rixxc/masterthesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Minor changes

Browse Source
This commit is contained in:
Aaron Kaiser
2023-06-16 12:46:37 +02:00
parent 6ad1c1e06a
commit 3db0912f79
11 changed files with 39 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
thesis/sections/security_notions.tex
View File

@@ -6,15 +6,15 @@ A digital signature scheme is a method to ensure the authenticity of data. The s
A digital signature scheme SIG = (\keygen,\sign,\verify) is a tuple of algorithms.
\begin{itemize}[label={}]
\item \textbf{\keygen}: The key generation algorithm, which upon receiving the schema parameter as input outputs a matching tuple of public and private key.
\item \textbf{\sign}: The signature algorithm, which upon receiving the secret key and the message outputs a signature for that message.
\item \textbf{\keygen}: The key generation algorithm, which upon receiving the schemas parameter as input outputs a matching tuple of public and private key.
\item \textbf{\sign}: The signature algorithm, which upon receiving the secret key and the message, outputs a signature for that message.
\item \textbf{\verify}: The verification algorithm, which upon receiving the public key, the message and the signature decides whether the signature is valid for the specific set of input parameters.
\end{itemize}
For the digital signature scheme to be correct, it is required that $\forall (\pubkey, \privkey) \in \keygen(par), \m \in \messagespace, \signature \in \sign(\privkey, \m): \verify(\pubkey, \m, \signature) = 1$
\end{definition}
A common security notion for digital signature schemes is the existential unforgeability under chosen message attack security (EUF-CMA). It requires that no adversary is able to forge a signature, for a given key, on a message for which they have not been provided with a valid signature. A stronger notion that is often used is strong unforgeability under chosen message attack (SUF-CMA), which only requires the adversary to provide a message signature pair that has not been provided to the adversary. With this security notion, the adversary also wins if it is able to forge a new valid signature from an already valid one. Both of these notions are in the single-user setting. In the multi-user setting of these security notions, the adversary is supplied with $N$ public keys and has to forge a signature for one of those public keys. In the following, the multi-user definitions of the EUF-CMA and SUF-CMA security notions are defined, respectively MU-EUF-CMA and MU-SUF-CMA. The single-user variant of these security notions can be seen as a special case of the multi-user definitions with $N=1$.
A common security notion for digital signature schemes is the existential unforgeability under chosen message attack (EUF-CMA) security. It requires that no adversary is able to forge a signature, for a given public key, for a message to which they have not been provided with a valid signature. A stronger notion, that is often used, is strong unforgeability under chosen message attack (SUF-CMA), which only requires the adversary to provide a message signature pair that has not been provided to the adversary. With this security notion, the adversary also wins if it is able to forge a new valid signature from an already valid one. Both of these notions are in the single-user setting. In the multi-user setting of these security notions, the adversary is supplied with $N$ public keys and has to forge a signature for one of those public keys. In the following, the multi-user definitions of the EUF-CMA and SUF-CMA security notions are defined, respectively MU-EUF-CMA and MU-SUF-CMA. The single-user variant of these security notions can be seen as a special case of the multi-user definitions with $N=1$.
\subsubsection{MU-EUF-CMA}
@@ -105,7 +105,7 @@ The MU-UF-NMA security game is similar to the MU-EUF-CMA game. The only differen
\subsection{Security Assumptions}
This thesis proves the security of the EdDSA signature scheme under two assumptions. The single-user security of EdDSA can be proved under the discrete logarithm assumption, while the multi-user security of EdDSA requires the stronger one-more discrete logarithm assumption. Both security assumptions are presented in this section.
This thesis proves the security of the EdDSA signature scheme using two assumptions. The single-user security of EdDSA can be proved using the discrete logarithm assumption, while the multi-user security of EdDSA requires the stronger one-more discrete logarithm assumption. Both security assumptions are presented in this section.
\subsubsection{Discrete Logarithm Problem}