52 Things: Number 29: What is the UF-CMA security definition for digital signatures?
52 Things: Number 29: What is the UF-CMA security definition for digital signatures?
52 Things: Number 29: What is the UF-CMA security definition for digital signatures?
52件事:第29件:數(shù)字簽名的UF-CMA安全定義是什么?
This is the latest in a series of blog posts to address the list of '52 Things Every PhD Student Should Know To Do Cryptography': a set of questions compiled to give PhD candidates a sense of what they should know by the end of their first year. In this week we look at the security definition for signatures.
這是一系列博客文章中的最新一篇,旨在解決“每個博士生在做密碼學(xué)時應(yīng)該知道的52件事”:這是一組問題,旨在讓博士生在第一年結(jié)束時了解他們應(yīng)該知道什么。本周我們將研究簽名的安全性定義。
So Number 16 gave the details of the DSA, Schnorr and RSA-FDH signature schemes, but what is a signature scheme and what security properties should it achieve?
因此,第16號給出了DSA、Schnorr和RSA-FDH簽名方案的細(xì)節(jié),但什么是簽名方案,它應(yīng)該實現(xiàn)什么安全特性?
A signature scheme S is a tuple of algorithms (KG,Sign,VRFY) such that:
簽名方案#0#是算法#1#的元組,例如:
這是一系列博客文章中的最新一篇,旨在解決“每個博士生在做密碼學(xué)時應(yīng)該知道的52件事”:這是一組問題,旨在讓博士生在第一年結(jié)束時了解他們應(yīng)該知道什么。本周我們將研究簽名的安全性定義。
So Number 16 gave the details of the DSA, Schnorr and RSA-FDH signature schemes, but what is a signature scheme and what security properties should it achieve?
因此,第16號給出了DSA、Schnorr和RSA-FDH簽名方案的細(xì)節(jié),但什么是簽名方案,它應(yīng)該實現(xiàn)什么安全特性?
A signature scheme S is a tuple of algorithms (KG,Sign,VRFY) such that:
簽名方案#0#是算法#1#的元組,例如:
- KG is a randomised algorithm which outputs a secret key sk and a public key pk.
KG 是輸出秘密密鑰 sk 和公開密鑰 pk 的隨機算法。 - Sign is a (possibly) randomised algorithm which on input sk and a message m it outputs a signature σ
Sign 是一種(可能)隨機算法,在輸入 sk 和消息 m 時輸出簽名 σ - VRFY is a deterministic (non-stateful) algorithm which takes in the public key pk, a message m and a signature σ and returns 1 if σ is a signature on m and 0 otherwise
VRFY 是一種確定性(無狀態(tài))算法,它接受公鑰 pk 、消息 m 和簽名 σ ,如果#4是 m 上的簽名,則返回1,否則返回0
Signature schemes are used to prove the origin of a message. If a message has a signature on it, signed by Alice's secret key then it must have come from Alice. The advantage of using a signature scheme over a MAC (assuming good public key infrastructure) is that it can be verified by anyone and does not need any shared secrets.
簽名方案用于證明消息的來源。如果一條消息上有一個簽名,由愛麗絲的密鑰簽名,那么它一定來自愛麗絲。與MAC相比,使用簽名方案的優(yōu)勢在于(假設(shè)公鑰基礎(chǔ)設(shè)施良好)它可以由任何人驗證,不需要任何共享機密。
簽名方案用于證明消息的來源。如果一條消息上有一個簽名,由愛麗絲的密鑰簽名,那么它一定來自愛麗絲。與MAC相比,使用簽名方案的優(yōu)勢在于(假設(shè)公鑰基礎(chǔ)設(shè)施良好)它可以由任何人驗證,不需要任何共享機密。
Now for the signature to prove the origin of a message, it needs to be the case that someone without the secret key can not create a valid signature on a message he has not seen signed before. This is called UF-CMA security.
現(xiàn)在,為了讓簽名證明消息的來源,需要有這樣的情況:沒有密鑰的人不能在他以前沒有簽名過的消息上創(chuàng)建有效的簽名。這被稱為UF-CMA安全。
現(xiàn)在,為了讓簽名證明消息的來源,需要有這樣的情況:沒有密鑰的人不能在他以前沒有簽名過的消息上創(chuàng)建有效的簽名。這被稱為UF-CMA安全。
The game works as follows:
游戲的工作原理如下:
游戲的工作原理如下:
- The game runs KG to get (pk,sk)$
游戲運行 KG 獲得(pk,sk)$ - The adversary A is given pk and can then send messages mi to the game and get back signatures σi under the secret key sk
對手 A 被賦予 pk ,然后可以向游戲發(fā)送消息 mi ,并在密鑰#4下取回簽名 σi # - A must output a pair (m?,σ?)
A 必須輸出一對 (m?,σ?)
A is said to win the game if σ? is a valid signature on m? and m? is not the same as any of the mi's which A asked the game to be signed. The advantage of the adversary in the UF-CMA game is defined as the probability that A wins the game. The signature scheme S is said to be UF-CMA secure if the advantage is suitably small.
#如果 σ? 是#2上的有效簽名,并且#3與 A 要求簽名的#4中的任何一個都不相同,則稱0#贏得了游戲。對手在UF-CMA游戲中的優(yōu)勢被定義為 A 贏得游戲的概率。如果優(yōu)點適當(dāng)?shù)匦。瑒t簽名方案 S 被認(rèn)為是UF-CMA安全的。
#如果 σ? 是#2上的有效簽名,并且#3與 A 要求簽名的#4中的任何一個都不相同,則稱0#贏得了游戲。對手在UF-CMA游戲中的優(yōu)勢被定義為 A 贏得游戲的概率。如果優(yōu)點適當(dāng)?shù)匦。瑒t簽名方案 S 被認(rèn)為是UF-CMA安全的。
The Working Class Must Lead!
浙公網(wǎng)安備 33010602011771號