In one of our earlier articles, we have seen the concept of message digests, also called as hashes. A message digest (or hash) is a fixed-length value obtained on some message. This message digest value is always guaranteed to be the same for the same message. If we change the message even by a single bit, the message digest would change. Hence, message digests can be used to ascertain the fact that a message has not been changed or tampered with, since it was created. However, it suffers from two problems:

1. An attacker can modify both the original message and the computed message digest. Therefore, the receiver has no way of knowing if this is the case, or indeed the original message and the message digest have been the same as what the sender had initially sent.
2. A message digest does not prove if the message was indeed sent by the sender, or by someone else. After all, a message digest algorithm can be run by anyone, even by an attacker. So, if a bank receives an instruction to transfer USD 1,000 from Account A to Account B, the bank has no way of knowing if this instruction is genuine, or fake. Just because the payment instruction accompanies with a message digest does not prove (or disprove) this. All it says is whether a message was changed since it was first created.

More specifically, we want to deal with two problems. The first one is to ensure message integrity (check if the message has been tampered with) and the second one is to ensure non-repudiation (ensure that the sender of the message cannot refuse having sent it).

Using a message digest as the base, how can we achieve this? Well, we cannot. And this is where a digital signature steps in. A digital signature can be used to guarantee, beyond doubt, the validity of message integrity and that of non-repudiation. Let us understand this now. For this purpose, let us quickly review the message digest computation process, shown in the diagram below.

Figure 1 -  Message digest computation process

Figure 2 - Message Digest Encryption

Therefore, what we are saying now is that the message digest must be encrypted before it is sent to the receiver. The receiver would simply reject the message if a message digest, which is not encrypted, accompanies it. Of course, the whole point here is that:

1. The genuine sender should be somehow able to perform this encryption operation, and the genuine receiver should be able to verify this encryption operation; but
2. An attacker should not be able to perform this encryption operation

Note that the attacker would still be able to perform the operation of computing the message digest. But the attacker must not be able to encrypt the message digest thus obtained. How can this be possible? Very clearly, we must have a scheme whereby only the genuine sender and the genuine receiver share some secret. This secret can be used as the key for encrypting the message digest. However, in real life situation, sharing secrets beforehand is not always possible. Imagine, for example, that we are ordering books online in India using a site hosted in America. The bookseller and we have no prior relationship or agreement. How can we share secrets?