[{"@context":"http:\/\/schema.org\/","@type":"BlogPosting","@id":"https:\/\/wiki.edu.vn\/en\/wiki14\/digital-signature-forgery-wikipedia\/#BlogPosting","mainEntityOfPage":"https:\/\/wiki.edu.vn\/en\/wiki14\/digital-signature-forgery-wikipedia\/","headline":"Digital signature forgery – Wikipedia","name":"Digital signature forgery – Wikipedia","description":"before-content-x4 From Wikipedia, the free encyclopedia In a cryptographic digital signature or MAC system, digital signature forgery is the ability","datePublished":"2016-07-02","dateModified":"2016-07-02","author":{"@type":"Person","@id":"https:\/\/wiki.edu.vn\/en\/wiki14\/author\/lordneo\/#Person","name":"lordneo","url":"https:\/\/wiki.edu.vn\/en\/wiki14\/author\/lordneo\/","image":{"@type":"ImageObject","@id":"https:\/\/secure.gravatar.com\/avatar\/44a4cee54c4c053e967fe3e7d054edd4?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/44a4cee54c4c053e967fe3e7d054edd4?s=96&d=mm&r=g","height":96,"width":96}},"publisher":{"@type":"Organization","name":"Enzyklop\u00e4die","logo":{"@type":"ImageObject","@id":"https:\/\/wiki.edu.vn\/wiki4\/wp-content\/uploads\/2023\/08\/download.jpg","url":"https:\/\/wiki.edu.vn\/wiki4\/wp-content\/uploads\/2023\/08\/download.jpg","width":600,"height":60}},"image":{"@type":"ImageObject","@id":"https:\/\/wikimedia.org\/api\/rest_v1\/media\/math\/render\/svg\/0a07d98bb302f3856cbabc47b2b9016692e3f7bc","url":"https:\/\/wikimedia.org\/api\/rest_v1\/media\/math\/render\/svg\/0a07d98bb302f3856cbabc47b2b9016692e3f7bc","height":"","width":""},"url":"https:\/\/wiki.edu.vn\/en\/wiki14\/digital-signature-forgery-wikipedia\/","wordCount":3022,"articleBody":"     (adsbygoogle = window.adsbygoogle || []).push({});before-content-x4From Wikipedia, the free encyclopediaIn a cryptographic digital signature or MAC system, digital signature forgery is the ability to create a pair consisting of a message, m{displaystyle m}, and a signature (or MAC), \u03c3{displaystyle sigma }, that is valid for m{displaystyle m}, but has not been created in the past by the legitimate signer. There are different types of forgery.[1]To each of these types, security definitions can be associated. A signature scheme is secure by a specific definition if no forgery of the associated type is possible.The following definitions are ordered from lowest to highest achieved security, in other words, from most powerful to the weakest attack. The definitions form a hierarchy, meaning that an attacker able to do mount a specific attack can execute all the attacks further down the list. Likewise, a scheme that reaches a certain security goal also reaches all prior ones.Table of ContentsTotal break[edit] Universal forgery (universal unforgeability, UUF)[edit]Selective forgery (selective unforgeability, SUF)[edit]Existential forgery[edit]Example of an existential forgery[edit]Weak existential forgery (strong existential unforgeability, strong unforgeability; sEUF, or SUF)[edit]References[edit]Total break[edit]More general than the following attacks, there is also a total break: when adversary can recover the private information and keys used by the signer, they can create any possible signature on any message.[2] Universal forgery (universal unforgeability, UUF)[edit]       (adsbygoogle = window.adsbygoogle || []).push({});after-content-x4Universal forgery is the creation (by an adversary) of a valid signature, \u03c3{displaystyle sigma }, for any given message, m{displaystyle m}.  An adversary capable of universal forgery is able to sign messages they chose themselves (as in selective forgery), messages chosen at random, or even specific messages provided by an opponent.[1]Selective forgery (selective unforgeability, SUF)[edit]Selective forgery is the creation of a message\/signature pair        (adsbygoogle = window.adsbygoogle || []).push({});after-content-x4(m,\u03c3){displaystyle (m,sigma )} by an adversary, where m{displaystyle m} has been chosen by the attacker prior to the attack.[3][4]m{displaystyle m} may be chosen to have interesting mathematical properties with respect to the signature algorithm; however, in selective forgery, m{displaystyle m} must be fixed before the start of the attack.       (adsbygoogle = window.adsbygoogle || []).push({});after-content-x4The ability to successfully conduct a selective forgery attack implies the ability to successfully conduct an existential forgery attack.Existential forgery[edit]Existential forgery (existential unforgeability, EUF) is the creation (by an adversary) of at least one message\/signature pair, (m,\u03c3){displaystyle (m,sigma )}, where m{displaystyle m} has never been signed by the legitimate signer. The adversary can choose m{displaystyle m} freely; m{displaystyle m} need not have any particular meaning; the message content is irrelevant \u2014 as long as the pair, (m,\u03c3){displaystyle (m,sigma )}, is valid, the adversary has succeeded in constructing an existential forgery. Thus, creating an existential forgery is easier than a selective forgery, because the attacker may select a message m{displaystyle m} for which a forgery can easily be created, whereas in the case of a selective forgery, the challenger can ask for the signature of a \u201cdifficult\u201d message.Example of an existential forgery[edit]The RSA cryptosystem has the following multiplicative property: \u03c3(m1)\u22c5\u03c3(m2)=\u03c3(m1\u22c5m2){displaystyle sigma (m_{1})cdot sigma (m_{2})=sigma (m_{1}cdot m_{2})}.This property can be exploited by creating a message m\u2032=m1\u22c5m2{displaystyle m’=m_{1}cdot m_{2}} with a signature \u03c3(m\u2032)=\u03c3(m1\u22c5m2)=\u03c3(m1)\u22c5\u03c3(m2){displaystyle sigma left(m’right)=sigma (m_{1}cdot m_{2})=sigma (m_{1})cdot sigma (m_{2})}.[5]A common defense to this attack is to hash the messages before signing them.[5]Weak existential forgery (strong existential unforgeability, strong unforgeability; sEUF, or SUF)[edit]This notion is a stronger (more secure) variant of the existential forgery detailed above. Weak existential forgery is the creation (by an adversary) of at least one message\/signature pair, (m,\u03c3\u2032){displaystyle left(m,sigma ‘right)}, given a message and different signature (m,\u03c3){displaystyle (m,sigma )} produced by the legitimate signer.Strong existential forgery is essentially the weakest adversarial goal, therefore the strongest schemes are those that are strongly existentially unforgeable.References[edit]     (adsbygoogle = window.adsbygoogle || []).push({});after-content-x4"},{"@context":"http:\/\/schema.org\/","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"https:\/\/wiki.edu.vn\/en\/wiki14\/#breadcrumbitem","name":"Enzyklop\u00e4die"}},{"@type":"ListItem","position":2,"item":{"@id":"https:\/\/wiki.edu.vn\/en\/wiki14\/digital-signature-forgery-wikipedia\/#breadcrumbitem","name":"Digital signature forgery – Wikipedia"}}]}]