Digital signature forgery

Digital signature forgery

In a cryptographic digital signature or MAC system, digital signature forgery is the ability to create a pair consisting of a message m and a signature (or MAC) σ that is valid for m, where m has not been signed in the past by the legitimate signer. There are three types of forgery: existential, selective, and universal.[1]

Contents

Types[2]:170

Existential forgery

Existential forgery is the creation (by an adversary) of at least one message/signature pair (m,σ), where σ was not produced by the legitimate signer. The adversary need not have any control over m; m need not have any particular meaning; and indeed it may even be gibberish — as long as the pair (m,σ) is valid, the adversary has succeeded in constructing an existential forgery.

Existential forgery is essentially the weakest adversarial goal, therefore the strongest schemes are those that are "existentially unforgeable".

Selective forgery

Selective forgery is the creation (by an adversary) of a message/signature pair (m,σ) where m has been chosen by the adversary prior to the attack. m may be chosen to have interesting mathematical properties with respect to the signature algorithm; however, in selective forgery, m must be fixed before the start of the attack.

The ability to successfully conduct a selective forgery attack implies the ability to successfully conduct an existential forgery attack.

Universal forgery

Universal forgery is the creation (by an adversary) of a valid signature σ for any given message m. An adversary capable of universal forgery is able to sign messages he chose himself (as in selective forgery), messages chosen at random, or even specific messages provided by an opponent.

References

  1. ^ Vaudenay, Serge (September 16, 2005). A Classical Introduction to Cryptography: Applications for Communications Security (1st ed.). Springer. p. 254. ISBN 978-0387254647. 
  2. ^ Goldwasser, S. and Bellare, M. "Lecture Notes on Cryptography". Summer course on cryptography, MIT, 1996-2001

Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Digital signature — This article is about secure cryptographic signatures. For simple signatures in digital form, see Electronic signature. A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital… …   Wikipedia

  • Quantum digital signature — A Quantum Digital Signature (QDS) refers to the quantum mechanical equivalent of either a classical digital signature or, more generally, a handwritten signature on a paper document. Like a handwritten signature, a digital signature is used to… …   Wikipedia

  • Digital credential — Digital credentials are the digital equivalent of paper based credentials. Just as a paper based credential could be a passport, a Driver s license, a membership certificate or some kind of ticket to obtain some service, such as a cinema ticket… …   Wikipedia

  • Forgery (MAC) — In a digital signature or Message Authentication Code (MAC) system, a Selective forgery is the creation (by an adversary) of chosen message m and a valid signature (or MAC) sigma for m, where m has not been signed or MACed in the past by the… …   Wikipedia

  • Electronic signature — The term electronic signature has several meanings. Among the more expansive is that given by US law, influenced by ABA committee white papers and the uniform law promulgated by the National Conference of Commissioners on Uniform State Laws… …   Wikipedia

  • Existential forgery — In a digital signature or Message Authentication Code (MAC) system, an existential forgery is the creation (by an adversary) of any message m and a valid signature (or MAC) sigma for m, where m has not been signed or MACed in the past by the… …   Wikipedia

  • Undeniable signature — Undeniable signatures are a form of digital signature invented by David Chaum and Hans van Antwerpen in 1989. They have two distinctive features,# The verification process is interactive, so that the signatory can limit who can verify the… …   Wikipedia

  • Rabin signature algorithm — In cryptography the Rabin Signature Scheme is a method of Digital signature originally proposed by Michael O. Rabin in 1979. The Rabin Signature Scheme was one of the first digital signature schemes proposed, and it was the first to relate the… …   Wikipedia

  • Authentication — (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic , that is, that claims made by or about the thing are true. This might involve confirming the identity… …   Wikipedia

  • Forking lemma — The forking lemma is any of a number of related lemmas in cryptography research. The lemma states that if an adversary (typically a probabilistic Turing machine), on inputs drawn from some distribution, produces an output that has some property… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”