What type of digital signatures are used in e-commerce? [closed]

DSS and DSA are no longer used. They're based on prime numbers (technical term: finite field), and parameters don't scale well. Elliptic curve digital signature algorithms are what's prevalent nowadays.

The application of E-Commerce is particularly interesting, because unlike Internet applications, digital signatures in commerce must be legally binding. Therefore some countries and regions (China, EU, etc.) have their own standards for digital signatures. Most that I'm aware of are currently (2025) based on elliptic curves.

The implementation aspects of E-Commerce digital signature are also important, because you can't let your users be tricked into signing contracts, and you need to leave room for test signatures - so that merchants can be familiar with the setup without actually committing actual transactions.

You’re right that DSS and DSA are mostly outdated today. In modern e-commerce systems, digital signatures rely on more secure and efficient algorithms like ECDSA (Elliptic Curve Digital Signature Algorithm) or EdDSA.

What makes e-commerce different from general internet use is that digital signatures here must often be legally binding. That’s why most systems are built on top of a Public Key Infrastructure (PKI) — using digital certificates issued by trusted Certificate Authorities (CAs) to verify both the signature and the signer’s legal identity.

You’ll also find RSA-PSS still used in some certificates (X.509, TLS), and emerging post-quantum algorithms (like CRYSTALS-Dilithium) being explored for long-term security.

In short:

DSS / DSA: legacy, not recommended.

ECDSA / EdDSA: current standards.

RSA-PSS: still common in certificates.

PKI and legal compliance (eIDAS, etc.): essential in e-commerce.

To be exact DSS is and has been a series of documents named Digital Signature Standard (FIPS 186) published by the National Institute of Standards and Technology (NIST) in the US government's Commerce Department.

The initial version of FIPS 186 in 1994 contained only one algorithm, the Digital Signature Algorithm (DSA), based on but modified from one then patented by Schnorr. As a result, some people (especially the then-new Secure SHell (SSH) protocol) called this algorithm 'DSS', in the same way the earlier 'Data Encryption Algorithm' contained in the 'Data Encryption Standard' (FIPS 46) by NIST's predecessor the National Bureau of Standards (NBS) was commonly called DES rather than its official name DEA -- and it still is, though less often now because original/single DES is broken, obsolete, and widely prohibited, and even 'triple-DES' (really triple-DEA or TDEA) is borderline weak, inefficient, and unrecommended.

The first revision of DSS=FIPS 186 (FIPS 186-1 1998) added a second algorithm, RSA using the padding defined by ANSI X9.31, and the second revision (FIPS 186-2 2000) added ECDSA as then-recently defined by ANSI X9.62. The third revision (FIPS 186-3 2009) in addition to extensive editorial changes modified DSA to allow higher strengths (keys more than 1024 bits and hashes from the SHA-2 family in FIPS 180-2 up) and added the PKCS1v2.1 paddings (v1_5 and PSS) for RSA. FIPS 186-4 2013 made only minor corrections. And the current revision FIPS 186-5 2023 removes DSA (except for legacy verification), removes the X9.31 variant of RSA, specifies ECDSA inline rather than by reference adding the deterministic variant from RFC 6979 while updating and moving the curve recommendations to a separate document (SP 800-186), and adds EdDSA from Bernstein et al as well as the SHA-3 hashes from FIPS 202.

Thus DSS was originally only DSA, then for a long time partly DSA, and now not DSA at all. :-} :-}

Before the current era there were a lot of "special" documents that specifically targeted commerce such as banking. A lot of these documents were efficient variants of known algorithms. Examples are Retail-MAC and ISO/IEC 9796-based RSA padding which contains signatures giving message recovery.

Retail-MAC uses single DES over a message, ending with two DES decrypt / encrypt operations - i.e. the last part of the message & padding is triple-DES encrypted. This uses less CPU power. ISO/IEC 9796 gives message recovery, i.e. after verification part of the message can be recovered from the signature, which means it doesn't need to be sent separately. This is a space / bandwidth saving scheme.

However, most of these kind of operations have been shown to be relatively weak if not downright broken. CPU's, even embedded CPU's contain methods to allow for fast encryption and signature operations. Hence the clear direction that the market is heading towards is to use NIST-approved / FIPS-specified algorithms. These are also supported out of the box by many smart cards, Secure Area's on mobile phones and HSM's.

In general I'd say that eCommerce is using the exact same algorithms as most of the entities that use cryptography. If anything they may be considered conservative by now, for instance using P-curves for elliptic curve cryptography rather than Ed25519.

Commerce is not much in a hurry to protect themselves against quantum computers. Since (transaction) authentication requires a real-time presence of a quantum computer, this is probably sensible. It may be required in the longer run for document signing / non-repudiation.

Maybe the outlier here are the cryptocurrency / blockchain eco-systems out there. These often have rather specific ways of handling signatures that may not be directly supported. I'll leave it up to you if you consider blockchain part of eCommerce. As many things, I suppose it can be that.