Fake Digital?

Fake Digital?

Sometime soon, we need to admit that we have created a digital world that cannot really be trusted. In fact, most of our cybersecurity problems relate to the poor infrastructure that we have created, and where phishing emails still get into our mailboxes, and where you cannot truly trust anything we see online. When was the last time you saw a digitally signed email?

And so last week, we received an email to say that I would have to sign for a package that I was getting delivered. Honestly? What credibility will there be with me signing for a package, and on a screen with a wiggly line? For one thing, if I do sign my name properly, how do I know that someone will not take my signature? But the main issues is that there is no real check of my signature, and for me to actually put my signature onto the courier’s device. We live in a world which still uses the methods we used in the 1980s, but where the ordering thing is now done digitally.

The solution would be that I would receive a share of a secret code, and for the delivery person to receive the other part, and then for there to be a pairing of the two, in order to confirm the delivery of a transaction. But will that get implemented? No! That would slow down the whole process, and as long as the fraud does not tip too far against the retailer, they are fine in supporting these flawed methods. Basically, they implement a process and care little about the actual security of that process. But are we building an integrated e-Commerce infrastructure that matches the 21st Century? No!

The way we integrate identity, roles and rights into our digital infrastructures needs to change. Our legal system also needs to change, and we need to give up our signature forever, as it has zero trustworthiness. We need to move to a world with trust, and where digital signatures are part of every transaction, and where there is trustworthiness.

Here is Schnorr’s signature method:

and ring signatures: