Digital Signature – not the graffiti made with Apple Pen on a PDF file; I am referring to the tamper-resistant cryptographic signatures – is recognised legit in most countries in the world now, 40 years after its invention. Such signature schemes always require a certificate issued by some identity checking organisation to be legally binding Many countries have their preferences on which organisations can do this, for example, in China, such organisation need to acquire a licence from MIIT. Here in Singapore, Netrust is perhaps the only accredited certificate issuer by Singapore Electronic Transactions Act (ETA 2010).
Happy to be a law-abiding citizen, I purchased a certificate for our new startup behind alpha wallet to sign contracts perfectly legally in Singapore. I think it’s also a good opportunity to explain the technicality behind this.
The key is stored in an Aladdin Knowledge Systems Token JC – pretty common USB security device. The key is 2048-bit RSA.
2048-bit RSA keys are fairly standard nowadays, not because it is secure enough, but because it is a good balance between security and efficiency, measured by the number of signatures a computer can sign in a second. In some cases, the efficiency matters.
Yet that efficiency is not relevant in the case of contract signing. By common sense, the incentive to falsify a contract is measured in decades. Therefore contracts demand better keys. This is the line of reasoning behind Estonia’s e-resident program, which uses a much stronger 384-bit ECDSA key. (It is also the reason why Estonia’s scheme included reliable timestamp.)
ECDSA refers to a strong Digital Signature Algorithm which gained popularity by Bitcoin, while RSA is the ageing standard signing algorithm. To compare, the 2048-bit RSA in Netrust Corporate NetID key has a security rating of 112-bit; The 384-bit ECDSA Estonian E-residency key has a security rating of 192-bit. The difference is 80 bits, that is, 2⁸⁰ times of difference in the amount of effort to break it with brutal force. In layman’s words, if a computer can break Netrust’s cypher, it would take one million million million million such computers to break Estonia E-residency’s cypher.
Is it too secure? Probably not. It took us about two decades to shift common SSL key from 1024-bit RSA to 2048-bit RSA. The latter is more than one billion times more difficult to break than the former. At this pace, most readers will still be alive when Estonia E-residency’s cypher becomes the most common one. If your contract has an impact longer than that, say, a real-estate purchase contract, you are not abusing the cryptographic power by using Estonia E-residency identity to sign it.
If ECDSA keys are so much better suited for contracts, why not everybody uses it?
The answer is software support. In the realm of contract signing, the limitation is by PDF, the most common contract file format. PDF has been consistently behind the development of security community. PDF files are commonly in version 1.5, which has a limit of 2048-bit RSA keys. In 2012, PDF became an ISO standard, with 4096-bit RSA, and hasn’t grown from there since. Newer and stronger stuff like ECDSA, which only has three decades of existence, are expected not to be let in.
To workaround this, Estonia e-residency program uses a new format called ASICE. PDF has the digital signature inside. ASICE has signature outside, PDF inside. Therefore it is not limited by its security features. This has a lot of utilities. For example, a contract and all its attachments can be signed together. Signing by a group of people becomes easier, too. But the new format is generally frowned upon by anyone who receives it because they don’t know how to open it.
By late 2017, there came a piece of good news. PDF 2.0 standard, also called ISO 32000-2:2017, started to support ECDSA. It’s hard to say if Adobe started to heed the voice of security experts, or that the international community behind ISO standard went for it. In theory, it means users with high-security expectations, like Estonian e-residents, should be able to sign in PDF 2.0. In practise, the applications to do so is still missing, and the adoption of the new standard is slow. Up to today, I have never received any PDF files using the new 2.0 format, signed or not.
Despite the disappointing speed of development, the progress is evident. In Singapore, some government offices which keeps records of building constructions contracts and vehicle purchase contracts require them to be digitally signed, so that the validity of these signatures can be verified, where wet (ink) signatures can’t be verified at all.
As of future, there is no doubt we will see more use of digital signatures, thanks to technologies of prominent utility values. Blockchain technology, for the first time, allowed automated transaction settlement by the use of smart-contracts, and Estonian e-residency program is the first which allows bank accounts to be opened remotely without intermediary law firms.