LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Why do we sign the hash of a document rather than signing the document directly?

Because asymmetric operations (like RSA signing) are ~1000x slower than symmetric ones — signing a small fixed-size hash (e.g., 256 bits) is vastly faster than signing the entire document.

The process:

  1. Compute the hash of the document: $h = H(m)$ — fast, produces a fixed-size output (e.g., 256 bits)
  2. Sign the hash with the private key: $\sigma = \text{Sign}(K_{priv}, h)$ — slow but only operates on 256 bits

Why not sign the document directly?

  • A 10 MB document would require RSA operations on millions of bits — extremely slow
  • The hash compresses any document to a fixed size (e.g., SHA-256 → 256 bits)
  • The hash acts as a representative (Stellvertreter) of the document

Security requirements for the hash function:

  • Must be collision-resistant: otherwise an attacker could create two documents with the same hash, get one signed, and substitute the other
  • Must be pre-image resistant: given a hash, it should be infeasible to find a document with that hash

This is exactly why deprecated hash functions (MD5, SHA-1) are dangerous for signatures — if collisions can be found, the entire signature scheme is broken regardless of how strong the signature algorithm itself is.

Go deeper:

From Quiz: KRYPTOG / Fundamentals of Cryptography | Updated: Jul 14, 2026