WYSIWYS

WYSIWYS is an acronym for What You See Is What You Sign, used in cryptography to describe the property of digital signature systems that the semantic content of signed messages can not be changed, either by accident or intent.

Meaning

The concept of “digital signature”, first publicly described by Diffie and Hellman (1976) in their classic paper “New directions in Cryptography”^[1], suggests that it is a computer-based equivalent of physical written signatures. Although there are similarities between handwritten and digital signatures there are also fundamental differences. The main similarity is that both types of signatures can provide evidence of authenticity of a document. The differences are due to the radically different nature of paper based documents on the one hand and digital documents on the other. In paper-based transactions a document consists of text printed as ink on a piece of paper, where the text represents the information and the paper represents the storage medium. In this way the information and the storage medium are inseparable. The validity of a paper-based document is authenticated by a signature written in ink on the same piece of paper. The signature serves as evidence of the signer’s agreement to the text on the paper, and the verification of signatures can be done directly without any complex instruments.

For digital signatures all of this changes. Documents are immaterial because the information is represented by logical bits that can be stored on, and copied to, any suitable electronic medium, and they only become meaningful to humans when represented through an analogue physical medium such as a computer screen or a printout. The validity of a digital document is authenticated by verifying that the digital signature logically matches the bit string representation of the document. Because a digital document in its bit string form can not be observed or interpreted directly by the signer, the digital signature should only serve as evidence of the signer’s agreement to the high level semantic interpretation of the document, although technically speaking it represents the signer’s agreement to the bit string document itself. For human signers, digital signatures should in fact be interpreted as an agreement to the analogue representation of documents e.g. on a computer screen. Highly complex instruments are now needed not only for interpreting the document but also for producing the digital signature. The complexity of the instruments needed to interpret and visualize the digital document determines the semantic distance between its bit sting representation and its semantic interpretation.

It is relatively easy to change the interpretation of a digital document by implementing changes on the computer system where the document is being processed, and the greater the semantic distance, the easier it gets. From a semantic perspective this creates uncertainty about what exactly has been signed. WYSIWYS ^{[2][3][4] [5]} means that the semantic interpretation of a digitally signed message can not be changed, either by accident or by intent. This also means that a digital document to be signed can not contain hidden semantic content that can be revealed after the signature has been applied, because that would mean that the semantic interpretation of the document can change. WYSIWYS is a desirable property of digital signature systems that is difficult to guarantee because of the increasing complexity of modern computer systems. Various methods have been proposed to make WYSIWYS more robust. ^{[6] [7]}

References

1. W. Diffie and M. E. Hellman. "New directions in cryptography". IEEE Transactions on Information Theory, 22(6):644–654, November 1976.
2. A. Weber, "See What You Sign: Secure Implementations of Digital Signatures", in Proceedings of the International Conference on Intelligence and Services in Networks, 1998, pp. 509-520.
3. K. Scheibelhoferm, "Signing XML Documents and the Concept of What You See Is What You Sign", Masters thesis, Graz University of Technology, Austria, 2001.
4. A. Spalka, A.B. Cremers, H. Langweg, "The fairy tale of What You See Is What You Sign - Trojan Horse Attacks on Software for Digital Signatures", in IFIP Working Conference on Security and Control of IT in Society-II (SCITS-II).
5. A. Jøsang, D. Povey and A. Ho. "What You See is Not Always What You Sign". Proceedings of the Australian Unix User Group Symposium (AUUG2002), Melbourne, September, 2002.
6. A. Jøsang and B. AlFayyadh. "Robust WYSIWYS: A Method For Ensuring that What You See Is What You Sign". Proceedings of the Australasian Information Security Conference (AISC'08), Wollongong, Australia, January 2008.
7. A. Alsaid, C. Mitchell, "Dynamic Content attacks on Digital Signatures", Information Management and Computer Security 13(4), 2005, pp.328-336.