Authentication and digital signatures are typically considered two different things: authentication is about ‘logging in’, while digital signatures are used for expressing your consent with documents, approving transactions…
From a functional point of view there is indeed a clear distinction. Authentication is about verifying that the user is who he claims to be. A digital signature is about protecting the integrity of certain data and asserting that the data originated from a certain user.
There is a partial overlap in security properties: both a digital signature and authentication are about assuring the user is who (s)he claims to be. Authentication also proofs liveness: the user (i.e., the credential) is present during the authentication process. Digital signatures, apart from providing integrity of the signed data, provide non-repudiation: the user cannot claim – after the facts – that (s)he never put a digital signature.
|Authenticity User||The user is who (s)he claim to be.|
|Liveness||The user is present during the interaction with the verifier.|
|Integrity Data||The signed data, protected with a digital signature, cannot be altered without invalidating the signature.|
|Non-repudiation||The user cannot deny afterwards that (s)he put the digital signature.|
When looking at the underlying technology there is a sweet spot where both authentication and digital signatures provide the same properties: liveness, asserting the link with the user, linking with data, and non-repudiation.
Digital Signature Technology
Digital signature technology is based on public key cryptography. A private key is used to sign data, while the corresponding public key can be used to verify a signature. It should be infeasible to derive the private key from the public key or from signatures if the signature scheme is to be considered secure.
This contrasts with symmetric key cryptography, where both operations (‘signing’ and verification) are performed using the same key. A MAC (message authentication code) is considered the symmetric counterpart as it also guarantees the integrity of the data and the link with the possession of the key. Since a symmetric key is used this has grave implications for the security properties: the verifier is also able to generate the MAC, so there is no way of knowing who generated the MAC. This implies that there is no non-repudiation. An alleged author of a MAC can always blame the verifier for generating the MAC. To make matters more confusing many incorrectly label MACs as digital signatures, despite fundamentally different security properties.
There is a broad range of technology used for authentication: passwords, OTPs, zero-knowledge protocols, MAC-based protocols and … protocols using digital signatures.
Authentication happens through an interaction between the user (device) and the verifier (server). Contrary to digital signatures, where the verifier can perform the verification at any time in the future.
To build an authentication mechanism from digital signatures, interaction is needed, to ensure liveness. By using digital signatures in a carefully designed cryptographic protocol, many additional security properties can be achieved, such as liveness, but also confidentiality of the communication. Another advantage of using digital signatures as building block for authentication, is that there is good support on modern smartphones for hardware-backed signatures.