Electronic and Digital Signatures

Smart contracts and other blockchain transactions (e.g., transfers of assets represented by digital tokens) are purported to have legal significance. That legal significance hinges on assent by the parties usually captured in a contract signature. Blockchains, distributed ledgers, smart contracts and similar technologies rely on cryptographic signatures for authentication and authorization of account transactions. Cryptographic keys are often considered as signatures representing account holder identities.  Technologists speak of “signing” documents with keys in public key cryptography. These cryptographic signature operations do not always have all the same characteristics as traditional manuscript signatures.

Close-up view on conceptual keyboard – Digital Signature (blue key)

The function of a signature is generally determined by the nature and content of the document to which it is affixed (e.g., indicating agreement or endorsement of the material above the signature).  Historically, manuscript signatures have included a variety of formats – handwritten names, initials, symbol (e.g., X). In legal context, a signature can provide a number of functions – primary evidential functions, secondary evidential functions, cautionary functions, protective functions, channeling functions, record keeping functions (Mason 2016, Ch 1). Evidence relevant to manuscript signatures includes identity of person affixing the signature, intention to authenticate and adopt the document.  For legal entities (partnerships, corporations etc.), the scope of signature authority can also be a significant factor. Several legal defenses may be applicable to manuscript signatures: forgery, conditionality, misrepresentation, not an act of the person signing, mental incapacity, mistake, document altered after signature, person signing did not realize the document had legal significance, and other defenses based on unreasonableness or unfairness.

The ESIGN Act (2000) established the general validity of electronic signatures, and electronic contracts. A definition for an electronic signature is provided as:

The term “electronic signature” means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record. (15 USC 7006 (5))

An example of an electronic signature is a biometric signature. A biometric signature is a binary coded representation of a person’s biometric characteristics used for authentication purposes in distributed computing systems (Bromme 2003). Another example definition of a type of electronic signature is the  S-signature from the USPTO:

(d)(2) S-signature. An S-signature is a signature inserted between forward slash marks, but not a handwritten signature … (i)The S-signature must consist only of letters, or Arabic numerals, or both, with appropriate spaces and commas, periods, apostrophes, or hyphens for punctuation… (e.g., /Dr. James T. Jones, Jr./)..

(iii) The signer’s name must be:

(A) Presented in printed or typed form preferably immediately below or adjacent the S-signature, and

(B) Reasonably specific enough so that the identity of the signer can be readily recognized. (37 CFR Sec. 1.4)

Other Federal regulations (e.g., CFTC regulations, see 17 CFR Part 1 Sec. 1.3)havevery similar definitions for electronic signatures to the ESIGN Act. The UETA electronic signature definition (Uniform Law Commission 2019, Sect 2 (7) (8)) as enacted by most states also has very similar language to the ESIGN Act (see e.g., Georgia’s O.C.G.A. 10-12-2 (2010)). Arizona, Nevada, Tennessee, however, have amended their UETA statutes to incorporate blockchain and smart contracts (see e.g. A.R.S. 44-7061). The Uniform Law Commission guidance (2019b) considered this redundant and subject to preemption by the federal act.  Beyond electronic signatures, the FDA regulation identify and distinguish a digital signature:

(5) Digital signature means an electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified.

(7) Electronic signature means a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature. (21 CFR Sec. 11.3)

Internationally, this distinction between electronic and digital signatures is also captured in UNCITRAL’s Model Law on Electronic Signatures (United Nations 2001) and its associated guide which examined various electronic signature techniques that purported to provide functional equivalents to (a) handwritten signatures; and (b) other kinds of authentication mechanisms used in a paper-based environment (e.g. seals or stamps). Electronic signatures were categorized into digital signatures based on public key cryptography and other electronic signature mechanisms (e.g., biometrics, PINs, clicking an acknowledgement box, etc.). NIST’s Digital Signature Standard (Barker 2013) defines a digital signature algorithm based on the work of (Rivest, Shamir and Adelman 1978). ANSI (1998) also defines an algorithm based on Elliptic curve cryptography. Other jurisdictions have similar standards developed by other standards bodies (e.g., ETSI, ISO).

Use of cryptography for authentication purposes by producing a digital signature does not necessarily imply the use of cryptography to make any information confidential, since the encrypted digital signature may be merely appended to a non-encrypted message. A “hash function”, is used in both creating and verifying a digital signature. A hash function is a mathematical process, based on an algorithm which creates a standard length, compressed, substantially unique, digital representation (often referred to as a “message digest”, “hash value” or “hash result) of the message. The most common algorithms for encryption are based on an important feature of large prime numbers: once they are multiplied together to produce a new number, it is particularly difficult and time-consuming to determine which two prime numbers created that new, larger number. The cryptographic algorithms such as RSA or Elliptic curves have no publicly-known methods for rapid decryption of the keys. Brute force approaches relying on massive computation resources become more feasible with technology trends (e.g., Moore’s law) reducing the cost of computing and the commercial availability of massive cloud computing resources (e.g., Microsoft Azure, Amazon EC2 etc.). Quantum computing developments also threaten to undermine these algorithms.  Hence there has been recent interest in improved (“Post Quantum”) cryptographic algorithms (see e.g., Alagic et al 2019).

Cryptographic signatures, then, are the basis that blockchains and smart contracts rely on for asserting the legal significance of transactions binding parties to blockchain transactions. Beyond the creation of a signature it is the operations and processes around those cryptographic signatures (in contrast to the operations and processes around manuscript signatures) that  sustains any legal significance to these bits of information.

References

Alagic, G., Alperin-Sheriff, J. M., Apon, D. C., Cooper, D. A., Dang, Q. H., Miller, C. A., … Robinson, A. Y. (2019). Status Report on the First Round of the NIST Post-Quantum Cryptography Standardization Process. NIST Interagency/Internal Report (NISTIR) – 8240.

ANSI, (1998). X. 63: Public Key Cryptography for the Financial Services Industry, Key Agreement and Key Transport Using Elliptic Curve Cryptography. American National Standards Institute.

Barker, E. B. (2013). Digital Signature Standard (DSS). Federal Inf. Process. Stds. (NIST FIPS) – 186-4.

Bromme, A. (2003, July). A classification of biometric signatures. In 2003 International Conference on Multimedia and Expo. ICME’03. Proceedings (Cat. No. 03TH8698) (Vol. 3, pp. III-17). IEEE.

ESIGN, Pub.L. 106–229, 114 Stat. 464, enacted June 30, 2000,

Mason, S. (2016). Electronic signatures in law . University of London Press.

Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.

Uniform Law Commission (2019a)  Electronic Transactions Act available online at: https://www.uniformlaws.org/HigherLogic/System/DownloadDocumentFile.ashx?DocumentFileKey=fd76ae1a-1298-e59e-d1fe-68029b97711b&forceDialog=0 

Uniform Law Commission (2019b) Guidance Note Regarding the Relation Between the Uniform Electronic Transactions Act and Federal Esign Act, Blockchain Technology and “Smart Contracts” available online at: https://www.uniformlaws.org/HigherLogic/System/DownloadDocumentFile.ashx?DocumentFileKey=d2026984-1040-3c6f-62c8-a676b12d7bff&forceDialog=0 United Nations (2001) Model Law on Electronic Signatures of the United Nations Commission on International Trade Law, Resolution adopted by the General Assembly 12 December 2001 A/Res/56/80