rixxc/masterthesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add N parameter to multi user games

Browse Source
This commit is contained in:
Aaron Kaiser
2023-07-13 11:18:07 +02:00
parent 8d6f37310c
commit 432581423f
9 changed files with 80 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
thesis/sections/security_notions.tex
View File

@@ -14,10 +14,10 @@ A digital signature scheme is a method to ensure the authenticity of data. The s
For the digital signature scheme to be correct, it is required that $\forall (\pubkey, \privkey) \in \keygen(par), \m \in \messagespace, \signature \in \sign(\privkey, \m): \verify(\pubkey, \m, \signature) = 1$
\end{definition}
A common security notion for digital signature schemes is the existential unforgeability under chosen message attack (EUF-CMA) security. It requires that no adversary is able to forge a signature for a message to which they have not observed a valid signature, given a public key. A stronger notion, that is often used, is strong unforgeability under chosen message attack (SUF-CMA), which only requires the adversary to provide a message signature pair that has not been provided to the adversary. With this security notion, the adversary also wins if it is able to forge a new valid signature from an already valid one. Both of these notions are in the single-user setting. In the multi-user setting of these security notions, the adversary is supplied with $N$ public keys and has to forge a signature for one of those public keys. In the following, the multi-user definitions of the EUF-CMA and SUF-CMA security notions are defined, respectively MU-EUF-CMA and MU-SUF-CMA. The single-user variant of these security notions can be seen as a special case of the multi-user definitions in which the adversary is only provided with one public key.
A common security notion for digital signature schemes is the existential unforgeability under chosen message attack (EUF-CMA) security. It requires that no adversary is able to forge a signature for a message to which they have not observed a valid signature, given a public key. A stronger notion, that is often used, is strong unforgeability under chosen message attack (SUF-CMA), which only requires the adversary to provide a message signature pair that has not been provided to the adversary. With this security notion, the adversary also wins if it is able to forge a new valid signature from an already valid one. Both of these notions are in the single-user setting. In the multi-user setting of these security notions, the adversary is supplied with $N$ public keys and has to forge a signature for one of those public keys. In the following, the multi-user definitions of the EUF-CMA and SUF-CMA security notions are defined, respectively $N$-MU-EUF-CMA and $N$-MU-SUF-CMA. The single-user variant of these security notions can be seen as a special case of the multi-user definitions in which the adversary is only provided with one public key.
\begin{definition}[MU-EUF-CMA]
Let $SIG = (\keygen, \sign, \verify)$ be a digital signature scheme and $N$ be an integer. Let the N-MU-EUF-CMA game be defined in figure \ref{game:mu-euf-cma}. $SIG$ is N-MU-EUF-CMA secure if for all ppt adversaries $\adversary{A}$, we have
\begin{definition}[$N$-MU-EUF-CMA]
Let $SIG = (\keygen, \sign, \verify)$ be a digital signature scheme and $N$ be an integer. Let the $N$-MU-EUF-CMA game be defined in figure \ref{game:mu-euf-cma}. $SIG$ is $N$-MU-EUF-CMA secure if for all ppt adversaries $\adversary{A}$, we have
\[ \advantage{SIG,\adversary{A}}{\textsf{$N$-MU-EUF-CMA}}(\secparamter) \assign \prone{\textsf{$N$-MU-EUF-CMA}^{\adversary{A}}} \leq negl(\secparamter). \]
\end{definition}
@@ -45,8 +45,8 @@ A common security notion for digital signature schemes is the existential unforg
\label{game:mu-euf-cma}
\end{figure}
\begin{definition}[MU-SUF-CMA]
Let $SIG = (\keygen, \sign, \verify)$ be a digital signature scheme and $N$ be an integer. Let the MU-SUF-CMA game be defined in figure \ref{game:mu-suf-cma}. $SIG$ is MU-SUF-CMA secure if for all ppt adversaries $\adversary{A}$, we have
\begin{definition}[$N$-MU-SUF-CMA]
Let $SIG = (\keygen, \sign, \verify)$ be a digital signature scheme and $N$ be an integer. Let the $N$-MU-SUF-CMA game be defined in figure \ref{game:mu-suf-cma}. $SIG$ is $N$-MU-SUF-CMA secure if for all ppt adversaries $\adversary{A}$, we have
\[ \advantage{SIG,\adversary{A}}{\textsf{$N$-MU-SUF-CMA}}(\secparamter) \assign \prone{\textsf{$N$-MU-SUF-CMA}^{\adversary{A}}} \leq negl(\secparamter). \]
\end{definition}
@@ -74,10 +74,10 @@ A common security notion for digital signature schemes is the existential unforg
\label{game:mu-suf-cma}
\end{figure}
The MU-EUF-NMA security game is similar to the MU-EUF-CMA game. The only difference is that the adversary does not has access to an oracle to obtain valid signatures for arbitrary messages. Again the EUF-NMA security notation is a special case of the MU-EUF-NMA security notation with $N=1$.
The $N$-MU-EUF-NMA security game is similar to the $N$-MU-EUF-CMA game. The only difference is that the adversary does not has access to an oracle to obtain valid signatures for arbitrary messages. Again the EUF-NMA security notation is a special case of the $N$-MU-EUF-NMA security notation with $N=1$.
\begin{definition}[MU-EUF-NMA]
Let $SIG = (\keygen, \sign, \verify)$ be a digital signature scheme and $N$ be an integer. Let the N-MU-EUF-NMA game be defined in figure \ref{game:mu-uf-nma}. $SIG$ is N-MU-EUF-NMA secure if for all ppt adversaries $\adversary{A}$, we have
\begin{definition}[$N$-MU-EUF-NMA]
Let $SIG = (\keygen, \sign, \verify)$ be a digital signature scheme and $N$ be an integer. Let the $N$-MU-EUF-NMA game be defined in figure \ref{game:mu-uf-nma}. $SIG$ is $N$-MU-EUF-NMA secure if for all ppt adversaries $\adversary{A}$, we have
\[ \advantage{SIG,\adversary{A}}{\textsf{$N$-MU-EUF-NMA}}(\secparamter) \assign \prone{\textsf{$N$-MU-EUF-NMA}^{\adversary{A}}} \leq negl(\secparamter). \]
\end{definition}