Cryptography Reference
In-Depth Information
Adversary
Message
X
σ
X
, σ
X
X
X
σ
Signature
Verification
Secret key
K s
Public key
K p
AUTHENTICATED
K p
Generator
Figure 10.1. Digital signature.
We distinguish several classes of attacks which are listed below from the
strongest to the weakest.
Total break : From a public key, the adversary manages to recover the secret
key which can be used to forge signatures.
Universal forgery : From a public key, the adversary manages to derive an
algorithm which makes it feasible to forge the signature of any message (or
random ones).
Selective forgery : The adversary can generate messages X such that she can,
from a public key, forge a signature for the selected message. (Note that the
target message selection is made prior to the knowledge of the public key.)
Existential forgery : From a public key, the adversary is able to create a pair
made by a message X and a forged signature, but has no control on which X
is output from the attack.
The strongest security requirement corresponds to security against the weakest
attack, i.e. the existential forgery attack. This security model was first proposed
by Shafi Goldwasser, Silvio Micali, and Ronald Rivest (see Refs. [79, 80]).
Conversely, total break is the strongest attack model. So security against this is
the weakest security model.
Note that in all attack models we must also discuss the power and access
capabilities of the adversary: Is the adversary bounded in space complexity or
time complexity? Can the adversary obtain samples of signatures, or query a
signing oracle with selected messages? This leads us to similar discussions as
for public-key cryptosystems (see Section 9.3.7).
2. They must provide nonrepudiation . It must be impossible for the legitimate
signer to repudiate his signature. When a signed message ( X
) is valid, the
signer cannot claim that the signature was forged. Indeed, if the signature scheme
is secure according to the previous criterion, it is impossible for an adversary
to have forged this message, so the signature cannot have been created by
 
Search WWH ::




Custom Search