Digital Signatures in 2024: A Sign of Trust in the Age of AI

In a time where deepfakes and AI hallucinations are becoming increasingly common, verifying the authenticity of important documents is more important than ever. Learn how digital signature technology like hashing and PKI builds trust and ensures authentic, untampered documents.

Generative AI is transforming the digital world, creating detailed images, endless streams of copy, and ready-made code in the blink of an eye. Though the idea of an “instant creative” is appealing and does have many practical applications (when the technology is used carefully), issues with generative AI have the potential to be much more serious than rendering super weird hands.

When we use AI tools designed to make stuff up, we shouldn’t really be surprised when it, well, makes stuff up. Turns out these fabrications, known as hallucinations, might be much more common than originally thought. Among leading AI companies, hallucination rates run anywhere from 3 to 27%.

So, extra fingers and made-up words like “catgacating” (in honor of the latest viral AI mishap) aside, how can you be sure important content and documents are genuine and from a trusted source?

One way to verify authenticity is by using digital signatures. A digital signature is a cryptographic solution that produces a verifiably untampered document.

Read on to learn how digital signatures ensure trust in the age of AI, and explore trends around this technology.

As mentioned above, a digital signature is a cryptographic solution that produces a verifiably untampered document. It authenticates the signer’s identity, signature origin, and digital document status.

In an earlier blog post, we explored how digital signatures are different from wet signatures and e-signatures. Here’s a quick summary of the other signature types:

Digital signatures, on the other hand, use hashing algorithms and public key infrastructure (PKI) to ensure integrity, authenticity, and non-repudiation.

A hashing algorithm is a cryptographic hash function that turns an arbitrary block of data into a fixed-size bit string. Or, put slightly more simply, a hashing algorithm protects data by garbling it to make it unreadable. They’re one-way programs, so nobody else can decode or unscramble the data.

When used with digital signatures, hashing can help you prove that the data hasn’t been altered once the author is finished with it. This is because the hash, or specific string of letters and numbers generated by the algorithm, will only remain the same if the input itself (like a PDF document) has not been changed. This ensures the integrity of documents.

Public key infrastructure (PKI) is the framework of encryption that protects and authenticates digital communications. It uses cryptographic public keys connected to a digital certificate that authenticates the device or person sending or signing the digital communication.

These digital certificates are issued by a certificate authority (a trusted source) to ensure the sender/signer is who they say they are and that they can’t lie about it. This helps create a “web of trust” that covers authenticity and non-repudiation.

For more technical details on how digital signatures work, check out our Ultimate Guide to Digital Signatures.

One part of the “web of trust” that’s been growing in popularity is Trust Service Providers (TSPs). TSPs are trusted third parties that provide digital certificates.

In certain jurisdictions, TSPs are backed by regulations like eIDAS (Electronic Identification and Trust Services) in the UK. eIDAS is a legal framework that covers electronic signatures, time stamps, documents, registered delivery, and other trust services.

Included in eIDAS is PAdES, a standard that covers PDF documents specifically. PAdES introduces a set of restrictions and extensions in the PDF format to enhance security and validation methods for electronic signatures. Apryse digital signature solutions like WebViewer and the PDF SDK (Software Development Kit) fully support the PAdES standard.

To learn more about PAdES, check out our blog post.

Generative AI’s ability to create convincing content has led to a rise in the need to verify exactly where content comes from. Fabrications, forgeries, and misinformation have always existed, but AI unfortunately makes the production a lot quicker and easier – and the results can sometimes be nearly indistinguishable from reality.

This can be problematic for many reasons. For example, AI could be used to manufacture false evidence in a court case. Or manipulate someone’s likeness to make it look like they're endorsing a product or political candidate – regardless of the real person’s opinion.

Enter the Coalition for Content Provenance and Authenticity (C2PA). C2PA is an open technical standard providing publishers, creators, and consumers the ability to trace the origin of different types of media.

It works by adding metadata to documents which details both the origin and any edits in a C2PA manifest file. The manifest is securely bound to the document using digital signatures and serves as a record of the content’s journey. This helps ensure content comes from a trusted source.

Learn more about C2PA and the battle against AI-generated deception.

Want more insight? Be sure to check out our webinar Digital Signatures: A Sign of Trust in the Age of AI

If you’re ready to avoid AI hallucinations and provide the highest level of trust and authenticity for your documents, explore Apryse digital signature solutions today. You can start a 30-day trial now, or if you’d like more information, feel free to get in touch with our team.