Lecture on Cryptography: Non-repudiation, Integrity, and Authenticity

Introduction to Non-repudiation

• Ensures the sender's authenticity when data is sent to a third party.
• Comparable to signing a contract with a signature that verifies authorship.

Proof of Integrity

• Ensures data received is the exact data sent originally.
• Achieved using hashing:
  • Hash: A short string (message digest or fingerprint) created from the plaintext.
  • If data changes, the hash changes, indicating integrity compromise.

Hashing Example

• Project Gutenberg's Encyclopaedia Volume One (8.1 MB) was hashed.
• Any changes in the file, even by a single character, alter the hash value.
• Re-downloading or comparing files can verify integrity when a hash mismatch occurs.

Proof of Origin

• Allows verification of the sender's identity.
• Known as authentication.
• Digital Signature:
  • Provides non-repudiation, confirming the sender's identity.

Digital Signature Process

• Uses a private key (only sender knows) and a public key (available to all).
• Combination ensures message integrity and origin verification.

Practical Example: Alice and Bob

• Alice sends "You're hired, Bob" with a digital signature.
• Steps:
  1. Hash the plaintext message.
  2. Encrypt the hash with Alice's private key.
  3. Send the encrypted hash (digital signature) with the message.
  4. Bob receives the message and digital signature.
  5. Bob uses Alice’s public key to decrypt the signature.
  6. Bob hashes the message and compares hashes to verify integrity and origin.

Conclusion

• The digital signature process is often automatic or simplified for users.
• Understanding the process enhances comprehension of data integrity and proof of origin in cryptographic transactions.