tl;dr: Digital signatures are one of the most important cryptographic primitives today. They are used to establish HTTPS connections with your favorite website, to securely download software updates, to provably send emails to others, to sign legal electronic documents, or to transact on a cryptocurrency like Bitcoin.
Algorithms
A digital signature scheme is a tuple of three algorithms, defined below. Think of these as the “API interface” of a digital signature scheme like RSA or BLS.
$\mathsf{KeyGen}(1^\lambda) \rightarrow (\sk, \pk)$
Generates a key-pair: a secret key $\sk$ and its associated public key $\pk$.
$\mathsf{Sign}(m, \sk) \rightarrow \sigma$
Signs a message $m$ using the secret key $\sk$, producing a signature $\sigma$.
$\mathsf{Verify}(m, \pk, \sigma) \rightarrow \{0,1\}$
Verifies the signature $\sigma$ on $m$ under the public key $\pk$, returning 1 for success and 0 otherwise.
Examples
This blog has several examples of digital signatures schemes that instantiate the algorithms above. Schnorr and ECDSA are the most popular ones used today (2025). But we also cover more esoteric schemes like BBS+ or PS.
Correctness
Intuitively, we say a digital signature scheme is “correct” if any signature $\sigma$ obtained via $\sign(m,\sk)$ will verify successfully under $\verify(m,\pk,\sigma)$, assuming $(\sk,\pk)$ were obtained by running $\keygen$.
Define.
Security
There is an entire zoo of security notions for digital signatures, depending on the intended usage. Below, we give the strongest notion, which most applications need (e.g., certificates for HTTPS, secure email, and cryptocurrencies).
Existential unforgeability under chosen message attack (EUF-CMA)
Define.
References
For cited works, see below 👇👇