Boost Your Business with Digital Signature Legitimacy for Assignment of Partnership Interest in Mexico

How to eSign a document: digital signature legitimacy for Assignment of Partnership Interest in Mexico

in the last segment we looked at cryptographic hash functions and how to use them to commit to data on the blockchain in this segment we're going to look at digital signatures and how they're used to approve transactions so let's get started in the physical world a signature is used to bind an author to a particular document for example i might sign a check for one dollar and that binds and the signature binds me to that check the problem is that when we try to move this idea to the digital world we immediately run into a problem right if my signature was simply just some sort of a picture of my name then it's quite easy for someone to take that picture and simply copy it onto a different document that has the same picture on it the same signature but now the document says something completely different right this document would be a check for a hundred dollars so the idea of taking physical signatures and moving them to the digital world as is simply doesn't work it's very easy to copy a signature and therefore we cannot just use pictures as a way to sign a document so the question is what to do and so the solution is basically to make it so that the signature itself depends on the document being signed okay so the signature that we're going to attach to authenticate a document will depend on the content of the document so the way a signature scheme works is as follows we have again we have the data that we want to sign so a check for one dollar in this case um and then basically the signer bob here is going to have a secret signing key that's going to feed into a signing algorithm okay so the data to be signed along with the secret signing key is going to be given as input to the signing algorithm the signing algorithm algorithm is going to produce a signature and that signature will be attached to the document that's about to be signed now the verifier who wants to verify that the signature is legitimate or what they need is basically the corresponding public verification key okay so this public verification key is derived from the signing key and basically the signature and the uh the data are used basically to verify that the signature is valid and the verify basically either accepts or rejects the signature as a valid signature on the document so in more detail let's look at the syntax of a digital signature scheme again these schemes are used everywhere in the blockchain space so i want to make sure you understand how to interact with them and so there's a there are three algorithms basically there's a key generation algorithm which we'll call gen which outputs the signing key the secret signing key and the public verification key so we'll denote them by sknpk there's a signature algorithm that takes the signing key and the message to be signed and outputs a signature sigma and finally there's a verification algorithm that takes the public verification key the message that was supposedly signed and the signature and the algorithm either accepts or rejects the signature okay so that's it that's what a signature scheme is it's just these three algorithms and informally we can define what the security property for these for a signature scheme needs to be which basically sees that it says that an adversary who sees many signatures on many messages of her choice from the signer so she can ask the signer to sign many many messages of the adversary's choice still that adversary cannot forge a signature on any new message so that's the security property this is often called existential unforgeability under a chosen message attack but um we won't define that formally we'll just leave it at this informal level for now but the thing that i want you to remember is even though you might see many signatures on many different messages that still makes it very difficult to forge a signature on some new message okay so there are lots of constructions for digital digital signature schemes here i'm going to focus on three that are primarily used in the blockchain space and so let's talk about uh the three families the first one is called rsa which actually is not used in the blockchain space it's just a classic classic signature scheme so i wanted to mention it so the rsc signature is uh primarily the reason they're not used in the world of blockchains is because they generate relatively long signatures and also the public keys happen to be relatively long so over 256 bytes the benefit of rsa signatures which is why they're often used for certificates on the web is that they're quite fast to verify so once a signature is issued the verifier can verify a signature quite quite quickly but because signatures tend to be relatively large over 256 bytes if we had to write these signatures to the blockchain that would be a lot of extra space on the blockchain so we'd rather use signatures that signature schemes that produce much much shorter signatures the next family i want to mention is what's called a discrete log signature and there are two that are used in the blockchain space one is called schnorr and the other one is called ecdsa uh the the world is slowly moving towards schnorr signatures they have a lot of benefits for blockchain applications uh in particular you know the bitcoin is about to move to using schnorr signatures as part of their next update the nice thing about discrete log signatures is that they produce relatively short signatures either 48 or 64 bytes depending on exactly what type of signature you're using so much shorter than rsa and the public keys also tend to be relatively short around 32 bytes and that's it okay so again every time you sign a message that produces a signature that's either 48 or 64 bytes and the verifier needs to have 32 bytes in order to verify that signature using the public key the third category of signatures i want to mention are called bls signatures so bls signatures also produce relatively short signatures they're about 48 bytes but the interesting thing about bls signatures is they have additional properties which make them quite amenable to blockchain applications the first property is what we call aggregation which means that you can take many signatures for many different signers on many different messages and compress all those signatures into a single 48 byte short signature okay so if you have many transactions with many signatures embedded in them in fact you can compress all those signatures into a single signature and just write one signature onto the blockchain so this actually saves quite a quite a lot of space on the blockchain itself this property by the way is the reason why ethereum 2.0 is using bls signatures for their consensus protocol there what happens is you have potentially thousands of people signing a particular message and this aggregation property allows anyone to take those thousands of signatures compress them all into a single signature and write that on the blockchain so we save space on the blockchain and it's also quite easy to verify this aggregate signature um with very little work so not only does it provide compression on the blockchain it also simplifies the verifiers work the other nice property of these signatures is uh they support a very easy threshold mechanism so you can build for example a 3 out of 5 signature scheme with very little work using bls signatures it's actually quite straightforward and for this reason as i said ethereum 2.0 uses it the chia network uses it dfinity uses it and so on so the one issue with these three families of signatures is that none of them are resistant to quantum attacks so if somebody is able to build a quantum computer many years from now then these signatures would become insecure and we would need to move to something else fortunately we know exactly what to move to so this so a quantum computer is not really a threat to the blockchain it just means that the signature mechanism would have to be updated what's interesting is actually that there are a couple of post quantum secure signatures these are signature schemes that are secure even if the adversary has access to a quantum computer the one downside of these signatures is they tend to be relatively long yeah so the reason we haven't moved already to post quantum signatures is because there's some cost involved but if the situation arises in again many decades from now we would have a quantum computer then in fact we know exactly what to do we know what signatures or what signatures can used to move to it would just make the blockchain a little bit bigger than what it is today okay so that's kind of the situation when it comes to uh signatures signature families that we can use and as i said signatures are used everywhere on the blockchain they're used to basically authorized transactions so if alice wants to pay bob she would sign that transaction that transaction would go onto the blockchain and would only get posted if alice's signature is valid on that transaction okay so we use it to authorize transactions uh signatures are also used in governance governance votes if we want to change the rules of a particular d5 project the voters people who own governance s will vote by issuing a signature for or against a particular proposal so they're often used in governance and as i said earlier they're also used in consensus to basically make sure that a a large fraction of the population agrees with a particular block that's being proposed okay so again if we look at transaction authorization you can see that we have say a bunch of people who issue transactions here we see the transaction that they generate it turns out the transaction data you know alice pays bob you say 5 eth is actually relatively short most of the transaction data is being taken up by the digital signature yeah which is kind of interesting that the authorization data is bigger than the transaction data itself we'll see the importance of that actually in the next segment when we talk about scaling so all the people who are issuing transactions will sign their transactions they'll post these signed transactions to the blockchain the miners will verify that the transactions themselves are valid and that they're properly signed and if so they'll put them in a block and post them on the blockchain okay so that's how transaction authorization happens using digital signatures so that's actually all i'm going to say about digital signatures here to keep it short that's really all we need for a high level defy class so to summarize the primitives that we looked at so far if you recall in the last segment we looked at collision resistant hash functions and merkle trees and how they're used to commit to data on the blockchain we just looked at how digital signatures are used to authorize transactions and how they could be used in governance and consensus there's one third important cryptographic primitive that i want to mention that's also uh quite useful in the blockchain space and that's what's called a snark proof which allows alice to prove to bob that a certain fact is true using a very short proof that's also very easy for bob to verify okay so i'm not going to talk about snark proofs here i'll just say that they're used quite heavily for scaling the blockchain and for privacy applications on the blockchain we're going to talk about snark proofs in quite a lot of detail actually when we come back to talk about privacy on the blockchain and so you know be patient and we will cover snarks in much more detail when we talk about privacy on the blockchain okay so that brings us to the end of this segment in the next segment we'll talk about scaling techniques and basically the question is can we make the blockchain fast and cheap okay so we'll see you then