.
4. An existential forgery merely results in some valid message/signature pair not already known to the adversary.

The strongest notion of security, therefore, is security against existential forgery under an adaptive chosen message attack.