Quiz Entry - updated: 2026.05.31
How does a digital signature work, and what guarantee does it add that a MAC cannot?
The sender signs by encrypting the data's hash with their private key; anyone can verify with the matching public key — which adds non-repudiation.
Signature = Encrypt( hash(data), Alice's private key )
- Only Alice has her private key, so only she could have produced the signature.
- Everyone has her public key, so anyone can verify it.
- Bob hashes the data himself, decrypts the signature with Alice's public key, and checks the two hashes match.
What it adds over a MAC — Non-repudiation: since only Alice could sign (no one else has her private key), she cannot later deny having sent it. With a MAC, both parties share the key, so neither can prove the other did it.
Tip: MAC = symmetric (one shared secret). Signature = asymmetric (private signs, public verifies). The asymmetry is exactly what makes "you can't deny it was you" possible.