Signature Schemes
Learn how BLS Signature Schemes work and how they can be used to secure cross-chain communication.
Signature schemes are cryptographic schemes, that allow us to sign some piece of data, and someone else can verify our signature. Think of signature schemes as a very modern version of signing for example a contract, which does not rely on your unique hand movement, but on math. There are many different signature schemes. They vary in efficiency and security.
The main goal of signature schemes is to ensure the authenticity, non-repudiation, and integrity of digital messages.
-
Authenticity: Authenticity ensures that the signature authenticates the origin of the message and verifies that it was indeed created by the claimed sender. A valid signature on a message proves that the signer owns the private key associated with the public key used for the signature.
-
Non-Repudiation: Non-repudiation ensures that the signer cannot deny their involvement in the transaction. In other words, they cannot later claim that they didn't authorize or sign the message. Therefore, signing the message is a binding commitment.
-
Integrity: Integrity ensures that the message has not been tampered with or modified during transmission. Validating a changed message, no matter how small the difference, with the signature will not be successful.
Public and Private Key
These signatures are generated using a private key known only to the sender. They can be verified by anyone who possesses the corresponding public key associated with the sender. This dual-key structure, consisting of a private key for signing and a public key for verification, forms the basis of asymmetric or public-key cryptography.
Methods of Signature Schemes:
Signature schemes consist of three methods:
- Generate Key Pair() => Private Key, Public Key: This algorithm is used to generate a pair of keys for the user. One key is the private key, which is kept secret, and the other is the public key, which is made available to others. The private key is used for signing messages, while the public key is used to verify the signatures.
- Sign(Message, Private Key) => Signature: This algorithm is used by the owner of the private key to create a digital signature for a message. The signature is generated based on the private key and the content of the message. The signature is typically appended to the message before transmission.
- Verify(Message, Signature, Public Key) => Valid/Invalid: This algorithm is used to verify the authenticity of a received message with the public key of the sender and its associated signature. The result is that the signature is either valid or invalid for the given private key.
In some signature schemes, there may also be a "recover" algorithm:
- Recover(Message, Signature) => Public Key: This algorithm can be used to recover the public key corresponding to the private key that has been used to create the signature for a message.
The signature can be verified by comparing the public key returned by the recover algorithm with the public key of the message's sender. If there is an exact match, the signature is valid.
In the following activity, you can interact with a signature scheme to learn more.
Formats of Keys and Signatures
Using these methods we can create keys and signatures. But what does that mean? At the end of the day, signatures and keys are just (very long) series of bits (0 and 1s) that can be interpreted as numbers and represented as hexadecimal strings.
Interactive Demo
Before you start, understand the inputs (blue), the algorithms (red), and outputs (green). Follow the lines to see how they are connected. Then follow these steps:
- Generate a new Key Pair and check out Private Key and the Public Key / Address.
- Sign a message and view the signature. See that the signature is valid.
- Change the message and see what values change and if the signature is valid.
Open the Demo