rixxc/masterthesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Included Henriks annotations up to chapter 4, thanks Henrik

Browse Source
This commit is contained in:
Aaron Kaiser
2023-05-30 22:10:18 +02:00
parent 7b5a9598ac
commit cd19dbb4aa
6 changed files with 26 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
thesis/sections/security_notions.tex
View File

@@ -1,6 +1,6 @@
\subsection{Digital Signature Scheme}
A digital signature scheme is a method to ensure the authenticity of data. The signer, which is in the possession of a private key, generates a signature for specific message. The verifier then is able to verify the authenticity of this data using the public key and the generated signature.
A digital signature scheme is a method to ensure the authenticity of data. The signer, which is in the possession of a private key, generates a signature for a specific message. The verifier is then able to verify the authenticity of this data using the public key and the generated signature.
\begin{definition}
A digital signature scheme SIG = (\keygen,\sign,\verify) is a tuple of algorithms.
@@ -11,15 +11,15 @@ A digital signature scheme is a method to ensure the authenticity of data. The s
\item \textbf{\verify}: The verification algorithm, which upon receiving the public key, the message and the signature decides whether the signature is valid for the specific set of input parameters.
\end{itemize}
For the digital signature scheme to be correct it is required that $\forall (\pubkey, \privkey) \in \keygen(par), \m \in \messagespace, \signature \in \sign(\privkey, \m): \verify(\pubkey, \m, \signature) = 1$
For the digital signature scheme to be correct, it is required that $\forall (\pubkey, \privkey) \in \keygen(par), \m \in \messagespace, \signature \in \sign(\privkey, \m): \verify(\pubkey, \m, \signature) = 1$
\end{definition}
A common security notion for digital signature schemes is the existential unforgeability under chosen message attack security (EUF-CMA). It requires that no adversary is able to forge a signature, for a given key, on a message for which they have not been provided with a valid signature. A stronger notion that is often used is strong unforgeability under chosen message attack (SUF-CMA), which only requires the adversary to provide a message signature pair that has not been provided to the adversary. With this security notion, the adversary also wins if it is able to forge a new valid signature from an already valid one. Both of these notions are in the single-user setting. In the multi-user setting of these security notions, the adversary is supplied with $N$ public keys and had to forge a signature for one of those public keys. In the following, the multi-user definitions of the EUF-CMA and SUF-CMA security notions are defined, respectively MU-EUF-CMA and SUF-CMA. The single-user variant of these security notions can be seen as a special case of the multi-user definitions with $N=1$.
A common security notion for digital signature schemes is the existential unforgeability under chosen message attack security (EUF-CMA). It requires that no adversary is able to forge a signature, for a given key, on a message for which they have not been provided with a valid signature. A stronger notion that is often used is strong unforgeability under chosen message attack (SUF-CMA), which only requires the adversary to provide a message signature pair that has not been provided to the adversary. With this security notion, the adversary also wins if it is able to forge a new valid signature from an already valid one. Both of these notions are in the single-user setting. In the multi-user setting of these security notions, the adversary is supplied with $N$ public keys and has to forge a signature for one of those public keys. In the following, the multi-user definitions of the EUF-CMA and SUF-CMA security notions are defined, respectively MU-EUF-CMA and MU-SUF-CMA. The single-user variant of these security notions can be seen as a special case of the multi-user definitions with $N=1$.
\subsubsection{MU-EUF-CMA}
\begin{definition}[MU-EUF-CMA]
Let $SIG = (\keygen, \sign, \verify)$ be a digital signature scheme and $N$ be an integer. Let the MU-EUF-CMA game be defined in figure \ref{game:mu-euf-cma}. $SIG$ is MU-SUF-CMA secure if for all ppt adversaries $\adversary{A}$ the $\advantage{SIG,\adversary{A}}{\text{MU-EUF-CMA}}(\secparamter)$ is negligible in $\secparamter$.
Let $SIG = (\keygen, \sign, \verify)$ be a digital signature scheme and $N$ be an integer. Let the MU-EUF-CMA game be defined in figure \ref{game:mu-euf-cma}. $SIG$ is MU-EUF-CMA secure if for all ppt adversaries $\adversary{A}$ the $\advantage{SIG,\adversary{A}}{\text{MU-EUF-CMA}}(\secparamter)$ is negligible in $\secparamter$.
\[ \advantage{SIG,\adversary{A}}{\text{MU-EUF-CMA}}(\secparamter) \assign \prone{\text{MU-EUF-CMA}^{\adversary{A}}} \leq negl(\secparamter) \]
\end{definition}