Quiz Entry - updated: 2026.07.14
How does a digital signature work, and how does it differ from a MAC?
A digital signature is created by hashing the message and encrypting the hash with the sender's private key — unlike MACs, it provides non-repudiation because only the sender has the private key.
* Sign the hash with the private key; anyone verifies with the public key — giving non-repudiation. *
Signing (by Alice):
$$\text{Signature} = E(K_{priv,A}, \, h(m))$$
- Compute the hash of the message: $h(m)$
- Encrypt the hash with Alice's private key: $E(K_{priv,A}, h(m))$
Verification (by Bob):
- Decrypt the signature with Alice's public key: $D(K_{pub,A}, \text{Signature}) = h(m)$
- Independently hash the received message: $h(m')$
- Compare: $h(m) \stackrel{?}{=} h(m')$
Key differences from MAC:
| Property | MAC | Digital Signature |
|---|---|---|
| Key type | Symmetric ($K_G = K_V$) | Asymmetric ($K_{sign} \neq K_{verify}$) |
| Non-repudiation | No | Yes |
| Speed | Fast | Slow (but only hashes, not full message) |
| Who can verify | Only key holder | Anyone with the public key |
Go deeper:
Digital signature — the full signature model.
What are Digital Signatures? (Computerphile) — Mike Pound's intuitive explanation of signing vs. encrypting.