Chapter 16. Strong and Provable Security for Digital Signatures

16.1 Introduction

Although in our definition for digital signature schemes (Definition 10.2 in §10.4) we stipulate an “overwhelming” probability for Verifypk (m, s) = False if (m, s) is a forged message-signature pair created without using the prescribed signing procedure, we have not conducted any investigation on how overwhelming the probability should be for any signature scheme introduced in Chapter 10. Also, as we have discussed in §10.4.9, the textbook security notion of digital signatures, i.e., difficulty of forging a signature “from scratch,” is too weak to be fit for applications. Therefore, security arguments for signature schemes in Chapter 10, if we have conducted ...

Get Modern Cryptography: Theory and Practice now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.