How do digital signatures work?
Digital signature is an authentication tool that contains relevant information for any transaction. These include proof of origin, time of origin and status of any digital document.
A digital signature is created to verify information or commands based on asymmetric cryptography. To create a digital signature, a pair of private and public keys needs to be created. While the private key is used to create the signature, the public key is used to verify the signature.
Overall, digital signatures rely on a public key infrastructure (PKI). Public key algorithms such as Rivest-Shamir-Adleman can be used to generate a mathematically linked private key and public key. Just as all human signatures are unique, this software also generates a unique digital signature different from all others generated so far.
In March this year, WazirX launched a Blog had published a report which explained how important these digital signatures are in the blockchain sector. According to the Indian exchange, digital signatures improve the security and authentication of transactions. The exchange also said that digital signatures provide accurate timestamping, eliminate the need for a centralized authority and make the verification process more time efficient.
“If the signature is fully valid, it confirms that the user who initiated the transaction is the true owner of the data,” the blog states. “The ongoing use of digital signatures, along with the widespread adoption of blockchain, is shaping a future where decentralization, security, and transparency redefine the dynamics of online transactions.”
Disadvantages of implementing digital signature
Implementing digital signatures for smart contracts or transaction verification can be a costly process, as both the sender and receiver of the transaction must purchase digital certificates and verification software.
While digital signatures can be seen as a more secure option to implement 2-FA for crypto transactions, they are clearly not a foolproof security method in the crypto arena.
In the case of WazirX, the hacker used WazirX’s multi-sig wallet kept to monitor liminal custody. The hacker is reportedly from North Korea’s Lazarus Group. The hacker managed to gain access to the signatures required by both parties to allow the transaction to be completed.