39 lines
1.5 KiB
TeX
39 lines
1.5 KiB
TeX
\subsection{Security Notions}
|
|
|
|
\subsubsection{Identical-until-bad Games}
|
|
|
|
\subsubsection{Digital Signature Scheme}
|
|
|
|
|
|
|
|
\subsubsection{\cma}
|
|
|
|
\cma is a security notion for digital signature schemes. In this game the attacker is given access to a \Osign oracle, which generates valid signatures for arbitrary messages. The attacker wins the game if he is able to provide a message signature pair which is valid and was not generated by the \Osign oracle. The security game is depicted in figure \ref{game:cma}.
|
|
|
|
Let $SIG = (\keygen, \sign, \verify)$ be a digital signature scheme. $SIG$ is \cma secure if for all ppt adversaries $\adversary{A}$ the $\advantage{SIG,\adversary{A}}{\cma}(\secparamter)$ is negligible in $\secparamter$.
|
|
|
|
\[ \advantage{SIG,\adversary{A}}{\cma}(\secparamter) \assign \prone{\cma^{\adversary{A}}} \leq \epsilon \]
|
|
|
|
\begin{figure}
|
|
\hrule
|
|
\begin{multicols}{2}
|
|
\normalsize
|
|
\begin{algorithmic}[1]
|
|
\State \underline{\game \cma}
|
|
\State $(\pubkey, \privkey) \randomassign \keygen(1^\secparamter)$
|
|
\State $(\m^*, \signature^*) \randomassign \adversary{A}^{\sign(\inp)}(\pubkey)$
|
|
\State \Return $\verify(\pubkey, \m^*, \signature^*) = 1 \wedge (\m^*, \signature^*) \notin M$
|
|
\end{algorithmic}
|
|
\columnbreak
|
|
\begin{algorithmic}[1]
|
|
\Procedure{Sign}{$\m$}
|
|
\State $\signature \randomassign \sign(\privkey, \m)$
|
|
\State $M \assign M \cup \{(\m, \signature)\}$
|
|
\State \Return $\signature$
|
|
\EndProcedure
|
|
\end{algorithmic}
|
|
\end{multicols}
|
|
\hrule
|
|
\caption{\cma Security Game}
|
|
\label{game:cma}
|
|
\end{figure} |