DIGITAL SIGNATURES

Digital signatures are used extensively in Bitcoin and blockchains for creating valid transactions ‘signing’ transaction messages to move coins from your account to someone else’s.
What are digital signatures, in a cryptographic sense? Well, we can afford to be a bit pedantic here. Digital signatures are a subset of electronic signatures, which can take a number of forms.


A digital signature is created by taking the message you want to sign and applying a mathematical formula with your private key. Anyone who knows your public key can mathematically verify that this signature was indeed created by the holder of the associated private key (but without knowing the private key itself).

So, anyone can independently validate that this piece of data was signed by the private key holder of this public key.

The problem with a wet-ink signature is that it is independent of the data that is being signed, and this creates two problems:
There is no way of knowing if a document has been tampered after
your signature is applied to the bottom.
Your signature can easily be copied and re-used with other documents, without your knowledge.
Your wet-ink-on-paper signature is your signature and doesn’t change based on the item being signed: when you sign a cheque, a letter, or a document, the whole point is that your signature looks the same. This is easy for other people to copy! This is really terrible security!

In contrast, a digital signature is only valid for that exact piece of data, and so it cannot be copied and pasted underneath another piece of data, nor can someone else re-use it for their own purposes. Any tampering with the message will result in the signature being invalidated. The digital signature is a one-time ‘proof’ that the person with the private key really did approve that exact message. No one else in the world can create that digital signature except you, unless they have your private key.
Now, just to explain one further step, the mathematical process of ‘signing’ a message with a private key is actually an encryption process. Remember that you encrypt data with a public key, and decrypt it with a private key? With some schemes you can also do it the other way around: you can encrypt data with a private key and decrypt it with a public key. So actually the validation process is taking the digital signature and decrypting it with the well-known public key, and seeing that the decrypted signature matches the message being signed.
But what if the message being signed is really big, like, say, gigabytes of data? Well, you don’t want a really long digital signature, as that would be inefficient. So in most signing schemes, it is actually the hash (fingerprint) of the message that is signed with the private key to produce a digital signature which is small, irrespective of the size of the data being signed.

So digital signatures can be used to authenticate a transaction or message, as well as to ensure data integrity of the message. Also, unless a private key has been copied, it is impossible afterwards to say ‘it wasn’t me’—this property is called ‘non-repudiation’ and provides comfort for both parties to a transaction.
Digital signatures are used in blockchain transactions because they prove account ownership, and the validity of a digital signature can be proven mathematically and offline, without asking any other party. Compare this to traditional banking: when you instruct your bank to make a payment, you first authenticate yourself by logging in to the bank’s website, or showing your ID to a bank teller in person. If the bank believes that you are the account holder, then the bank executes your instruction on your behalf. In a blockchain system, where there is deliberately no organisation to provide or maintain accounts for you, your digital gnatures are the critical piece of evidence that entitle you to make transactions.