Recently I was asked by some acquaintances about the potential security risks of digital signatures. The following is a sketch of what I answered with my very humble knowledge. Hopefully experts in this group would (eventually strongly) correct and augment my argumentation.
A. From the theoretical side (concerning math):
(1) There are assumptions in the underlying mathematical foundations which till the present cannot yet be proved in the absolute exact sense. These are hence liable to turn out to be false at any time in the future. Example: Recently Lenstra et al. showed that the method of discrete logarithms can be very much easier attacked than hitherto commonly assumed. (http://actu.epfl.ch/news/epfl-researchers-crack-unassailable-encryption-alg/).
(2) All methods have parameters which should be chosen to lie in certain numerical ranges such that they may properly function as desired. The determination of such ranges is apparently by necessity an issue of more or less arbitrariness, whence the actual security obtained in any given concrete case is not entirely unquestionable.
(3) Owing to the frequently very advanced math involved, high expertise is required to be able to verify the correctness of the details. This entails the risk that under circumstances the number of practically available capable experts is insufficient to guarantee a neutral (the opposite of biased/manipulated) examination and evaluation. Example: The so-called "dual elliptic curve" is reported to contain a backdoor. (http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331)
B. From the practical side (concerning software and CAs):
(1) In case within the entire processing of a digital signature there is one single non-open-source (proprietary, blackbox) software component, the risk of potential manipulations (due to possible disloyality/dissatisfaction of employees of software firms, pressures from authorities, hacking, etc.) is evidently already impossible to be excluded.
(2) Also open-source software can contain grave errors, which due to lack of persons in the public having interest, time and appropriate knowledge to thoroughly examine them could remain undetected for a long time. Example: the Heartbleed Bug of OpenSSL. (https://www.schneier.com/crypto-gram-1404.html).
(3) CAs are organisations of humans and humans could not only commit errors and mistakes but also be subjected to bribery, extortion, ideological and other ways of influences. In any digital signature processing there are in general a number of CAs involved which could be located inland or overseas (thus beyond normal judicial reaches). How well one could trust the results of a cooperation of such a group of organisations (of which one as a rule knows nothing at all) is apparently a large question mark from the very beginning.
M. K. Shen -----------------------------------------------
P.S. It may be valuable in safeguarding one's privacy to constantly keep in mind of the presence of certain quasi-omnipotent secret agencies of the world, as has been convincingly revealed by Edward Snowden (see G. Greenwald. No Place to Hide, New York, 2014).