The sender of the data is as claimed; that is, the sender has signed the data and this signature can be checked.

The transmitted data has not been changed since the sender created and signed the data.

 

Given the overheads of encryption and decryption, signing data via complete encryption/decryption can be overkill.  Using message digests, can accomplish these two goals without full message encryption.

 

A message digest is in many ways like a checksum.  Message digest algorithms take a message, m, of arbitrary length and compute a fixed-length "fingerprint" of the data known as a message digest, H(m).  The message digest protects the data in the sense that if m is changed to m' then H(m), computed for the original data will not match the H(m') computed over the changed data, m'.

 

Our definition of a message digest may seem quite similar to the definition of a checksum or a more powerful error-detection code such as a cyclic redundancy check.  Checksums, cyclic redundancy checks, and message digests are all examples of hash functions.  The Internet checksu, CRCs, and message digests all meet this definition.  If signing a message digest is going to be just as good as signing the entire message, it is going to satisfy the nonforgeability requirement, then a message digest algorithm must have the following additional property:

 

It is computationally infeasible to find any two different messages x and y such that H(x)=H(y).

 

This property means that it is computationally infeasible for an intruder to substitute one message for another message that is protected by a message digest.  If (m,H(m)) are the message and message digest pair created by the sender, then an intruder cannot forge the contents of another message, y, that has the same message digest value as the original message.