2008 International Symposiums on Information Processing

An Improved Scheme for E-signature Techniques Based on Digital

Encryption and Information Hiding

Huang Tao1,2 Zhou Qihai1,2 Zhang Le2 Li Zhongjun1,2 Lin Xun1,2

1
Research Institute of Information Technology Application, Southwestern University Of Finance
and Economics, Chengdu 610074
2
School of Economic Information Engineering, Southwestern University Of Finance and
Economics, Chengdu 610074
zhouqh@swufe.edu.cn

Abstract
In this paper, an important problem that the security
of e-commerce system has become one of the core
issues and the main bottlenecks which constraints the
development of e-commerce is pointed out; the demand
of an e-commerce system security and the realizing
process of an e-signature technology as the essential
key technology in the safety control are elaborated; the
insufficiency in current e-signature realizing process is
pointed out; based on digital encryption and
information hiding, an improving thinking and some
realizing schemes for the techniques of e-signature are
given; a creative new idea to guide the selection among
the e-signature technical schemes with a “safety/speed
ratio” digital signature strength theory is proposed;
and the developing direction of an e-commerce security
technology is advanced.
sender
1. Introduction
Digital signature technology, as the core technology
of e-commerce transactions which is used to test the
authenticity of identity verification and transaction,
undeniable and an important component of e-
commerce security protection, is more and more
concerned by the society.[1,2]
2. The Existing Process of Digital Signature
The message digest is the basis of digital signature.
One-way hash function is a fast encryption algorithm
which can be used for generating the message digest.
One-way hash function does not use secret keys. It is
just a more complicated formula, but it can transform
any length plaintext into a message digest which is a
string of 16 characters. In this way, in spite of how

Message digest Private key Digital signature

plaintext encryption
encryption
network

different
receiver

encryptionPublic key
Message Digital signature
Fake text digest
compare

decryption
True text Message plaintext
digest

true

Fig. 1: The digital signature existing process

much characters the user inputs, the final result will Accordingly, the digital signature process [3-5], can be
always be a string of 16 characters, sequentially, each summarized as (shown in figure 1):
plaintext can generate a random message digest. (1) The sender generates a message digest randomly.

978-0-7695-3151-9/08 $25.00 © 2008 IEEE 595

593
DOI 10.1109/ISIP.2008.47
 (2) The sender encrypts the message digest with his
private key. From it, a digital signature is generated by
the sender.
(3) The sender appends the digital signature to the
end of the data which can not be encrypted, and then
send both of them to the receiver.
(4) The receiver receives the message from the
sender: ① In order to achieve the message digest ,the
receiver decrypts the digital signature using the
sender's public key; if it can be decrypted, this
indicates that the message is indeed sent by the sender,
so that, the authenticity of the sender's identity will be
verified. ② the receiver calculate the plaintext using
the same Hash Function to get the message digest, and
then compare it with the message digest getting by 1-
step. If they are the same with each other, it will show
that the message the receiver received is the original
text which has not been tampered or forged in
transmission. Or it is fake. In this way, we can achieve
the control of the integrity of the message which
transmits in the network.
3. The Existing Problems and
Improvement of the Digital Signature
3.1 The Problems of Digital Signature and The Brief
Introduction of Information Hiding Technology
It should be noted that: In the above process of
digital signature, there is a hidden danger which is
called " interception reading" -- because the sender sent
the digital signature and the message to the receiver
simultaneity, however the message was not taken any
encryption; So that the digital signature process can
only authenticates the identity of the sender, prevent
from denying and detect the message being tampered
with. But if there is a third-party intercepts the message
and reads it (It means that the third-party only reads the
Password generator
Embedding key
Secret message
Hiding carrier
Embedding process
Carrying Hiding
i f i
Fig.2: The general model of the information hiding system
hidden in it from the surface of the public information,
then no mention about extracting the secret information
from it. Thus, the latter has a more enhanced protection
than the former; this will make the secret information
from "fail to understand" into "invisible", thereby
594
596
content of the message, but do not take any alteration
on the content). In transmission, the message in the
plaintext will leak out. But both the sender and the
receiver are not aware of it completely, so the
occurrence of this event will bring the huge losses to
the sender and the receiver.
This interception reading problems which exists in
the Simple digital signature can be solved by
encrypting the plaintext. However the security of the
existing encryption method is on the reliability of the
key lengths. With the continuous enhancement of the
computer’s computing speed, the attacker entirely
possible unscramble the cipher text by using the
exhaustive algorithm, and the existing encryption exists
a fatal weakness, that is the position the cipher text
stored is so obvious that it can easily arouse the
attention of the attacker, thereby suffering from
attacking. For the fatal problem existing in the
encryption, we can use the information hiding
technology to solve it.
The traditional password-coding studies how to
transform the plaintext to the cipher text which can not
be identified by Outsiders through a certain algorithm,
and then transmit; but the information hiding
technology studies how to hide a secret information
into a public information which is called carrying
information, then transmit the secret information
through the carrying information transmission. Both of
the password-coding and the information hiding
technology are studied for secret communication, but
there are some obvious differences between them. For
the former, once the information is intercepted and
Deciphered by the attacker in the information
transmission, the cipher text will become the plaintext
completely; but, for the latter, because of the
characteristic of high concealment, even the
information is intercepted in transmission, the attackers
usually difficult to find the secret information
Extracting key
Secret message
Extracting process
Carrying information
greatly enhancing the security of the information
transmission.
The general model of the information hiding system
can be summarized as (shown in figure 2) [6-7] :
(1) Key generator generates the embedding key and
the extracting key (Two keys are the same or related).
(2) The sender embeds the secret information into the
carrying information by the embedding key, and then
the hiding carrier is formed. (3) The sender sends the
hiding carrier to the receiver. (4) The receiver extracts
the secret information out of the hiding carrier by the
extracting key after he receives the hiding carrier. In
the case of the key unknown, as long as they attack the
hiding carrier brutishly by the use of known
information hiding algorithm, the secret information
may completely be extracted from the hiding carrier.
However, if we can get the secret information
scrambling before hiding it, making the secret
information lost its original features, then the security
will be enhanced highly. Even if the secret information
is extracted, for the secret information is so disorderly
and unsystematic that the attackers can not distinguish
the specific content the original secret information
contains before the information getting scrambling. But
as the same reason that the secret information after
getting scrambling is disorderly and unsystematic, it
arouses the attention of the attackers easily. Therefore,
we can distribute the secret information which gets
scrambling randomly in the carrying information by
using the information sharing technology. This makes
the attackers difficult to find the secret information
hidden in the carrying information from the eyes,
reducing the attention of the attackers, decreases the
possibility of the attack, raising the security of the
secret information transmission largely.
3.2 High-intensity Digital Signature Approach
The hidden trouble that the simple digital signature
exists can be solved by a method which should
combine the approach that encryption with the
plaintext and the information hiding technology
together. A feasible whole encrypted digital signature
solution can be designed as follows (shown in figure 3):

Carrying information

Receiver’s Public Embedding key

Symmetric key Encrypted Symmetric key
key encryption

Symmetric
Cipher text network
encryption hiding carrier
plaintext

Private key Shuffling

Message digest Digital Shuffling information
encryption signature Signature sharing
hiding
carrier

extracting by the extracting key

sender
Encrypted Symmetric key Cipher text

Receiver’s private key decryption

receiver
Symmetric key
Different Symmetric decryption
Fake text
Message digest plaintext
compar

public key Digital recovery Shuffling

True text Message digest
decryption signature Signature

Same

Fig.3: The process of the whole encrypted digital signature

(1) The sender generates a message digest randomly;
encrypts the message digest by using the sender’s
private key, then generates the sender’s digital
signature.
(2) The sender achieves the shuffling signature after
the digital signature getting shuffling.
(3) The sender generates a symmetric key
randomly ， and encrypts the plaintext with the
symmetric key ,then, encrypts the symmetric key by
using the receiver’s public key (The key is known as
the encrypted symmetric key).
(4) The sender achieves the hiding carrier by using
the embedding key and information sharing technology
which can hide the shuffling signature, the encrypted
plaintext and the encrypted symmetric key in the
carrying information randomly; then, the sender will
send the hiding carrier to the receiver.

595
597
 (5) The receiver receives the message from the
sender, then: ① the receiver extracts the secret
information out of the hiding carrier by using the
extracting key. ② the receiver restores the shuffling
signature to the original appearance, and then the
receiver will achieve the digital signature signed by the
sender.③ the receiver decrypts the digital signature by
using the sender’s public key to get the message digest.
If the receiver can decrypt it, the fact shows that the
message is indeed sent from the sender, thus, the
receiver can verify the authenticity of the sender’s
identity. ④ the receiver decrypts the encrypted
symmetric key that encrypted by the sender with his
own private key, then the receiver will get the sender’s
symmetric key.⑤ The receiver decrypts the cipher text
with the symmetric key and then gets the plaintext.⑥
The step is the same with ② in step (4) of the existing
digital signature process.
Through the approach above, we can achieve and
enhance the monitor of the information’s security and
integrity in the transmission.
3.3 Medial-intensity Digital Signature Approach
From the process of the whole encrypted digital
signature solution, we can see that the security of the
message has been fully protected; but we must also
realize clearly that because of encrypting and
decrypting the whole message, the whole process
becomes time-consuming. However e-commerce is
known for its convenience and the amount of its online
transactions is mostly small, therefore, both sides
between the transactions seek for the higher security,
and at the same time, they will also require the time
they trade as little as possible. According to this, we
propose another improvement program-- the local

Remaining middle text Encrypted middle text

Embedding key
middle text Local middle text

Remaining head text Encrypted head text

plainte

New hiding network

head text local head text Cipher text carrier
t
head text local tail text
information
sharing
Remaining tail text Encrypted tail text

Hiding
plainte

Private key Digital Shuffling Shuffling

Message digest signature carrier
Encryption Signature
Carrying information

Different
extracting by the extracting key
sender Receiver’s private New
Fake text Message digest plaintext
Key decryption Cipher text
compar

receiver Sender’s public key Digital Shuffling

True text Message digest
decryption signature Signature
Same

Fig.4: The process of the local encrypted digital signature

encrypted digital signature, the specific process can be
designed as follows (shown in figure 4):
(1)～(2) The steps are the same with (1)～(2) of the
whole encrypted digital signature process.
(3) The sender distributes the message with a certain
algorithm that agreed Prior into three parts, then the
sender will get the head text, the middle text and the
tail text. The head text, the middle text and the tail text
hold α, β, 1–α-β of the whole message (0<α, 0<β, α+β
<1).
(4) The sender encrypts the parties which extracting
from the head text, the middle text and the tail text with
the receiver’s public key, then, the local cipher text and
the remaining part of plaintext will form a new local
encrypted cipher text.
(5) The sender achieves the hiding carrier by using
the embedding key and information sharing technology
which can hide the shuffling signature and the new
local encrypted cipher text in the carrying information
randomly; then, the sender will send the hiding carrier
to the receiver.

596
598
 (6) The receiver receives the hiding carrier from the
sender, then: 1) ①—③ The steps are the same with
① — ③ in step(5) of the whole encrypted digital
signature process. 2) ④ The receiver converts the new
local encrypted cipher text into the plaintext with the
inversion algorithm. 3) ⑤ The step is the same with ②
in step (4) of the existing digital signature process.
3.4 The Evaluation and Selection Mechanism of the
Two Improving Digital Signatures
From the process of the improved digital signatures
above, we can see that: for the whole encrypted digital
signature method, the characteristics of encrypting the
whole text makes it have higher encryption intensity
and higher safety factor; But precisely because it
encrypt with the whole plaintext, the process is
complex and time-consuming, this method is more
suitable for “the lager payment occasion” which should
pay a huge amount of money and take a high degree of
attention. The second local encrypted digital signature
method, its local encryption method makes the text
have a moderate intensity; And because it only
encrypts with a part of the plaintext, it saves some time
and increases the speed of transactions; even if there
exists a " interception reading" hidden danger, but the
information intercepted is incomplete, the receiving
information is worthless, and accordingly, it will not
cause significant losses and balance a certain security.
Therefore, the latter is more applicable to "the small
payment, micro-payment" occasion which requires
smaller amount of money and takes a general degree of
attention.
According to this, we can select the appropriate
encryption method through the "safety / speed ratio".
That is: we should be balanced, completely measure
and compare seriously "the importance of the security
and speed in the course of the transactions", then we
can choose the suitable encryption method: If the
importance of security is greater than the importance of
speed, we can choose the first high-intensity digital
signature approach; If we deal more attention to the
speed factor and also care the safety at the same time,
we can choose the second method of the medial-
intensity digital signature; When we consider that the
most important factor is the speed and only require the
general safety in the transactions, in this case, we can
choose the simple method of the low-intensity digital
signature.
commerce. Digital signature technology holds good
characteristics of anti-counterfeiting, tamper-proof, and
anti-denial, and China lately promulgated the
"electronic signature law" which made it have the same
rights and interests with the traditional handwritten
signature in the area of e-commerce. It is becoming one
of the key technologies which can protect the security
of e-commerce. It can be predicted that: Only further
improving the security technologies of e-commerce
including digital signature, information hiding etc, we
can provide strong technical support for the
sustainable, leaping development of e-commerce.
5. References:
[1] Cuntao Xiao, Digital signature and e-commerce
security. Network Security Technology ＆
Application, Jul.2005, pp. 67~69.
[2] Lan Peng, Renquan Liao, Digital signature
technology in e-commerce security, Financial
Computer of China, Jan.2004, pp. 74~76.
[3] Zhifeng Ji, Peng Ding, E-commerce system security
and digital signature technology. China Economist,
Aug.2004, pp. 100.
[4] Lu Xia, Electronic signature security issues and
solutions of China. Special Zone Economy,
Aug.2004, pp. 99~100.
[5] Tao Ma, Electronic signatures security issue.
Economic Tribune, Dec.2002, pp. 42~43.
[6] Shuzhen Zhang, Information hiding technology in
information security. Computer Knowledge and
Technology, Sep.2005, pp. 75~77.
[7] Zhou Qihai. The Isomorphic Object-oriented
Programming Principles whit C++. Tsinghua
university press and Beijing jiaotong university
press, 2004.

4. Conclusions
The security of e-commerce has been one of the
main bottlenecks that hinder the development of e-

597
599