0

Since non-repudiation is impossible to achieve purely by software why do digital signature exists?

Let me clarify a bit (this part is from eschaefe book pg 64):
1. When B connects to website A he checks his certificate validity after which he can send B his RSA public key and also his digital signature public key.
2. A can then send B AES keys for encryption and MAC via encrypting with B RSA public keys.
3. The message exchange happens and B signs MAC via his DSS private keys.
4. A reads the message , checks MAC and signature.

Problem: If B decides he wants to dodge the transaction he can publish his private key for RSA and deny that he sent the message (repudiation)
However since signing took place A can challenge that claim.

However if B decides to publish his private keys for signing he can claim that his signature is forged. And again the problem is the same.

In my eyes this is exactly the problem that digital signing was supposed to solve however this is the same situation as if there were no digital signing.

We can also sign the signature and do this as many times as we want however publishing all the private keys brings us to step 1.

What have we exactly solved with digital signing if we cannot achieve software non-repudiation guarantee.

daniels_pa
  • 109
  • 2
  • 1
    What is solved is all the other things signatures are supposed to solve ... – schroeder Jun 28 '17 at 11:48
  • Such as that a message is received from a valid user. But if a user decided he doesn't want that message to be from him anymore he can just repudiate? That doesn't seem right ... – daniels_pa Jun 28 '17 at 11:52
  • I'm also not sure you read all the expert answers to your linked question – schroeder Jun 28 '17 at 11:52
  • Wait, are *you sure* that digital signatures are meant to verify that a message is received from a valid user? I think you need to confirm that is the purpose. – schroeder Jun 28 '17 at 11:54
  • I am reading a book (so studying cryptography) so of course that i cannot even understand the more complex things. Chances are that my logic is flawed , however i would like to know why so i can continue to learn and progress. I don't see why this question is not valid. Its a valid problem in my head. – daniels_pa Jun 28 '17 at 11:56
  • 2
    1) non-repudiation is only one part of why digital signatures exist, 2) you are reading a lot into what non-repudiation means, but that is explained by the question you linked. – schroeder Jun 28 '17 at 12:02

1 Answers1

3

Digital signature can indeed provide non repudiation, provided that the procedure used to sign the certificat:

  1. ensures that the private key was at any moment under exclusive ownership of its recipient
  2. (optionally) ensures that the signed cert was given to the right person

As soon as 1 is established, the certificate authority can attest they actually signed a certificate for the key used to sign, and that the message could only be signed by the owner of the certificate - but she is unknown to that point If in addition 2 is established, the certificate authority can attest that the private key used to sign the message was owned by M. X . That is an evidence that actually proves that M. X did sign the message or at least is responsable for it if he did not declare that his cert has been compromised before the message was signed.

Serge Ballesta
  • 25,636
  • 4
  • 42
  • 84
  • can #1 be done purely in software? – schroeder Jun 28 '17 at 14:42
  • @schroeder: Not really because nobody can provide a proof for himself. That's why the reciepient of a signed message relies on a trusted CA to bring the evidence that the signer is the owner of the private key. And even that can only be done if *procedures* in the CA company establish it. But that does not mean that digital signature has no value. – Serge Ballesta Jun 28 '17 at 20:57