On October 23rd, 2014, we updated our
By continuing to use LinkedIn’s SlideShare service, you agree to the revised terms, so please take a few minutes to review them.
Digital Comparators Navigation
Page: 8 of 8
Another common and very useful combinational logic circuit is that of the Digital Comparator circuit. Digital
or Binary Comparators are made up from standard AND, NOR and NOT gates that compare the digital
signals at their input terminals and produces an output depending upon the condition of the inputs. For
example, whether input A is greater than, smaller than or equal to input B etc.
Digital Comparators can compare a variable or unknown number for example A (A1, A2, A3, .... An, etc)
against that of a constant or known value such as B (B1, B2, B3, .... Bn, etc) and produce an output
depending upon the result. For example, a comparator of 1-bit, (A and B) would produce the following three
This is useful if we want to compare two values and produce an output when the condition is achieved. For
example, produce an output from a counter when a certain count number is reached. Consider the simple 1-
bit comparator below.
Then the operation of a 1-bit digital comparator is given in the following Truth Table.
B A A>B A=B A<B
0 0 0 1 0
0 1 1 0 0
1 0 0 0 1
1 1 0 1 0
You may notice two distinct features about the comparator from the above truth table. Firstly, the circuit does
not distinguish between either two quot;0quot; or two quot;1quot;'s as an output A = B is produced when they are both equal,
either A = B = quot;0quot; or A = B = quot;1quot;. Secondly, the output condition for A = B resembles that of a commonly
available logic gate, the Exclusive-NOR or Ex-NOR gate giving Q = A ⊕B
Digital comparators actually use Exclusive-NOR gates within their design for comparing the respective
pairs of bits in each of the two words with single bit comparators cascaded together to produce Multi-bit
comparators so that larger words can be compared.
As well as comparing individual bits, multi-bit comparators can be constructed to compare whole binary or
BCD words to produce an output if one word is larger, equal to or less than the other. A very good example
of this is the 4-bit Magnitude Comparator. Here, two 4-bit words (quot;nibblesquot;) are compared to produce the
relevant output with one word connected to inputs A and the other to be compared against connected to
input B as shown below.
4-bit Magnitude Comparator
Some commercially available Magnitude Comparators such as the 7485 have additional input terminals that
allow more individual comparators to be quot;cascadedquot; together to compare words larger than 4-bits with
magnitude comparators of quot;nquot;-bits being produced. These cascading inputs are connected directly to the
corresponding outputs of the previous comparator as shown to compare 8, 16 or even 32-bit words.
8-bit Word Comparator
Binary Adders Navigation
Page: 7 of 8
Another common and very useful combinational logic circuit is that of the Binary Adder circuit. Binary
Adders are made up from standard AND and Ex-OR gates and allow us to quot;addquot; single bits of data together
to produce two outputs, the SUM (quot;Squot;) of the addition and a CARRY (quot;Cquot;). Binary adders are mainly used in
Consider the addition of two denary (base 10) numbers below.
123 A (Augend)
+ 789 B (Addend)
Each column is added together starting from the right hand side. As each column is added together a carry
is generated if the result is greater or equal to ten, the base number. This carry is then added to the result of
the addition of the next column to the left and so on, simple school math's addition. Binary addition is based
on similar principals but a carry is only generated when the result in any column is greater or equal to quot;2quot;,
the base number of binary.
Binary Addition follows the same basic rules as for the denary addition above except in binary their are
only two digits and the largest digit is quot;1quot;, so any quot;SUMquot; greater than 1 will result in a quot;CARRYquot;. This carry 1
is passed over to the next column for addition and so on. Consider the single bit addition below.
0 0 1 1
+0 +1 +0 +1
0 1 1 10
The single bits are added together and quot;0 + 0quot;, quot;0 + 1quot;, or quot;1 + 0quot; results in a sum of quot;0quot; or quot;1quot; until you get
to quot;1 + 1quot; then the sum is equal to quot;2quot;. For a simple 1-bit addition problem like this, the resulting carry bit
could be ignored which would result in an output truth table resembling that of an Ex-OR Gate as seen in
the Logic Gates section and whose result is the sum of the two bits but without the carry. An Ex-OR gate
only produces an output quot;1quot; when either input is at logic quot;1quot;, but not both. However, all microprocessors and
electronic calculators require the carry bit to correctly calculate the equations so we need to rewrite them to
include 2 bits of output data as shown below.
00 00 01 01
+ 00 + 01 + 00 + 01
00 01 01 10
From the above equations we know that an Ex-OR gate will only produce an output quot;1quot; when quot;EITHERquot;
input is at logic quot;1quot;, so we need an additional output to produce a carry output, quot;1quot; when quot;BOTHquot; inputs quot;Aquot;
and quot;Bquot; are at logic quot;1quot; and a standard AND Gate fits the bill nicely. By combining the Ex-OR gate with the
AND gate results in a simple digital binary adder circuit known commonly as the quot;Half-Adderquot; circuit.
The Half-Adder Circuit
1-bit Adder with Carry-Out
Symbol Truth Table
A B SUM CARRY
0 0 0 0
0 1 1 0
1 0 1 0
1 1 0 1
Boolean Expression: Sum = A ⊕B Carry = A . B
From the truth table we can see that the SUM (S) output is the result of the Ex-OR gate and the Carry-out
(CO) is the result of the AND gate. One major disadvantage of the Half-Adder circuit when used as a binary
adder, is that there is no provision for a quot;Carry-inquot; from the previous circuit when adding together multiple
data bits. For example, suppose we want to add together two 8-bit bytes of data, any resulting carry bit
would need to be able to quot;ripplequot; or move across thebit patterns starting from the least significant bit (LSB).
As the Half-Adder has no carry input the resultant added value would be incorrect. One simple way to
overcome this problem is to use a quot;Full-Adderquot; type binary adder circuit.
The Full-Adder Circuit
The main difference between the quot;Full-Adderquot; and the previous seen quot;Half-Adderquot; is that a Full-Adder has 3-
inputs, the two same data inputs quot;Aquot; and quot;Bquot; as before plus an additional quot;Carry-Inquot; (C-in) input as shown
Full-Adder with Carry-In
Symbol Truth Table
A B C-in Sum C-out
0 0 0 0 0
0 1 0 1 0
1 0 0 1 0
1 1 0 0 1
0 0 1 0 0
0 1 1 1 1
1 0 1 1 1
1 1 1 0 1
Boolean Expression: Sum = A ⊕ B ⊕ C-in
The Full-Adder circuit above consists of three Ex-OR gates, two AND gates and an OR gate. The truth
table for the Full-Adder includes an additional column to take into account the Carry-in input as well as the
summed output and Carry-out. 4-bit Full-Adder circuits are available as standard IC packages in the form of
the TTL 74LS83 or the 74LS283 which can add together two 4-bit binary numbers and generate a SUM and
a CARRY output.
Display Decoders Navigation
Page: 6 of 8
A Decoder IC, is a device which converts one digital format into another and the most commonly used
device for doing this is the BCD (Binary Coded Decimal) to 7-Segment Display Decoder. 7-segment LED
(Light Emitting Diode) or LCD (Liquid Crystal) Displays, provide a very convenient way of displaying
information or digital data in the form of Numbers, Letters or even Alpha-numerical characters and they
consist of 7 individual LEDs (the segments), within one single display package. In order to produce the
required numbers or characters from 0 to 9 and A to F respectively, on the display the correct combination
of LED segments need to be illuminated and Display Decoders do just that. A standard 7-segment LED or
LCD display generally has 8 input connections, one for each LED segment and one that acts as a common
terminal or connection for all the internal segments. Some single displays have an additional input pin for the
decimal point in their lower right or left hand corner.
There are two important types of 7-segment LED digital display.
The Common Cathode Display (CCD) - In the common cathode display, all the cathode
connections of the LEDs are joined together to logic quot;0quot; and the individual segments are illuminated by
application of a quot;HIGHquot;, logic quot;1quot; signal to the individual Anode terminals.
The Common Anode Display (CAD) - In the common anode display, all the anode connections
of the LEDs are joined together to logic quot;1quot; and the individual segments are illuminated by connecting
the individual Cathode terminals to a quot;LOWquot;, logic quot;0quot; signal.
7-Segment Display Format
Truth Table for a 7-segment display
Individual Segments Individual Segments
a b c d e f g a b c d e f g
× × × × × × 0 × × × × × × × 8
× × 1 × × × × × 9
× × × × × 2 × × × × × × A
× × × × × 3 × × × × × b
× × × × 4 × × × × C
× × × × × 5 × × × × × d
× × × × × × 6 × × × × × E
× × × 7 × × × × F
7-Segment Display Elements for all Numbers.
It can be seen that to display any single digit number from 0 to 9 or letter from A to F, we would need 7
separate segment connections plus one additional connection for the LED's quot;commonquot; connection. Also as
the segments are basically a standard light emitting diode, the driving circuit would need to produce up to
20mA of current to illuminate each individual segment and to display the number 8, all 7 segments would
need to be lit resulting a total current of nearly 140mA, (8 x 20mA). Obviously, the use of so many
connections and power consumption is impractical for some electronic or microprocessor based circuits and
so in order to reduce the number of signal lines required to drive just one single display, display decoders
such as the BCD to 7-Segment Display Decoder and Driver IC's are used instead.
Binary Coded Decimal
Binary Coded Decimal (BCD or quot;8421quot; BCD) numbers are made up using just 4 data bits (a nibble or half a
byte) similar to the Hexadecimal numbers we saw in the binary tutorial, but unlike hexadecimal numbers
that range in full from 0 through to F, BCD numbers only range from 0 to 9, with the binary number patterns
of 1010 through to 1111 (A to F) being invalid inputs for this type of display and so are not used as shown
Binary Pattern Binary Pattern
Decimal BCD Decimal BCD
8 4 2 1 8 4 2 1
0 0 0 0 0 0 8 1 0 0 0 8
1 0 0 0 1 1 9 1 0 0 1 9
2 0 0 1 0 2 10 1 0 1 0 Invalid
3 0 0 1 1 3 11 1 0 1 1 Invalid
4 0 1 0 0 4 12 1 1 0 0 Invalid
5 0 1 0 1 5 13 1 1 0 1 Invalid
6 0 1 1 0 6 14 1 1 1 0 Invalid
7 0 1 1 1 7 15 1 1 1 1 Invalid
BCD to 7-Segment Display Decoders
A binary coded decimal (BCD) to 7-segment display decoder such as the TTL 74LS47 or 74LS48, have 4
BCD inputs and 7 output lines, one for each LED segment. This allows a smaller 4-bit binary number (half a
byte) to be used to display all the denary numbers from 0 to 9 and by adding two displays together, a full
range of numbers from 00 to 99 can be displayed with just a single byte of 8 data bits.
BCD to 7-Segment Decoder
The use of packed BCD allows two BCD digits to be stored within a single byte (8-bits) of data, allowing a
single data byte to hold a BCD number in the range of 00 to 99.
An example of the 4-bit BCD input (0100) representing the number 4 is given below.
In practice current limiting resistors of about 150Ω to 220Ω would be connected in series between the
decoder/driver chip and each LED display segment to limit the maximum current flow. Different display
decoders or drivers are available for the different types of display available, e.g. 74LS48 for common-
cathode LED types, 74LS47 for common-anode LED types, or the CMOS CD4543 for liquid crystal display
Liquid crystal displays (LCD´s) have one major advantage over similar LED types in that they consume
much less power and nowadays, both LCD and LED displays are combined together to form larger Dot-
Matrix Alphanumeric type displays which can show letters and characters as well as numbers in standard
Red or Tri-colour outputs.
Binary Decoders Navigation
page: 5 of 8
A Decoder is the exact opposite to that of an quot;Encoderquot; we looked at in the last tutorial. It is basically, a
combinational type logic circuit that converts the binary code data at its input into one of a number of
different output lines, one at a time producing an equivalent decimal code at its output. Binary Decoders
have inputs of 2-bit, 3-bit or 4-bit codes depending upon the number of data input lines, and a quot;n-bitquot;
decoder has 2n output lines. Typical combinations of decoders include, 2-to-4, 3-to-8 and 4-to-16 line
configurations. Binary Decoders are available to quot;decodequot; either a Binary or BCD input pattern to typically a
Decimal output code.
A 2-to-4 Binary Decoders.
In this simple example of a 2-to-4 line binary decoder, the binary inputs A and B determine which output line
from D0 to D3 is quot;HIGHquot; at logic level quot;1quot; while the remaining outputs are held quot;LOWquot; at logic quot;0quot;.
Therefore, whichever output line is quot;HIGHquot; identifies the binary code present at the input, in other words it
quot;de-codesquot; the binary input and these types of binary decoders are commonly used as Address Decoders
in microprocessor memory applications.
Memory Address Decoder.
In modern microprocessor systems the amount of memory required can be quite high and is generally more
than one single memory chip alone. One method of overcoming this problem is to connect lots of individual
memory chips together and to read the data on a common quot;Data Busquot;. In order to prevent the data being
quot;readquot; from each memory chip at the same time, each memory chip is selected individually one at time and
this process is known as Address Decoding.
Each memory chip has an input called Chip Select or CS which is used by the MPU to select the
appropriate memory chip and a logic quot;1quot; on this input selects the device and a logic quot;0quot; on the input de-
selects it. By selecting or de-selecting each chip, allows us to select the correct memory device for a
particular address and when we specify a particular memory address, the corresponding memory location
exists ONLY in one of the chips.
For example, Lets assume we have a very simple microprocessor system with only 1Kb of RAM memory
and 10 address lines. The memory consists of 128x8-bit (128x8 = 1024 bytes) devices and for 1Kb we will
need 8 individual memory devices but in order to select the correct memory chip we will also require a 3-to-8
line binary decoder as shown below.
Memory Address Decoding.
The binary decoder requires 3 address lines, (A0 to A2) to select each one of the 8 chips (the lower part of
the address), while the remaining 7 address lines (A3 to A9) select the correct memory location on that chip
(the upper part of the address). Having selected a memory location using the address bus, the information at
the particular internal memory location is sent to the quot;Data Busquot; for use by the microprocessor. This is of
course a simple example but the principals remain the same for all types of memory chips or modules.
Binary Decoders are very useful devices for converting one digital format to another, such as binary or
BCD type data into decimal or octal etc and commonly available decoder IC's are the TTL 74LS138 3-to-8
line binary decoder or the 74ALS154 4-to-16 line decoder. They are also very useful for interfacing to 7-
segment displays such as the TTL 74LS47 which we will look at in the next tutorial.
Page: 3 of 8
De-multiplexers or quot;De-muxesquot;, are the exact opposite of the Multiplexers we saw in the previous tutorial
in that they have one single input data line and then switch it to any one of their individual multiple output
lines one at a time. The De-multiplexer converts the serial data signal at the input to a parallel data at its
output lines as shown below.
1-to-4 Channel De-multiplexer
b a Selected
0 0 A
0 1 B
1 0 C
1 1 D
The Boolean expression for this De-multiplexer is given as:
F = ab A + abB + abC + abD
The function of the De-multiplexer is to switch one common data input line to any one of the 4 output data
lines A to D in our example above. As with the multiplexer the individual solid state switches are selected by
the binary input address code on the output select pins quot;aquot; and quot;bquot; and by adding more address line inputs it
is possible to switch more outputs giving a 1-to-2n data lines output. Some standard De-multiplexer IC´s also
have an quot;enable outputquot; input pin which disables or prevents the input from being passed to the selected
output. Also some have latches built into their outputs to maintain the output logic level after the address
inputs have been changed. However, in standard decoder type circuits the address input will determine
which single data output will have the same value as the data input with all other data outputs having the
value of logic quot;0quot;.
Standard De-multiplexer IC packages available are the TTL 74LS138 1 to 8-output De-multiplexer, theTTL
74LS139 Dual 1 to 4-output De-multiplexer or the CMOS CD4514 1 to 16-output De-multiplexer. Another
type of De-multiplexer is the 24-pin, 74LS154 which is a 4-bit to 16-line De-multiplexer/decoder. Here the
output positions are selected using the 4-bit binary coded input.
Page: 2 of 8
Multiplexers which sometimes are simply called quot;Muxquot; or quot;Muxesquot;, are devices that act like a very fast
acting rotary switch. They connect multiple input lines 2, 4, 8, 16 etc one at a time to a common output line
and are used as one method of reducing the number of logic gates required in a circuit. Multiplexers are
individual Analogue Switches as opposed to the quot;mechanicalquot; types such as normal conventional switches
and relays. They are usually made from MOSFETs devices encased in a single package and are controlled
using standard logic gates. An example of a Multiplexer is shown below.
4-to-1 Channel Multiplexer
b a Selected
0 0 A
0 1 B
1 0 C
1 1 D
The Boolean expression for this 4 to 1 Multiplexer is given as:
Q = abA + abB + abC + abD
In this example at any instant in time only one of the four analogue switches is closed, connecting only one
of the input lines A to D to the single output at Q. As to which switch is closed depends upon the addressing
input code on lines quot;aquot; and quot;bquot;, so for this example to select input B to the output at Q, the binary input
address would need to be quot;aquot; = logic quot;0quot; and quot;bquot; = logic quot;1quot;. Adding more control address lines will allow the
multiplexer to control more inputs. Multiplexers can be used to switch either analogue, digital or video
signals, with the switching current in analogue circuits limited to below 10mA to 20mA per channel to reduce
Multiplexers are not limited to just switching a number of different input lines or channels to one common
single output. There are also types that can switch their inputs to multiple outputs and have arrangements or
4 to 2, 8 to 3 or even 16 to 4 etc configurations and an example of a simple Dual channel 4 input multiplexer
(4 to 2) is given below:
4-to-2 Channel Multiplexer
Here in this example the 4 input channels are switched to 2 individual output lines but larger arrangements
are also possible. This simple 4 to 2 configuration could be used for example, to switch audio signals for
stereo pre-amplifiers or mixers.
Adjustable Amplifier Gain
As well as sending parallel data in a serial format down a single transmission line or connection, another
possible use of multi-channel multiplexers is in digital audio applications as mixers or were the gain of an
analogue amplifier can be controlled digitally, for example.
Digitally Adjustable Amplifier Gain
Here, the voltage gain of the inverting amplifier is dependant upon the ratio between the input resistor, Rin
and its feedback resistor, Rf as determined in the Op-amp tutorials. A single 4-channel (Quad) SPST switch
configured as a 4-to-1 channel multiplexer is connected in series with the resistors to select any feedback
resistor combination from a single value of Rf to all the resistors connected together in parallel. The
combination of these resistors will determine the overall gain of the amplifier, (Av). Then the gain of the
amplifier and can be adjusted digitally by simply selecting the appropriate resistor combination.
Digital multiplexers are sometimes also referred to as quot;Data Selectorsquot; as they select the data to be sent to
the output line and are commonly used in communications or high speed network switching circuits such as
LAN´s and Ethernet applications. Some multiplexer IC´s have a single inverting buffer (NOT Gate)
connected to the output to give a positive logic output (logic quot;1quot;, HIGH) on one terminal and a complimentary
negative logic output (logic quot;0quot;, LOW) on another different terminal.
It is possible to make simple multiplexer circuits from standard AND and OR gates but commonly
multiplexers/data selectors are available as standard i.c. packages such as the common TTL 74LS151 8-
input to 1 line multiplexer or the TTL 74LS153 Dual 4-input to 1 line multiplexer.
Combination Logic Navigation
Page: 1 of 8
Unlike Sequential Logic circuits whose outputs are dependant on both the present input and their previous
output state giving them some form of Memory, the outputs of Combinational Logic circuits are only
determined by their current input state as they have no feedback, and any changes to the signals being
applied to their inputs will immediately have an effect at the output. In other words, in a Combination Logic
circuit, if the input condition changes state so too does the output as combinational circuits have No
Combination Logic circuits are made up from basic logic AND, OR or NOT gates that are quot;combinedquot; or
connected together to produce more complicated switching circuits.
As combination logic circuits are made up from individual logic gates they can also be considered as
quot;decision making circuitsquot; and combinational logic is about combining logic gates together to process two or
more signals in order to produce at least one output signal according to the logical function of each logic
gate. Common combinational circuits made up from individual logic gates include Multiplexers, Decoders
and De-multiplexers, Full and Half Adders etc.
Classification of Combinational Logic
One of the most common uses of combination logic is in Multiplexer and De-multiplexer type circuits.
Here, multiple inputs or outputs are connected to a common signal line and logic gates are used to decode
an address to select a single data input or output switch. A multiplexer consist of two separate components,
a logic decoder and some solid state switches, but before we can discuss multiplexers, decoders and de-
multiplexers in more detail we first need to understand how these devices use these quot;solid state switchesquot; in
Solid State Switches
Standard TTL logic devices made up from Transistors can only pass signal currents in one direction only
making them quot;uni-directionalquot; devices and poor imitations of conventional electro-mechanical switches or
relays. However, some CMOS devices made up from FET's act as near perfect quot;bi-directionalquot; switches
making them ideal for use as solid state switches.
Solid state switches come in a variety of different types and there are many different applications for using
solid state switches but they can basically be divided into 3 different groups of switching applications and in
this section we will only look at the Analogue type switch but the principal is the same for all types.
Solid State Switch Applications
Analogue Switches Data & Process Control, Video & Audio Switching, Instrumentation ...etc.
Digital Switches High Speed Data Transmission, Switching & Routing, LAN's, USB ...etc.
Power Switches Power Supplies and general quot;Standby Powerquot; Switching Applications ...etc.
Analogue Bilateral Switches
Analogue or quot;Analogquot; switches are those types that are used to switch data or signal currents when they are
in their quot;ONquot; state and block them when they are in their quot;OFFquot; state. The rapid switching between the quot;ONquot;
and the quot;OFFquot; state is usually controlled by a digital signal applied to the control gate of the switch. An ideal
analogue switch has zero resistance when quot;ONquot; (or closed), and infinite resistance when quot;OFFquot; (or open)
and switches with RON values of less than 1Ω are commonly available.
Solid State Analogue Switch
By connecting an N-channel MOSFET in parallel with a P-channel MOSFET allows signals to pass in either
direction making it a Bi-directional switch and as to whether the N-channel or the P-channel device carries
more signal current will depend upon the ratio between the input to the output voltage. The two MOSFETs
are switched quot;ONquot; or quot;OFFquot; by two internal non-inverting and inverting amplifiers.
Just like mechanical switches, analogue switches come in a variety of forms or contact types, depending on
the number of quot;polesquot; and quot;throwsquot; they offer. Thus, terms such as quot;SPSTquot; (single-pole single throw) and
quot;SPDTquot; (single-pole double-throw) also apply to solid state analogue switches with quot;make-before-breakquot; and
quot;break-before-makequot; configurations available.
Analogue Switch Types
Individual analogue switches can be grouped together into standard IC packages to form devices with
multiple switching configurations of SPST and SPDT as well as multi channel multiplexers. The most
common and simplest analogue switch IC is the 74HC4066 which has 4 independent bi-directional
quot;ON/OFFquot; Switches within a single package but the most widely used variants of the CMOS analogue switch
are those described as quot;Multi-way Bilateral Switchesquot; otherwise known as the quot;Multiplexerquot; and quot;De-
multiplexerquot; IC´s and these are discussed in the next tutorial.
Comparison of Digital and Handwritten
During the course of our lives, we sign our name many thousands of times - on checks,
applications for loans, marriage licenses - the list is endless. People in positions of
authority can certify the existence of a person with a signature on a birth certificate, or end
a life with a signature on a death warrant. Signatures have been applied in much the same
way since ancient times - by scribing one?s own name. Within the past few years,
cryptography has made a new way to affix signatures practical. The legal and business
communities are rushing to adopt these new cryptographic signature techniques to replace
handwritten signatures - but how analogous are handwritten and digital signatures? This
paper will explore the similarities and differences between traditional and cryptographic
signatures from a technical, legal and practical perspective. Finally, the paper will suggest
that although digital signatures will likely revolutionize electronic commerce, handwritten
signatures will almost certainly continue to be used for some purposes into the foreseeable
Why We Sign, How We Sign - A Brief History of Authentication
It is probably not surprising that the inventors of writing, the Sumerians, were also the
inventors of an authentication mechanism. The Sumerians used intricate seals, applied into
their clay cuneiform tablets using rollers, to authenticate their writings. Seals continued to
be used as the primary authentication mechanism until recent times. 
Use of signatures is recorded in the Talmud (fourth century), complete with security
procedures to prevent the alteration of documents after they are signed. The Talmud even
describes use of a form of quot;signature cardquot; by witnesses to deeds.  The practice of
authenticating documents by affixing handwritten signatures began to be used within the
Roman Empire in the year AD 439, during the rule of Valentinian III. The subscripto - a
short handwritten sentence at the end of a document stating that the signer quot;subscribedquot; to
the document - was first used for authenticating wills. The practice of affixing signatures to
documents spread rapidly from this initial usage, and the form of signatures (a hand-written
representation of one?s own name) remained essentially unchanged for over 1,400 years. It
is from this Roman usage of signatures that the practice obtained its significance in
Western legal tradition. 
In 1677, England passed quot;An Act for Prevention of Frauds and Perjuries,quot; which required
that quot;some note or memorandum in writingquot; that is quot;signed by the partiesquot; exi t for certain
types of transactions.  This quot;Statute of Fraudsquot; had a profound influence on U.S.
commercial law, and is the antecedent of the Uniform Commercial Code (UCC), which is
the basis for most U.S. state and Federal laws governing quot;transactions in goods.quot;
Samuel Morse?s telegraph, first used in 1844, introduced the problem of authenticating
electrically transmitted messages. In the legal dispute Trevor v. Wood, 36 N.Y. 307, in
1867, the court found that telegraphed quot;signaturesquot; met the legal requirements for quot;written
signaturesquot; under the Statute of Frauds. One might say that this was the first legal victory
for electronic commerce! 
Use of networked computers to conduct electronic commerce began in the 1960s, starting
with proprietary systems to move data within individual corporations, and later within
industry groups, such as the railroad and food industries . During the early days of
Electronic Data Interchange (EDI), there was no way to apply cryptographically based
signatures to electronic documents, so the industries relied heavily upon quot;trading partner
agreements.quot; These paper agreements, signed by the parties involved, described the rules to
which the EDI trading partners agreed with respect to honoring purchase order requests,
dispute resolution, and so on. Trading Partner Agreements have been remarkably
successful, with legal disputes regarding EDI transactions being exceptionally rare.
Trading Partner Agreements still remain an important part of Electronic Commerce.
However the world-wide-reach and extremely dynamic population of the Internet makes
establishing Trading Partner Agreements with all the possible participants in electronic
transactions practically impossible. Furthermore, the Intenet is now used for functions
other than electronic commercewith legal requirements for authenticated transactions. For
example, medical records are transferred via the Internet, and privacy concerns regarding
this information demand authenticated access control.
The means to provide digital signatures for computer communications that areroughly
equivalent to handwritten signatures on paper documents became available with the advent
of public key technology.  In 1976 Whitfield Diffie and Martin Hellman published their
landmark paper New Directions in Cryptography. This paper outlined how the difficult
problem of solving discrete logarithms in finite fields could be used to develop asymmetric
public/private key pairs which had clear potential for use in data networks. Diffie and
Hellman suggested, quite prophetically, that the quot;one-way authenticationquot; services offered
by public key schemes would ultimately be of more importance to the business community
than the confidentiality services for which cryptography had traditionally been used.  In
1978, Ron Rivest, Adi Shamir and Len Adleman invented the RSA cryptosystem, which
allowed both encryption and the application of digital signatures. Other digital signature
schemes soon followed, including the ElGamal technique in 1985 and the U.S.
Government?s Digital Signature Standard (DSS) in 1991. The signing and verification
process for each of these algorithms is similar:
1. The signer generates (or is provided) a quot;private signature key,quot; and an
associated quot;public signature key.quot; It is computationally infeasible to
determine the private signature key from knowledge of the public signature
key, so the public key can be widely and freely disseminated.
2. The signer generates a quot;digestquot; of the message to be signed. A quot;message
digestquot; is the product of a quot;hash function,quot; that maps a message of
arbitrarily large size to a specific, small size. For example, message of
25,000 bytes might be quot;hashedquot; to create a message digest of 128 bits (16
bytes). A good hashing algorithm will have the following properties:
? A modification of any bit in the message will result in a
deterministic modification of the message digest;
? Given a specific message digest value, it should be
computationally infeasible to generate a message that will hash to
that message digest value.
3. The signer provides the message digest and a quot;private signature keyquot; as
inputs to the signature algorithm. The output is a quot;signature valuequot; which is
normally appended to the signed data.
4. The verifier, having obtained the signed message, uses the same hash
function as the originator to generate a message digest over the received
message. If the message has not been changed since the signer applied the
signature, the signer?s and the verifier?s hash calculation will result in the
same message digest.
5. The verifier obtains and authenticates the signer?s public signature key,
and provides the message digest, signature value, and signer?s public
signature key to the signature algorithm, which will indicate whether the
signature is valid or not. If the signature is valid, then the verifier has an
indication that the originator signed the message, and that the message was
unchanged during the time between when the message was signed, and
when it was verified.
What are Signatures Good For? Signatures and Security Services
Whether signatures are handwritten or digital, they are applied to achieve three security
? authentication, which is concerned with assurance of identity.  When a sales
clerk compares the signature on the back of a credit card with the signature on a
sales slip, the clerk is using the handwritten signatures as an authentication
mechanism, to verify the person presenting the credit card is the person the card
was sent to by the issuing bank.
? data integrity - assurance that data has not been modified since the signature was
applied. While a handwritten signature does not in itself provide data integrity
services, the security practices traditionally surrounding handwritten signatures,
including the use of indelible ink and tamper-evident paper, provide some measure
of data integrity. Digital signatures provide excellent data integrity services by
virtue of the digital signature value being a function of the message digest; even the
slightest modification of digitally signed messages will always result in signature
? non-repudiation, which is concerned with providing evidence to a third-party
(like a judge, or jury, for example) that a party participated in a transaction, and
thereby protect other parties in the transacton against false denials of participation.
The buyer?s signature on the credit card sales slip provides evidence of the buyer?s
participation in the transaction, and protects the store and the card-issuing bank
from false denials of participation in the transaction by the buyer.
How Strong are Signatures?
No security mechanism, whether manual or automated, provides absolute assurance. There
is evidence that forgery was practiced shortly after the invention of writing, and that it has
remained a problem ever since. In the year 539 AD (100 years after the Romans started
using signatures) the Romans generated legislation (in the code of Justinian) that
established requirements that forensic document examination experts be sworn, and
specifying under what circumstances their testimony may be given in cases of forgery. 
Modern forensic document examiners commonly compare a suspect signature with several
examples of known valid signatures, and look for signs of forgery, which include: 
? Signatures written at a speed which is significantly slower than the
? Frequent change of the grasp of the writing implement;
? Blunt line endings and beginnings;
? Poor line quality with wavering and tremor of the line;
? Retracing and patching;
? Stops in places where the writing should be free.
These techniques are supplemented with ink and paper analysis, electrostatic detection of
writing imprints, and so on.
It is difficult to quantify the strength of handwritten signatures. It seems that the level of
assurance that one can place in a handwritten signature depends largely on the technical
expertise of the forensic document examiner used to investigate the signature. Certainly,
expert forgers have succeeded in some cases, but handwritten signatures continue to be
used, because they generally prov a strength of security services sufficient for the
purposes to which they are applied. Where stronger authentication mechanisms are
required, notarized, witnessed signatures are used - sometimes in elaborate quot;signing
ceremonies,quot; such as those associated with signing bills into law, and entering into treaty
agreements. The basis of the assurance provided by a digital signature is fundamentally
different than that of a handwritten signature. Whereas the judgement of whether a
handwritten signature is valid or not depends on the skill of the examiner (be it the clerk
comparing the credit card against the sales slip, or the forensic document expert), the
judgement of whether a digital signature is valid depends on a great many processes and
procedures working correctly.
If one were to argue in court that quot;I didn?t sign this document, my pen did,quot; the result
would probably be tittering in the courtroom, a lost case, and a possible court-ordered
psychiatric evaluation. However, if one were to argue in court that quot;I didn?t sign the data,
my computer did,quot; the response from the court might be more sympathetic, as anyone who
has used a computer has had the experience of the computer doing something the operator
didn?t want it to do. In addition to accidental programmingerrors (such as one that caused
a British bank to replicate each payment request, with a consequential temporary loss of
about $ 4 Billion), there are many documented instances of networked computersbeing
manipulated by malicious quot;outsidersquot; to do things the legitimate user would never have
Ultimately, people do not sign electronically - they command their computers to sign
electronically on behalf of the signer. Someday an attacker will seize control of a victim?s
signing application to fraudulently sign data, and when this attack becomes public,
confidence in digital signatures may be forever shaken. The impact of such an attack on
juries and judges is difficult to estimate. U.S. Federal Rule of Evidence 901(9) requires
quot;Evidence describing a process or system used to produce a result and showing that the
process or system produces an accurate result.quot;  It seems that a single instance of a
particular signing application being subverted might call all signed evidence produced
using that application (or perhaps even using similar applications) into question. A
fundamental difference, then, between digital signatures and handwritten signatures is that
digital signatures require the intervention of a computer to be applied - and computers are
subject to both accidental errors and malicious subversion. Handwritten signatures, by
virtue of their simplicity, are not subject to these vulnerabilities.
Another difference between handwritten and digital signatures concerns the mechanism of
association between the signer and her signature. A handwritten signature is biologically
linked to a specific individual, but cryptographic authentication systems bind signatures to
individuals through technical and procedural mechanisms. There are strong, mathematical
links between a private signature key, its associated public key, and the message signature,
but the association between the signer and her private key depends on the protect on i
afforded the private key. The association between the signer and her public key depends on
the honesty and diligence of the Certification Authority (CA) issuing the signer?s public
key certificate (a public key certificate is a digitally signed statement by a CA that binds a
public key to a signer?s identity).  Hence, the strength of the security services provided
by a digital signature is a function of the methods used to safeguard the private signature
key, methods used by the CA to identify and authenticate those applying for digital
certificates, the protections provided against corrupt CAs, safeguards against the computers
used by the CA being subverted, and so on. The standards, practices and procedures used to
ensure the validity of the binding between a signer and the signer?s public key represent a
quot;certificate policy.quot; The Internet Engineering Task Force (IETF) Public Key
Infrastructure/X.509 (PKIX) working group has developed a guide for developing
certificate policies that describes certificate policies more precisely as:
quot;A named set of rules that indicate the applicability of a certificate to a
particular community and/or class of application with common security
The IETF goes on to list about 250 quot;policy elementsquot; which can be factored into the
establishment of a certificate policy. These policy elements include methods used to
identify an individual, how the public/private key pairs are generated, how the private keys
are protected, liability limits, and so on. Since different CAs establish and follow different
policies, the strength of digital signatures varies according the policy of the CA who issued
the signers? certificates. Furthermore, digital signature certificates normally state a
quot;validity interval,quot; determined by the CA, during which the certificate may be used to
verify signatures. The matter of what to do about signatures applied using a private key for
which the associated public key has expired is one of many associated with the long-term
validity of digital signatures.
Digital Signatures - Will They Last?
When Anwar al-Sadat was negotiating the Egyptian-Israeli peace treaty of 1979, he
insisted that the peace document be written on papyrus because of the superb archival
qualities that papyrus offers. Egyptian documents and art represented on papyrus have
survived in excellent condition through nearly 5,000 years. Anwar al-Sadat wanted the
peace treaty signatures on papyrus to symbolize his hopes that the peace between Egypt
and Israel would last, like the papyrus, for another 5,000 years.
There are, of course, many situations where documents must be signed and archived, with
the signatures remaining valid for the duration of the archival. The signatures on deeds, for
example, may be called into question many decades after they are applied. Other examples
of signed documents requiring archival, taken from everyday experience, include medical
documents, military discharge papers, and mortgages. Within the government, the Federal
Records Act, 44 United States Code ? 3301 states that quot;any document or material made or
received in the course of government business, which is or should be kept either as
evidence of the conduct of business or because it contains valuable information, is a
record...quot;  This act also specifies that in many cases, these records must be archived.
The National Archives and Records Administration maintains electronic (as well as other)
records for the United States Government,some of which are punched card systems dating
back to World War II! 
When considering digital data archival, it is important to remember digital signature
verification requires each and every bit in the signed document be preserved and read
correctly, just as it was when the signer applied the signature. For example, the flipping of
a bit that changes an quot;squot; character to an quot;S,quot; while undesirable in any electronic document,
would render a digitally signed document completely unverifiab just as if every word in
the document had been changed.
There are at least four problems associated wi h the long-term archival of signed electronic
records. Briefly, they are:
? Deterioration of the source media;
? Obsolescence of the record data format;
? Evolution of cryptographic algorithms and related standards; and,
? Certificate life-cycle.
Source media (tapes, optical disks, floppy disks, etc.) are subject to deterioration over time.
Magnetic media are prone to hydrolysis of the binder in which the magnetic particles are
embedded. Hydrolysis causes the binder to becomesoft and sticky, and transfer from the
media substrate to read/write heads and other surfaces. Another problem with magnetic
media is the magnetic domains within the media quot;top coatquot; can reverse, thus changing
recorded 1?s to 0?s and vice versa. The length of time a tape may be used to archive data
varies from a minimum of about one year under tropical conditions, to about 64 years
under ideal (cool, dry) conditions. 
The quot;weak linkquot; in terms of optical disk archival is the metal reflecting layer, used to
reflect the optical disk reader?s laser. This reflecting layer is typically made of aluminum,
and subject to oxidation, because the reflecting surface is enclosed in materials that canbe
oxygen-permeable. As with magnetic tape, quality of the media and storage conditions play
the dominant role in determining the useful archive lifet ime, but manufacturers estimates
and independent studies indicate that read-only optical disks should last for 100 years
under ideal conditions. Lifetimes for writable optical disks are usually less - between 10 -
50 years (Dual alloy disks being an exception, with an estimated life of 100 years.) 
Physical deterioration of digital record archives can be fairly easily addressed by careful
attention to storage conditions, and periodically transferring records from old media to
new. This approach can also address the problem of changes in standards associated with
physical storage media. Peter Graham, Associate University Librarian for Technical and
Networked Information Servicesat Rutgers University, lists over 22 physical media in
various configurations (punched cards, 7-track tape, 9-track tape, magnetic drums, and so
on) that have been used for long-term data storage. Only a very few of these media are still
in use.  For example, 5 1/4 inch floppy disks, so common ten years ago, are now very
rarely used - but during the transition from 5 1/4 to 3 1/2 inch disks, many computers were
available that accepted both media types. Because hardware capable of using both formats
was available, data originally stored on 5 1/4 inch disks could be moved to the newer
format - as long as someone recognized the data on the old disks as being worth saving!
A more intractable problem is associated with changing standards for representation of the
data on the media. Very few documents written with the Disk Operating System (DOS)
based word processors available ten years ago are readable with the word processing
applications available today. Simon Pockley asserts in his essay Lest We Forget that
devices used to store, process and retrieve data currently have a life cycle of only two to
five years. Some historically important data has alreadybeen irretrievably lost to data
processing system obsolescence. For example, the data collected from the first Landsat
satellite, launched in 1972, can no longer be read. 
Digital signatures exacerbate the problem of technological obsolescence. They make the
most common coping technique - conversion to new formats during transition periods -
impossible unless the original signer can resign under the new format - a solution which is
always burdensome and often impossible. From a digital signature perspective, a change to
a document format is indistinguishable from a change to the document content, and will
result in an unverifiable signature.
A similar problem is associated with the mercurial nature of cryptographic algorithms and
standards. Aside from the signer?s private signature key, a digital signature is a function of:
The message being signed (including any encoding of the data);
The hashing algorithm used; and,
The signature algorithm used.
We have already seen that the formatting of data is changing continuously. It appears that
digital signature standards are also likely to undergo continuous evolution. Hashing
algorithms that have been used in the short history of digital signatures include MD2,
MD4, MD5, and the Secure Hashing Algorithm - 1 (SHA-1). There are frequent proposals
for improving upon these algorithms as new cryptanalytic attacks are found, more efficient
hashing mechanisms are devised, and computer hardware (for example the move from 16
bit to 32 bit machines) changes algorithm requirements. Similarly, the signature algorithms
are undergoing rapid evolution in terms of cryptographic key size, and even adoption of
entirely new cryptographic techniques, such as the move to elliptic curve based algorithms
from those based on factoring product of prime numbers. The net result of all this constant
improvement is that signatures applied to messages today will likely not be verifiable even
ten years hence, unless verifying applications maintain a complex and ever growing array
of hashing and signature algorithms. If the old signature and hashing algorithms were
replaced for reasons of security, there is a question of whether the old signature should be
verified at all.
Earlier we explored the role of the Certification Authorities in binding identities to public
keys. It must be stressed that digital signatures cannot be verified without certificates.
Certificates expire. VeriSign Corporation, for example, issues certificates to end-entities
for one year periods.  Certificate validity dates vary from one Certification Authority to
another, and a single CA can support several certificate policies with different certificate
validity periods. Certificates can be renewed, but if they are not renewed, they expire, and
are not supposed to be used to verify signatures thereafter.
Even if the problem of expiring certificates were solved, it may become difficult over time
to determine where to go to find the certificaterequired to verify a signature applied by a
particular signer. Corporations come into existence, then are bought-out, or go out of
business. The status of certificates issued by Certification Authorities sponsored by long-
dead corporations is not clear. Handwritten signatures, of course, have none of the
problems associated with aging, because they are intrinsically bound to an individual for
life - and thereafter.
While handwritten signatures are subject to forgery in a way that digital signatures, by
virtue of their cryptographic properties, are not, digital signatures are subject to
compromise (loss or disclosure) of the signer?s private key, just as Sumerian and Roman
seals were subject to loss or theft. Compromise is a vulnerability not associated with
handwritten signatures. Well designed public key systems have mechanisms for quot;revokingquot;
public key certificates associated with compromised private keys. Lists of revoked
certificates can be published, or centralized verification centers can be set up, so verifiers
can confirm a certificate is still valid.  These revocation mechanisms bring new
problems of their own, though. Suppose Bob Bigwig of Sleazy Inc. submits a signed
electronic bid for a contract, then learns through his corporate intelligence that he could
have bid $500,000 more, and still have submitted the lowest bid. In theory, at least, Bob
could quot;accidentally on purposequot; compromise his private signature key, and request the CA
to revoke his certificate. Once Bob?s certificate is revoked, the signature on Bob?s bid will
no longer verify. Bob could then obtain a new private signature key with a new certificate,
and submit a new bid that would verify. The solution to this kind of problem is quot;trusted
time stamps,quot; which involve sending messages to quot;trusted third partiesquot; who verify the
existence of a message at a particular time. In Bob?s case, he?d send his bid to the trusted
third party, who would digitally sign a statement that the message existed at a particular
time. Bob would then send his timestamped bid. Future claims of key compromise would
not constitute repudiation of messages signed prior to the compromise.This process is very
similar to the concept of a quot;public notaryquot; who confirms existence of documents, witnesses
handwritten signatures and so on. The trusted third party is sometimes referred to as a
To address the problem of long-term archival of digitally signed documents, the Federal
Public Key Infrastructure Technical Working Group has broken the life of a digitally
signed document into three phases. During the first phase, the certificate is still valid, and
revocation data should be available through quot;normalquot; channels - directories, on-line
verification, and so on.
The second phase begins upon expiration of the certificate. For some time after the
certificate expires, a public key infrastructure should be able to support non-repudiation
dispute resolution by providing evidence concerning the history and status of the
certificates it issued. In other words, a Certification Authority should be able to state that a
particular certificate was valid at a particular point in time, or be able to say when and why
a certificate was revoked.
It would be burdensome and unrealistic to expect public key infrastructures to provide a
dispute resolution service for every certificate they issue in perpetuity. To solve the
problems associated with media deterioration, technological obsolescence, and the
infrastructures ceasing operations, documents that require long-term archival should be
sent to digital archivists. If the record has been digitally signed, then the archivist verifies
the signature upon receipt, and generates a statement indicating who signed the record.
Thereafter, the archivist is responsible for ensuring the availability and integrity of the
archived digital data. During this final phase of long-term data archival, preservation of the
originally applied digital signature and the precise bit-patterns of the original data need not
be maintained. The originator?s digital signature will probably be unverifiable after five to
ten years anyway, due to cryptologic and application obsolescence. The archivist would be
responsible for implementing procedures to ensure the content of the archiveddata is not
changed - though format changes would be allowed. 
Signatures and the Law
As was mentioned earlier, the legal standing of handwritten signatures for business
contracts is based on the Statute ofFrauds, which states that for certain kinds of contracts
to be enforceable, quot;some note or memorandum in writing,quot; quot;signed by the partiesquot; must
exist.  The Uniform Commercial Code states that:
quot; ?Signed? includes any symbol executed or adopted with present intention
to authenticate a writing.quot; 
By this definition, a record is quot;signedquot; if such a symbol is included with the record,
regardless of the degree of security associated with that symbol. For example, the initials
some people place at the end of an e-mail could be considered a quot;signature,quot; even though
forgery of such a quot;signaturequot; is trivially easy.
There is little doubt that if someone fraudulently signs a document, whether the
authentication mechanism is handwritten signatures, digital signatures, or typed initials,
that a crime has been committed. 18 United States Code ? 1343, Fraud by wire, radio, or
quot;Whoever, having devised or intending to devise any scheme or artifice to
defraud, or for obtaining money or property by means of false or fraudulent
pretenses, representations, or promises, transmits or causes to be transmitted
by means of wire, radio, or television communication in interstate or foreign
commerce, any writings, signs, signals, pictures, or sounds for the purpose
of executing such scheme or artifice, shall be fined under this title or
imprisoned not more than five years, or both. If the violation affects a
financial institution, such person shall be fined not more than $1,000,000 or
imprisoned not more than 30 years, or both.quot; 
Similarly, 18 United States Code ? 1001 would cover cases in which digital signatures
were fraudulently used to authenticate messages sent to the United States government:
quot;Whoever, in any matter within the jurisdiction of any department or
agency of the United States knowingly and willfully falsifies, conceals or
covers up by any trick, scheme, or device a material fact, or makes any
false, fictitious or fraudulent statements or representations, or makes or uses
any false writing or document knowing the same to contain any false,
fictitious or fraudulent statement or entry, shall be fined not more than
$10,000 or imprisoned not more than five years, or both.quot; 
The question, then, is not whether digital signatures have legal standing, since they can be
used to commit to a contract under the UCC, and can be used to put people in prison if
abused - but whether digital signatures provide an equivalent level of evidence of fraud (or
the lack of fraud) as do handwritten signatures. There are differing opinions on this matter.
The Food and Drug Administration commissioned a study, completed in 1992, to examine
the use of electronic authentication, and found digital signatures to be proscribed by
regulation for certain applications because of the perception that they provide a lower level
of assurance than handwritten signatures.  The Federal Public Key Infrastructure Legal
and Policy Working Group, composed primarily of Federal Government lawyers, has
expressed a somewhat contrary opinion that is more in line with that of the American Bar
Association - that use digital signatures should be adopted widely within the Federal
Government. It seems likely that use of digital signatures within the Federal bureaucracy
will start with low-assurance applications where the risk of fraud is minimal, and increase
in scope over time as practical and legal experience with the technology is acquired.
State governments have been engaged in a flurry of legislative action concerning digital
signatures since Utah passed its groundbreaking Digital Signature Act in 1995. Some of
these laws are concerned primarily with the requirements and liabilities of Certification
Authorities, but many, like California?s, explicitly state that quot;digital signatures shall have
the same force and effect as a manual signaturequot; if these digital signatures meet certain
requirements, such as being unique to the signer, providing data integrity, and compliance
with regulations imposed by the state.  In general, the states have been eager not to be
left behind in any digital signature spurred commercial revolution and are trying to provide
the legal infrastructure that would promote their own states as electronic commerce leaders.
Several national governments have passed digital signature laws for much the same reasons
as the American states - and these national laws are similar in many respects to the U.S.
state laws. The German Bundestag passed a Digital Signature Law on June 13, 1997 that
describes requirements for a public key infrastructure. The law does not address the legal
validity of digital signatures, though the German Federal Justice Ministry is working on
follow-on legislation that will. 
On the international level, the United Nations Commission on International Trade Law
(UNCITRAL) composed the UNCITRAL Model Law on Electronic Commerce in 1996.
This model law recognizes the legal validity and force of data messages:
quot;Article 6. Writing
(1) Where the law requires information to be in writing, that requirement is
met by a data message if the information contained therein is accessible so
as to be usable for subsequent reference.quot; 
Article 7, concerning signatures, goes on to stipulate...
quot;(1) Where the law requires a signature of a person, that requirement is met
in relation to a data message if:
(a) a method is used to identify that person and to indicate that
person?s approval of the information contained in the data
(b) that method is reliable as was appropriate for the purpose
for which the data message was generated or communicated,
in light of all the circumstances, including any relevant agreement.quot;
To summarize then, there is generally a movement in the legislative bodies of the United
States and the rest of the world to augment existing laws concerning electronic fraudwith
laws specifically oriented toward promoting the use of digital signatures for electronic
Conclusions and Opinions
Handwritten and digital signatures share some similarities:
? Both provide the security services of authentication, data integrity, and non-
? Both handwritten and digital signatures have legal standing, and the legal
standing of digital signatures is increasing with the passage of various state and
national laws to become the equal (or more) of handwritten signatures.
Differences between digital and handwritten signatures include:
? A handwritten signature is biologically linked to a specific individual, whereas a
digital signature relies on the protection afforded a private signature key by the
signer, and the procedures implemented by a Certification Authority.
? Handwritten signatures are under the direct control of the signer, whereas digital
signatures must be applied by a computer commanded by the signer.
? Forgery of handwritten signatures has been practiced for centuries, whereas
forgery of digital signatures, in the absence of compromise of the private signature
key, or hijacking of the signature mechanism, is virtually impossible. The
mechanisms of forgery for handwritten and digital signatures are fundamentally
? The detection of handwritten signature forgery depends on the sk of the
examiner. Many handwritten forgery attempts will not be detected until after action
is taken on the basis of the suspect si nature (e.g., after the check is cashed). Due to
the cryptographic nature of digital signatures, attempted forgeries are immediately
obvious to any verifier, except in the case where a private signature key has been
compromised, or control of the signing mechanism has been seized. In these cases,
distinguishing between a valid and invalid digital signature may be impossible,
even for a computer forensics special st.
? The data integrity service provided by digital signatures is much stronger than
that provided by handwritten signatures.
? Handwritten signatures can be witnessed, whereas digital signatures cannot be -
though they can be notarized.
? Handwritten signatures can be verified in perpetuity, whereas digital signatures
will likely become unverifiable after ten years or so due to data processing
equipment and cryptograph standards obsolescence, certificate expiration, and
? Handwritten signatures are inherently secure against repudiation (again, to the
extent of the skill of the document examiner), whereas digital signatures require
third party time-stamping to augment their non-repudiation security service.
? Handwritten signatures are all roughly equivalent in the level of security they
provide (though their level of assurance can by augmented by techniques such as
use of special inks and papers, witnesses, notaries, and signature cards). Digital
signatures vary widely in the strength of the security services they offer,depending
on the certificate policy associated with the signer.
? Handwritten signatures are extremely simple, and easy to understand. The
forensics techniques used to detect fraud are easily explained to lawyers, judges,
and juries. Digital signatures are fiendishly complex, involving arcane number
theory, the workings of computer operating systems, communications protocols,
certificate chain processing, certificate policies, and so on. There are very few
people on this planet (if any) who completely unders tand every process involved in
generating and verifying a digital signature. The potential for confused lawyers,
judges and juries is extreme.
Digital signatures have the potential to have the greatest impact on commerce since the
invention of money. Digital signatures allow us to identify ourselves and make
commitments in cyberspace in much the same way as we do in actual space. Nonetheless,
digital signature have important limitations, the most significant being their temporary
nature. The differences between handwritten and digital signatures will likely have some
? The use of digital signatures for high-value financial transactions outside the
protection of trading partner agreements is likely to proceed relatively slowly, until
experience with the risks associated with use of digital signatures is accrued.
? Initial use of digital signatures is likely to be limited to applications where long-
term archival is not very important, such as purchase orders, electronic funds
transfers, authentication to on-line services, and the like. Applications requiring
long-term archival (birth and death certificates, deeds, government records, etc.)
will probably require the establishment of electronic data archival centerscapable
of verifying digital signatures, and associating the verified data with t e identity of
the signer. Current laws dealing with digital signatures seem to have glossed over
or overlooked long-term non-repudiation. These laws will likely be revised over the
next five years or so as the practical limitations of digital signature archival
? Applications requiring high levels of non-repudiation assurance will likely require
the use of digital time-stamping (or notary) services. These services may be
provided by commercial or Government entities.
? At some point a clever cyber-criminal will commit a fraud through compromise
of a private signature key, or by seizing control of the legitimate signer?s computer.
When this happens, it will probably be a major news event, and the whole concept
of digital signatures will be called into question, notwithstanding the fact that
handwritten signatures do not provide perfect security assurance either. The future
of the use of digital signatures will depend greatly on the early court decisions
concerning who is held liable for losses, and the success of the prosecution?s
It seems unlikely that digital signatures will fully replace handwritten signatures in the
foreseeable future. Handwritten signatures have a lot going for them - they are fast, cheap,
easily understood, and last forever. Digital signatures will probably never be used for treaty
authentication, signing bills into law, or other ceremonial or historical occasions.
When handwritten signatures were invented, they augmented seals, which had been in use
for over 3,000 years - they did not replace them. In fact, seals continue to be used today.
Instead, handwritten signatures took their place beside seals as an authentication
mechanism useful for particular purposes, and over time, handwritten signatures gradually
increased in the frequency and scope of their usage. It is likely to be much the same with
digital signatures, which are the latest authentication tool in the continuing advancement of
I would like to thank. Les Perelman of the MIT Writing Program for his contributions to
From Wikipedia, the free encyclopedia
Jump to: navigation, search
A digital comparator is a hardware electronic device that compares two numbers in
binary form and generates a one or a zero at its output depending on whether they are the
same or not.
Comparators can be used in a central processing unit (CPU) or microcontroller in
branching software. A comparator can be simulated by subtracting the two values (A & B)
in question and checking if the result is zero. This works because if A = B then A - B = 0.
The analog equivalent is the comparator. Many microcontrollers have analog comparators
on some of their inputs that can be read or trigger an interrupt.
The operation of a single bit digital comparator can be expressed as a truth table:
A B A<B A=B A>B
0 0 0 1 0
0 1 1 0 0
1 0 0 0 1
1 1 0 1 0
The operation of a two bit digital comparator can be expressed as a truth table:
A1 A0 B1 B0 A < B A = B A > B
0 0 0 0 0 1 0
0 0 0 1 1 0 0
0 0 1 0 1 0 0
0 0 1 1 1 0 0
0 1 0 0 0 0 1
0 1 0 1 0 1 0