What operation in public-key authentication is used by the supplicant to prove identity?

In public-key authentication, the supplicant proves its identity by creating a digital signature with its private key. The verifier can then check that signature using the supplicant’s public key, which is tied to the claimed identity (often via a certificate). This proves the signer possesses the private key corresponding to that identity, which is what authenticates the user. Encrypting with the recipient’s public key would aim to keep a message secret for that recipient, not to prove who is signing. Decrypting with the verifier’s private key isn’t a standard way to prove the supplicant’s identity. Signing with the verifier’s private key would imply the verifier is the signer, not the supplicant. So the correct operation is the supplicant signing with its private key.