A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, such that the sender cannot deny having sent the message (authentication and non-repudiation) and that the message was not altered in transit (integrity). Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering.
Chaum is credited as the inventor of secure digital cash for his 1982 paper, which also introduced the cryptographic primitive of a blind signature. These ideas have been described as the technical roots of the vision of the Cypherpunk movement that began in the late 1980s.Chaum's proposal allowed users to obtain digital currency from a bank and spend it in a manner that is untraceable by the bank or any other party.In 1988, he extended this idea (with Amos Fiat and Moni Naor) to prevent double-spending.
In 1990, he founded DigiCash, an electronic cash company, in Amsterdam to commercialize the ideas in his research.The first electronic payment was sent in 1994.In 1999, Chaum left the company.
In 1976, Whitfield Diffie and Martin Hellman first described the notion of a digital signature scheme, although they only conjectured that such schemes existed.Soon afterwards, Ronald Rivest, Adi Shamir, and Len Adleman invented the RSA algorithm, which could be used to produce primitive digital signatures (although only as a proof-of-concept – "plain" RSA signatures are not secure). The first widely marketed software package to offer digital signature was Lotus Notes 1.0, released in 1989, which used the RSA algorithm.
Other digital signature schemes were soon developed after RSA, the earliest being Lamport signatures,Merkle signatures (also known as "Merkle trees" or simply "Hash trees"),and Rabin signatures.
In 1988, Shafi Goldwasser, Silvio Micali, and Ronald Rivest became the first to rigorously define the security requirements of digital signature schemes. They described a hierarchy of attack models for signature schemes, and also present the GMR signature scheme, the first that can be proven to prevent even an existential forgery against a chosen message attack.