标签：What signatures CMA 52 签名 key signature pk UF

52 Things: Number 29: What is the UF-CMA security definition for digital signatures?

52件事：第29件：数字签名的UF-CMA安全定义是什么？

  This is the latest in a series of blog posts to address the list of '52 Things Every PhD Student Should Know To Do Cryptography': a set of questions compiled to give PhD candidates a sense of what they should know by the end of their first year. In this week we look at the security definition for signatures.
这是一系列博客文章中的最新一篇，旨在解决“每个博士生在做密码学时应该知道的52件事”：这是一组问题，旨在让博士生在第一年结束时了解他们应该知道什么。本周我们将研究签名的安全性定义。

So Number 16 gave the details of the DSA, Schnorr and RSA-FDH signature schemes, but what is a signature scheme and what security properties should it achieve?
因此，第16号给出了DSA、Schnorr和RSA-FDH签名方案的细节，但什么是签名方案，它应该实现什么安全特性？

A signature scheme S is a tuple of algorithms (KG,Sign,VRFY) such that:
签名方案＃0＃是算法＃1＃的元组，例如：

• KG is a randomised algorithm which outputs a secret key sk and a public key pk.
  KG 是输出秘密密钥 sk 和公开密钥 pk 的随机算法。
• Sign is a  (possibly) randomised algorithm which on input sk and a message m it outputs a signature σ
  Sign 是一种（可能）随机算法，在输入 sk 和消息 m 时输出签名 σ
• VRFY is a deterministic (non-stateful) algorithm which takes in the public key pk, a message m and a signature σ and returns 1 if σ is a signature on m and 0 otherwise
  VRFY 是一种确定性（无状态）算法，它接受公钥 pk 、消息 m 和签名 σ ，如果#4是 m 上的签名，则返回1，否则返回0

  Signature schemes are used to prove the origin of a message. If a message has a signature on it, signed by Alice's secret key then it must have come from Alice. The advantage of using a signature scheme over a MAC (assuming good public key infrastructure) is that it can be verified by anyone and does not need any shared secrets.
签名方案用于证明消息的来源。如果一条消息上有一个签名，由爱丽丝的密钥签名，那么它一定来自爱丽丝。与MAC相比，使用签名方案的优势在于（假设公钥基础设施良好）它可以由任何人验证，不需要任何共享机密。   Now for the signature to prove the origin of a message, it needs to be the case that someone without the secret key can not create a valid signature on a message he has not seen signed before. This is called UF-CMA security.
现在，为了让签名证明消息的来源，需要有这样的情况：没有密钥的人不能在他以前没有签名过的消息上创建有效的签名。这被称为UF-CMA安全。   The game works as follows:
游戏的工作原理如下：  

1. The game runs KG to get (pk,sk)$
   游戏运行 KG 获得（pk，sk）$
2. The adversary A is given pk and can then send messages mi to the game and get back signatures σi under the secret key sk
   对手 A 被赋予 pk ，然后可以向游戏发送消息 mi ，并在密钥#4下取回签名 σi #
3. A must output a pair (m∗,σ∗)
   A 必须输出一对 (m∗,σ∗)

A is said to win the game if σ∗ is a valid signature on m∗ and m∗ is not the same as any of the mi's which A asked the game to be signed. The advantage of the adversary in the UF-CMA game is defined as the probability that A wins the game. The signature scheme S is said to be UF-CMA secure if the advantage is suitably small.
#如果 σ∗ 是#2上的有效签名，并且#3与 A 要求签名的#4中的任何一个都不相同，则称0#赢得了游戏。对手在UF-CMA游戏中的优势被定义为 A 赢得游戏的概率。如果优点适当地小，则签名方案 S 被认为是UF-CMA安全的。

标签：What,signatures,CMA,52,签名,key,signature,pk,UF
From： https://www.cnblogs.com/3cH0-Nu1L/p/18107482