Does signing always involve encrypting a hash or can we call private key encryption of an unhashed message signing too?
Asked
Active
Viewed 141 times
0
-
4I think this question is mainly asked and answered here. Please also note that it is a bad idea to conflate signature generation with encryption using the private key. There are also questions / answers about generic attacks on (EC)DSA for direct signing on this site, but that's algorithm-specific. – Maarten Bodewes Oct 29 '23 at 15:43
-
3Signing never means encrypting a hash. It's a private key operation, and in asymmetric systems encryption is by definition one of the two operations using the public key. At best you could say it sometimes involves something that's similar to decrypting a hash, though that'd still be inaccurate for RSA as used in practice (the "padding" is different). – SAI Peregrinus Oct 29 '23 at 23:12
-
Cryptographically speaking, signing always involves encrypting a hash of the message, not the message itself. This is because a hash function is a one-way function, meaning that it is computationally infeasible to reverse the hash and obtain the original message. This property is essential for ensuring the integrity of the signed message. – user1850484 Oct 30 '23 at 05:41
-
1Does this answer your question? Why do we need to compute message digest of a message first while signing it? – Gilles 'SO- stop being evil' Oct 30 '23 at 07:59
-
@user1850484 The parts of your comment: "signing always involve encrypting a hash" - is incorrect in the use of terms; "because hash function is a one-way function" is irrelevant; "essential for ensuring the integrity" this is true, but your reasoning towards this conclusion is absent. Considering these, I suggest you delete your comment. – DannyNiu Mar 29 '24 at 04:20
1 Answers
1
Does signing always involve encrypting a hash ...
Do you think you can always decrypt it? In any/all digital signature algorithms?
- ECDSA: the signature is $(r,s)$, doesn't look like it.
- Dilithium/ML-DSA: the signature is $(z,h,c)$, doesn't look like it.
- SPHINCS+/SLH-DSA: the signature is a huge array of hash values, doesn't look like it.
Can you see the pattern now?
DannyNiu
- 9,207
- 2
- 24
- 57