In the course of our lives, we have signed our name thousands of times-on checks, applications for loans, marriage licenses-the list is endless. Persons in positions of authority may certify the existence of a person signing a birth certificate or end a life by signing a death warrant. Signatures have been applied in much the same way since ancient times-by writing one’s name. Over the last few years, cryptography has made a new way of putting signatures into practice.
History of Authentication
It is probably not surprising that the inventors of writing, the Sumerians, were also the inventors of the authentication mechanism. The Sumerians used intricate seals, applied to their clay cuneiform tablets using rollers, to authenticate their writings. Seals continued to be used as the primary authentication mechanism until recently. The use of signatures recorded in the Talmud (fourth century) and by security procedures to prevent the alteration of documents after they have been signed. The Talmud even describes the use by witnesses of the form of a “signature card.”
The practice of authenticating documents by affixing handwritten signatures began to be used within the Roman Empire in AD 439, during the Valentinian III rule. The subscription-a short handwritten sentence at the end of the document stating that the signatory “subscribed” to the document-was first used for the authentication of wills. Affixing signatures to the documents gained rapid importance as a hand-written representation of one’s name that remained essentially unchanged for more than 1,400 years. It is from this Roman use of signatures that the practice has acquired significance in the Western legal tradition. With the advent of public-key technology, the means to provide digital signatures for computer communications equivalent to handwritten signatures on paper documents became available.
In 1976, Whitfield Diffie and Martin Hellman published their flagship paper New Directions in Cryptography. This paper outlined how the problem of solving discrete logarithms in finite fields could be used to develop asymmetric public / private key pairs with clear potential for use in data networks.
Importance of Signatures
No security procedure, manual or automated, provides absolute assurance. There is evidence that forgery was practiced shortly after the invention of writing, and that it has remained a problem since then. In the year 539 AD (100 years after the Romans began to use signatures) the Romans enacted legislation (in the Justinian Code) that laid down requirements for the forensic examination of documents by experts to be sworn and specifying under what circumstances their testimony may be given in cases of forgery.
Signature handwritten or digital serves some purpose:
· Authentication – which concerns the assurance of identity. When the sales clerk applies the signature on the back of the credit card to the signature on the payment slip, the clerk utilizes hand-written signatures as an identification method to ensure that the individual displaying the credit card is the one to which the card was issued by the issuing bank.
· Data Integrity– It is the assurance that there has no data modification taken place after the application of signature. Although handwritten signatures do not in itself offer data integrity facilities, the standard protection procedures around handwritten signatures, including the usage of indelible ink and tamper-evident material, provide a measure of data integrity. Digital signatures provide excellent data integrity services because the digital signature value is the function of the message digest; even the slightest modification of digitally signed messages will always result in a signature verification failure.
· Non-repudiation – which seeks to provide evidence to a third party (such as a judge or jury) that a party has participated in a transaction and thus protects other parties from false refusals of participation in the transaction. The purchaser’s signature on the credit card payment slip contains proof of the purchaser’s involvement in the transaction which defends the retailer and the card-supplying bank against fraudulent denials of the purchaser’s involvement in the transaction.
The Usage of Signature
There are, of course, many situations in which documents have to be signed and archived, and the signatures remain valid for the duration of the archive. Signatures on documents, for example, can be called into doubt several decades after they have been implemented. Many sources of signed archival records, collected from everyday life, include medical notes, service discharge papers, and mortgages. When considering digital data archiving, it is important to remember that digital signature verification requires each and every bit of the signed document to be preserved and read correctly, just as it was when the signatory applied for the signature. For example, turning a bit that changes the “s” character to the “S” character, would be undesirable in any electronic document, and render a digitally signed document completely unverifiable.
Digital signatures are exacerbating the problem of technological obsolescence. They make the most common coping technique-transformation into new formats during transition periods-impossible unless the original signatory can resign under a new format-a solution that is always burdensome and often impossible. From a digital signature point of view, a modification to a paper type is distinct from a shift to the text of the paper which would result in an unverifiable signature. While handwritten signatures are forged in such a way that digital signatures are not, by their cryptographic properties, digital signatures are subject to compromise (loss or disclosure) on the private key of the signatory, just as Sumerian and Roman seals were subject to lose or theft. Compromise is a vulnerability that is not associated with handwritten signatures.
A handwritten signature is biologically linked to a specific individual, while a digital signature relies on the protection provided by the signatory to the private signature key and the procedures implemented by the Certification Authority. Handwritten signatures are under the direct control of the signatory, whereas digital signatures must be used by a computer-controlled by the signatory.
Forgery of handwritten signatures has been practiced for centuries, while forgery of digital signatures, in the absence of compromising the private signature key, or the hijacking of the signature mechanism, is virtually impossible. The forgery mechanisms for handwritten and digital signatures are different.
The data integrity service provided by digital signatures is much stronger than that provided by hand-written signatures. Handwritten signatures can be witnessed, whereas digital signatures cannot be recorded, although they can be notarized. Manuscript signatures can be verified on a perpetual basis, whereas digital signatures are likely to become unverifiable after ten years or so due to data processing equipment and cryptographic standards obsolescence, certificate expiry, and other factors.
Digital signatures can have the biggest effect on the exchange since the advent of paper. Digital signatures allow us to identify ourselves and make commitments in cyberspace in much the same way as we do in real space. However, digital signatures have significant limitations, the most significant being their temporary nature. In the foreseeable future, it seems unlikely that digital signatures will fully replace handwritten signatures. Handwritten signatures have a lot to do with them-they’re fast, cheap, easy to understand, and last forever.
Digital signatures would therefore never be required for the identification of documents, the signing of articles of legislation or some other official or historical function. When handwritten signatures were developed, they expanded the seals that had been in existence for more than 3,000 years they did not remove them. In reality, the seals are still being used today. Instead, hand-written signatures took their place alongside seals as an authentication mechanism useful for specific purposes, and over time hand-written signatures gradually increased in the frequency and scope of their use. Digital Signatures, which are the newest verification method in the relentless development in information technologies, are expected to remain almost the same.
Ketubot (with commentary by Rabbi Adin Steinsalz, The Talmud, Volume VIII, Tractate Ketubot, Part II, Random House, New York, NY, 1992, Section 18B, page 57.
 J.K.B.M. Nicholas, An Introduction to Roman Law, Clarenden Law Series, Oxford, 1962, page 256.
A seal is applied using a device the originator “has,” whereas a handwritten signature relies on unique characteristics of the signer. In this respect, digital “signatures” are more akin to seals, in that they rely on application of something the originator has – a private key – as opposed to some characteristic biologically unique to the originator.
 Anderson, Chris, Document Examination, page 1.
 Ford, Warwick, Computer Communications Security, Principles, Stand Protocols and Techniques, Prentice Hall, Englewood Cliffs, NJ, 1994, page 109.
Contributed by: Anisha Bhandari (Institute of Law, Nirma University)