Quiz Entry - updated: 2026.07.14
Why do we sign the hash of a document rather than signing the document directly?
Because asymmetric operations (like RSA signing) are ~1000x slower than symmetric ones — signing a small fixed-size hash (e.g., 256 bits) is vastly faster than signing the entire document.
The process:
- Compute the hash of the document: $h = H(m)$ — fast, produces a fixed-size output (e.g., 256 bits)
- Sign the hash with the private key: $\sigma = \text{Sign}(K_{priv}, h)$ — slow but only operates on 256 bits
Why not sign the document directly?
- A 10 MB document would require RSA operations on millions of bits — extremely slow
- The hash compresses any document to a fixed size (e.g., SHA-256 → 256 bits)
- The hash acts as a representative (Stellvertreter) of the document
Security requirements for the hash function:
- Must be collision-resistant: otherwise an attacker could create two documents with the same hash, get one signed, and substitute the other
- Must be pre-image resistant: given a hash, it should be infeasible to find a document with that hash
This is exactly why deprecated hash functions (MD5, SHA-1) are dangerous for signatures — if collisions can be found, the entire signature scheme is broken regardless of how strong the signature algorithm itself is.
Go deeper:
Cryptographic hash function — why a collision-resistant digest can stand in for the document.