Skip to main content
Scientific American

February 7, 2001

2 min read

Are Digital Signatures Safe?

By Kristin Leutwyler

The success of e-commerce relies on one thing, really: companies must be able to guarantee that confidential information--credit card numbers, say--are kept unaltered as they travel through cyberspace. A widely-used technique is the Digital Signature Algorithm (DSA), designed by the National Security Agency and approved under the Digital Signature Standard from the National Institute of Standards and Technology. This so-called public-key encryption method generates a numerical "signature," which in theory makes it possible for software at the receiving end of a transaction to verify a message's integrity.

In practice, though, a scientist at Bell Labs--the research and development arm of Lucent technologies--has now discovered that DSA will be vulnerable to tampering in the near future. "While e-commerce is not currently threatened," says Daniel Bleichenbacher, "a good cryptosystem should always have a comfortable security margin. That is, it should be secure even in 10 or 20 years from the day it is used, assuming the usual progress in hardware development. Without a fix, DSA would not have that security margin."

Indeed, Bleichenbacher found a significant flaw in part of the system that generates virtually random numbers. Instead of churning out different digits with equal probability, the program is twice as likely to select numbers within a certain range. And this bias makes the numbers--and hence the numerical signature--easier to crack using a supercomputer.

On supporting science journalism

If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.

"NIST commends Dr. Bleichenbacher for his work and agrees that the weakness due to the bias of the random key generation that he has discovered should be fixed to preserve the future security of the DSA," says Edward Roback, chief of the Computer Security Division in NIST's Information Technology Laboratory. "In the meantime, those who are using DSA can continue to use it with confidence that DSA signatures done under the present standard will remain secure for many more years." NIST is preparing a revision of DSA, which will be proposed in February.