Cryptography Reference
In-Depth Information
every user can eciently verify whether a given string is a
signature of another (specific) user on a specific document;
it is infeasible to produce signatures of other users to docu-
ments they did not sign.
We note that the formulation of unforgeable digital signatures provides
also a clear statement of the essential ingredients of handwritten sig-
natures. The ingredients are each person's ability to sign for itself, a
universally agreed verification procedure, and the belief (or assertion)
that it is infeasible (or at least hard) to forge signatures (i.e., produce
some other person's signatures to documents that were not signed by it
such that these “unauthentic” signatures are accepted by the verifica-
tion procedure). It is not clear to what extent handwritten signatures
meet these requirements. In contrast, our discussion of digital signa-
tures provides precise statements concerning the extent to which digi-
tal signatures meet the above requirements. Furthermore, unforgeable
digital signature schemes can be constructed based on some reasonable
computational assumptions (i.e., the existence of one-way functions).
Message authentication schemes: Message authentication is a
task related to the setting considered for encryption schemes; that
is, communication over an insecure channel. This time, we consider
an active adversary that is monitoring the channel and may alter the
messages sent on it. The parties communicating through this insecure
channel wish to authenticate the messages they send so that their coun-
terpart can tell an original message (sent by the sender) from a modified
one (i.e., modified by the adversary). Loosely speaking, a scheme for
message authentication should satisfy the following:
each of the communicating parties can eciently produce an
authentication tag to any message of its choice;
each of the communicating parties can eciently verify
whether a given string is an authentication tag of a given
message; but
Search WWH ::

Custom Search