Skip to main content

3 posts tagged with "e-signature"

View All Tags

Blockchain and Electronic Signatures - A Technical Perspective from IgniSign

· 2 min read
Julien Jenoudet
CEO of IgniSign

Blockchain as a Potential Driver for Electronic Signatures

Blockchain technology, renowned for its immutable nature, presents a compelling case for processing electronic signatures. The immutability of blockchain ensures the integrity of the signed document, while its underlying asymmetric cryptography provides robust security. These features align well with industry standards for both integrity and authentication.

Practical Robustness of Major Blockchains

Major blockchain platforms like Bitcoin and Ethereum have demonstrated considerable robustness, having remained unhacked to date. This track record underscores the potential of blockchain technology in maintaining the security and integrity of electronic signatures.

IgniSign's Choice: Hardware Secure Modules (HSM) in a Private Cloud

Despite the apparent advantages of blockchain, IgniSign has opted for a different approach, leveraging Hardware Secure Modules (HSM) within a private cloud environment. This decision is driven by two primary factors and an additional regulatory consideration:

Time Sensitivity of Electronic Signatures

Electronic signatures are inherently time-sensitive, often requiring processing within seconds. Blockchain platforms, which necessitate block validation for confirming transactions, cannot consistently guarantee this level of promptness. This delay in processing is a significant deterrent in the context of electronic signatures.

Cost-Effectiveness

IgniSign adheres to the philosophy that electronic signatures, even those with high probative value, should be affordable. Blockchain platforms, however, suffer from relatively high and fluctuating transaction costs, which conflicts with our goal of providing cost-effective signature solutions.

Regulatory Compliance in the European Union

Specific to the European Union, the eIDAS regulation mandates the use of HSM for signatures with high probative value. This regulatory requirement further influences our decision to utilize HSM in a private cloud.

Embracing Decentralized Technologies

However, IgniSign remains committed to exploring decentralized / web3 technologies. We leverage IPFS (InterPlanetary File System) for long-term data storage. Moreover, we have patented a method to decentralize part of the electronic signature process using the secure enclave in mobile devices. This strategic approach allows us to balance the benefits of web3's security and integrity with the operational and regulatory demands of electronic signature processing. By integrating both decentralized and traditional technologies, IgniSign continues to innovate in the digital signature landscape, ensuring security, compliance, and cost-effectiveness.

Confidentiality and Integrity in Danksharding with Full Privacy E-Signatures

· 3 min read
Julien Jenoudet
CEO of IgniSign

In the realm of digital security and blockchain technology, the principles of confidentiality, integrity, and authentication stand as foundational pillars.

With the increasing complexity and demands of digital transactions and communications, innovative solutions are essential for maintaining these principles without compromise.

Enter IgniSign, a groundbreaking e-signature platform that not only guarantees the integrity of signed documents but also ensures their confidentiality through a unique full privacy feature.

This feature, leveraging exchanges of hashes, presents a novel approach that could significantly enhance cryptographic commitments in danksharding.

Despite the fundamental differences between e-signatures and cryptographic commitments, IgniSign’s methodology provides a bridge between these concepts, offering robust solutions for blockchain scalability and security.

The Challenge of Confidentiality and Integrity in Blockchain

Blockchain technology, especially Ethereum's proposed danksharding model, seeks to scale the network in a way that balances efficiency with the decentralization of data.

However, a persistent challenge is ensuring the integrity and confidentiality of data—critical for transactions and smart contracts—without sacrificing the network's performance or decentralization.

Cryptographic commitments serve this purpose by allowing data to be verified without revealing its contents, thus maintaining privacy and integrity.

However, integrating these commitments with the necessary assurance of authenticity traditionally required a compromise between confidentiality and verifiability.

IgniSign’s Full Privacy Feature: A Novel Solution

By focusing on the exchanges of hashes rather than the documents themselves, IgniSign ensures the integrity of a document while fully protecting its confidentiality. This method operates under two core principles:

  1. Confidentiality Through Hashes: When a document is signed, IgniSign generates a unique hash of the document’s content. This hash, a fixed-length string of characters, represents the document but does not reveal any of its contents. This ensures that the document's confidentiality is maintained, as only the hash is exchanged or stored on the blockchain, not the document itself.
  2. Guaranteed Integrity: The hash serves as a cryptographic commitment to the document's content. It is computationally infeasible to alter the document without changing the hash. Thus, any exchange or verification process involves only the hashes, ensuring the document’s integrity without compromising its confidentiality.

Bridging the Gap: Cryptographic Commitments and E-Signatures

IgniSign’s innovative approach provides a unique opportunity to bridge the conceptual and functional gap between cryptographic commitments and e-signatures in the context of danksharding. By using IgniSign's methodology, the following advantages can be leveraged within danksharding:

  • Enhanced Privacy and Security: IgniSign can facilitate the creation of cryptographic commitments that ensure the confidentiality of transaction data within shards, enhancing privacy without sacrificing security or integrity.
  • Scalability with Integrity: By maintaining the integrity of data through hash exchanges, IgniSign can contribute to the scalability of blockchain networks. This is achieved by reducing the data load without compromising the verification processes essential for maintaining blockchain integrity.
  • Flexibility and Versatility: IgniSign’s approach is versatile, applicable to various data types and blockchain applications. This flexibility is crucial for danksharding, which requires accommodating diverse transactions and smart contracts.

Conclusion: A New Era of Blockchain Scalability and Security

As blockchain technology continues to evolve, the integration of innovative solutions like IgniSign's full privacy feature with blockchain scalability efforts such as danksharding represents a significant leap forward. IgniSign not only demonstrates the potential for e-signatures to contribute beyond their traditional domain but also highlights the importance of innovative cryptographic techniques in addressing the complex challenges of modern digital transactions and communications.

By ensuring both the confidentiality and integrity of documents in a scalable, decentralized context, IgniSign is contributing to a new era of blockchain security and efficiency.

SMS vs TOTP

· 2 min read
Julien Jenoudet
CEO of IgniSign

In terms of security, TOTP (Time-based One-Time Password) is generally considered more secure than SMS-based 2FA (Two-Factor Authentication). Here's a technical breakdown of why:

Vulnerability to Interception
SMS-based 2FA can be intercepted through various means such as SIM swapping, where an attacker convinces a mobile carrier to switch a phone number to a new SIM card, effectively hijacking SMS messages. Additionally, SMS messages can be intercepted through SS7 (Signaling System No. 7) vulnerabilities in the mobile phone network. TOTP, on the other hand, does not rely on SMS and is generated on the user's device, making it less susceptible to these types of attacks.

Reliance on External Networks
SMS-based 2FA relies on mobile networks and can be affected by network outages or lack of mobile coverage. TOTP does not require a network connection as it uses a software-based token generator, which typically runs on a smartphone or other devices

Time-Sensitivity and Uniqueness
TOTP tokens are only valid for a short period (usually 30 seconds), after which a new token is generated. This makes them less susceptible to replay attacks, where an intercepted code could be used by an attacker. While SMS codes are also typically time-sensitive, the window of opportunity for interception and misuse is potentially larger, especially if the SMS is delayed

Phishing Resistance
TOTPs are more resistant to phishing attacks. Phishing attempts that trick users into revealing their SMS codes can be more effective, as users might perceive SMS as inherently secure. In contrast, TOTPs generated by an app like Google Authenticator or Authy are not as easily phished

Standardization and Control
TOTP is based on a well-defined standard (RFC 6238) and its implementation can be controlled and audited. With SMS, you rely on the security protocols of mobile carriers, which can vary and are not typically transparent to end users or service providers.

However, it's important to note that while TOTP is more secure, it requires users to have a smartphone or a device capable of generating TOTPs, which might not be feasible for all users. In such cases, SMS-based 2FA, despite its weaknesses, still provides a significant security upgrade over basic username/password authentication.

For a technology firm dealing with digital signatures, recommending or implementing TOTP over SMS for 2FA would align with a higher security standard, which is crucial in the context of digital identity and signature verification.