Applying the RSA Digital Signature to Electronic Mail

TLDR: Authentication by the customary methods using symmetric ciphers can do nothing to resolve disputes arising from the dishonesty of either sender or receiver and was proposed as a solution to the dispute problem.

Abstract: Because of the increased cost-effectiveness of computer technology and its subsequent acceptance into the business world, computer-based message systems are likely to become the principal carriers of business correspondence. Unfortunately with the efficiency of these systems come new possibilities for crime based on interference with digital messages. But the same technology that poses the threat can be used to resist and perhaps entirely frustrate potential crimes. For some messages, a degree of privacy or secrecy is needed, which is possible with encryption. However, predicting the extent encryption will be used in electronic mail is difficult, since much depends on the cost and convenience of its applications. For nearly all messages, authenticity is a prime requirement. Authenticity implies that the message is genuine in two respects: its text has not changed since it left the sender and the identity of the sender is correctly represented in the text header or in the signature attached to the message. Neither of these authenticity indicators is sufficient by itself because an altered message from sender A is in no way different from a message appearing to come from A but in fact coming from an enemy. The technique of authentication, which is closely related to cryptography, normally uses the symmmetric type of cipher, typified by the Data Encryption Standard, or DES, algorithm. This kind of authentication is seriously deficient because both the sender and receiver must know a secret key. The sender uses the key to generate an authenticator, and the receiver uses it to check the authenticator. With this key, the receiver can also generate authenticators and can therefore forge messages appearing to come from the sender. In other words, authentication can protect both sender and receiver against thirdparty enemies, but it cannot protect one against fraud committed by the other. If A sends a message to B, for example, B might fraudulently claim to have received a different message. Supposing B takes some action in response to a genuine received message, A can still claim that B in fact forged the message. For these reasons, authentication by the customary methods using symmetric ciphers can do nothing to resolve disputes arising from the dishonesty of either sender or receiver. As a solution to the dispute problem, Diffie and Hellmant proposed the use of a digital signature based on certain public-key cryptosystems (Figure 1). The sender of the message is responsible for generating the