What is a Digital Signature?
In some ways, digital signatures do what their names suggest: they provide validation and authentication in the same way signatures do, in digital form. In this segment we will discuss how they work as well as how multisignatures (multisigs) can be used to add an extra layer of security.
Digital signatures are one of the main aspects of ensuring the security and integrity of the data that is recorded onto a blockchain. They are a standard part a blockchain protocols, mainly used for securing transactions and blocks of transactions, transferral of information, contract management and any other cases where detecting and preventing any external tampering is important. Digital signatures utilize asymmetric cryptography, meaning that information can be shared with anyone, through the use of a public key.
In many parts of the world, digital signatures are as legally binding as a regular signature. Examples of countries or entities recognizing them include: the European Union, the United Nations, United States of America, Switzerland, Brazil, Mexico, India, Indonesia, Turkey and Saudi Arabia.
Digital signatures provide three key advantages of storing and transferring information on a blockchain. First of all, they guarantee integrity. Theoretically, data that is being sent can be altered without necessarily even being seen by a hacker. However, if this does happen in the case of data that is accompanied by a digital signature, the signature would become invalid. Therefore digitally signed data, that is encrypted, is not only safe from being seen but will also reveal if it has been tampered with, cementing its incorruptibility.
Digital signatures not only secure data but also the identity of the individual sending it. Ownership of a digital signature is always bound to a certain user and as such, one can be sure that they are communicating with whom they intend to.
For example, even the most proficient hacker could not fake another’s digital signature as a means of convincing someone else to send money, it is simply mathematically not within the realms of possibility. Therefore digital signatures not only guarantee the data that is being communicated, but also the identity of the individual communicating it.
When using blockchain technology a user has a public key and a private key, both of which appear as strings of random numbers and letters. The public key can be compared to an email address and private key to password. It is very important to never share a private key with anyone. It is equally important to have the private key written down and stored in a safe and secure place. Ideally on a piece of paper or a hardware wallet, as these two are near impossible to hack. Storing private keys in text documents or notes is not advised as these can be hacked relatively easily. There is no “I Forgot My Private Key” option. If a private key is lost, everything that is controlled by the key is lost too.
Finally, the fact that private keys are linked to individual users gives digital signatures a quality of non-repudiation. This means that if something is digitally signed by a user, it can be legally binding and entirely associated with that individual. As indicated earlier, this is heavily dependent on there being no doubt that the private key that signed the data was not compromised, used or seen by anyone other than its owner.
Digital signatures are unique to the signer and are created by utilising three algorithms:
- A key generation algorithm, providing a private and public key.
- A signing algorithm that combines data and private key to make a signature.
- An algorithm that verifies signatures and determines whether the message is authentic or not based on the message, the public key and signature.
The key features of these algorithms are:
- Making it absolutely impossible to work out the private key based on the public key or data that it has encrypted.
- Ensuring the authenticity of a signature based on the message and the private key, verified through the public key.
Multisignature, sometimes shortened to multisig, is a digital signature scheme with the requirement of more than one signee to approve a transaction or document transferral. A joint signature is always more compact than a collection of individual digital signatures.
The concept of multisignature systems were by no means created specifically for cryptocurrencies and have actually been around thousands of years. Monks at Mt Athos would secure their crypts with multiple keys, with more than one being needed to unlock the crypt. This meant that no single monk could access any precious relics without the awareness of at least one other monk.
Multisigs are used by many cryptocurrencies, including Bitcoin and Lisk, as a means of improving security as well as dividing the ability to make decisions between more than one party. This aspect of sending LSK transactions makes the system considerably safer, both from hackers or anybody who might have somehow gained access to a Lisk users passphrase.
In the Lisk ecosystem multi-signature groups consist of the group owner and up to 15 subordinates, that means a total of 16 (N) accounts. The subordinates need to confirm every transaction from the group owner’s account. Every multi-signature group can specify how many (M) confirmations they need. If not enough confirmations are collected, the transaction will not be sent.
The number of potential signees and required number of signatures is agreed at the beginning, when the address is created. Although this is not the case with Lisk, where you can create a multisig account from your account at any time.
Can one person use a multisig?
Yes, individuals have also been known to create multisignatures for themselves to safeguard against their account being compromised. With multisig a user can theoretically have two separate private keys stored in two separate locations. Both keys are required to make any transaction, adding an extra layer of security. Therefore, in order to gain access to your funds somebody would have to obtain both keys to do so, which makes it more challenging and possibly even impossible if both are secured properly.
For example, with multisignature you can create a 2-of-3 escrow service, meaning that in order to approve a transaction two out of three parties are required to be in agreement to do so. A perfect example of where this could be useful is a savings account for a child, wherein both the child and at least one of the parents need to agree how the money is spent. This also leaves the option of any major decision being solely made by the parents, as long as they are both in agreement.
Multisignature can be created in countless combinations (3-of-3 escrow service, 2-of-5 escrow service, etc) and are just as suited to smaller transactions as they are to uses by large companies. An example of this would be a 5-of-9 escrow system created by the board of a large company. In order to validate any large transaction, a majority of the board would have to agree to it.
Digital signatures are a key component in securing data on a blockchain, whereas nodes are the very foundations upon which the network itself is built.