52 Things: Number 29: What is the UF-CMA security definition for digital signatures?

52 Things: Number 29: What is the UF-CMA security definition for digital signatures?

52件事:第29件:数字签名的UF-CMA安全定义是什么?

 
This is the latest in a series of blog posts to address the list of '52 Things Every PhD Student Should Know To Do Cryptography': a set of questions compiled to give PhD candidates a sense of what they should know by the end of their first year. In this week we look at the security definition for signatures.
这是一系列博客文章中的最新一篇,旨在解决“每个博士生在做密码学时应该知道的52件事”:这是一组问题,旨在让博士生在第一年结束时了解他们应该知道什么。本周我们将研究签名的安全性定义。


So Number 16 gave the details of the DSA, Schnorr and RSA-FDH signature schemes, but what is a signature scheme and what security properties should it achieve?
因此,第16号给出了DSA、Schnorr和RSA-FDH签名方案的细节,但什么是签名方案,它应该实现什么安全特性?


A signature scheme S is a tuple of algorithms (KG,Sign,VRFY) such that:
签名方案#0#是算法#1#的元组,例如:



  • KG is a randomised algorithm which outputs a secret key sk and a public key pk.
    KG 是输出秘密密钥 sk 和公开密钥 pk 的随机算法。
  • Sign is a  (possibly) randomised algorithm which on input sk and a message m it outputs a signature σ
    Sign 是一种(可能)随机算法,在输入 sk 和消息 m 时输出签名 σ
  • VRFY is a deterministic (non-stateful) algorithm which takes in the public key pk, a message m and a signature σ and returns 1 if σ is a signature on m and 0 otherwise
    VRFY 是一种确定性(无状态)算法,它接受公钥 pk 、消息 m 和签名 σ ,如果#4是 m 上的签名,则返回1,否则返回0
 
Signature schemes are used to prove the origin of a message. If a message has a signature on it, signed by Alice's secret key then it must have come from Alice. The advantage of using a signature scheme over a MAC (assuming good public key infrastructure) is that it can be verified by anyone and does not need any shared secrets.
签名方案用于证明消息的来源。如果一条消息上有一个签名,由爱丽丝的密钥签名,那么它一定来自爱丽丝。与MAC相比,使用签名方案的优势在于(假设公钥基础设施良好)它可以由任何人验证,不需要任何共享机密。
 
Now for the signature to prove the origin of a message, it needs to be the case that someone without the secret key can not create a valid signature on a message he has not seen signed before. This is called UF-CMA security.
现在,为了让签名证明消息的来源,需要有这样的情况:没有密钥的人不能在他以前没有签名过的消息上创建有效的签名。这被称为UF-CMA安全。
 
The game works as follows:
游戏的工作原理如下:
 
  1. The game runs KG to get (pk,sk)$
    游戏运行 KG 获得(pk,sk)$
  2. The adversary A is given pk and can then send messages mi to the game and get back signatures σi under the secret key sk
    对手 A 被赋予 pk ,然后可以向游戏发送消息 mi ,并在密钥#4下取回签名 σi #
  3. A must output a pair (m,σ)
    A 必须输出一对 (m,σ)
A is said to win the game if σ is a valid signature on m and m is not the same as any of the mi's which A asked the game to be signed. The advantage of the adversary in the UF-CMA game is defined as the probability that A wins the game. The signature scheme S is said to be UF-CMA secure if the advantage is suitably small.
#如果 σ 是#2上的有效签名,并且#3与 A 要求签名的#4中的任何一个都不相同,则称0#赢得了游戏。对手在UF-CMA游戏中的优势被定义为 A 赢得游戏的概率。如果优点适当地小,则签名方案 S 被认为是UF-CMA安全的。
posted @ 2024-04-12 21:28  3cH0_Nu1L  阅读(22)  评论(0编辑  收藏  举报