LOGBOOK

HELP

Quiz Entry - updated: 2026.05.31

How does a digital signature work, and what guarantee does it add that a MAC cannot?

The sender signs by encrypting the data's hash with their private key; anyone can verify with the matching public key — which adds non-repudiation.

Signature = Encrypt( hash(data), Alice's private key )

  • Only Alice has her private key, so only she could have produced the signature.
  • Everyone has her public key, so anyone can verify it.
  • Bob hashes the data himself, decrypts the signature with Alice's public key, and checks the two hashes match.

What it adds over a MAC — Non-repudiation: since only Alice could sign (no one else has her private key), she cannot later deny having sent it. With a MAC, both parties share the key, so neither can prove the other did it.

Tip: MAC = symmetric (one shared secret). Signature = asymmetric (private signs, public verifies). The asymmetry is exactly what makes "you can't deny it was you" possible.

From Quiz: ISF / Integrity & Content Authenticity (C2PA) | Updated: May 31, 2026