Reference for a formal definition of universal forgery and EUF-CMA

cryptobeginner

2/17/23, 11:28 AM

In many papers, I see EUF-CMA and SUF-CMA referenced as a canonical term used, but I did not find a reference paper/book that give a formal definition of the those terms. I am looking for a reference that formally defines EUF-CMA, SUF-CMA security and universal forgery, similar to this answer.

0 + 0

signature

forgery

security-definition

kelalaka

2/17/23, 11:29 AM

Does this answer your question? [What do the signature security abbreviations like EUF-CMA mean?](https://crypto.stackexchange.com/questions/44188/what-do-the-signature-security-abbreviations-like-euf-cma-mean). At the end of the answer, there you can find the reference.

cryptobeginner

2/17/23, 11:36 AM

Thanks! That paper defines universal forgery as "Find an efficient signing algorithm functionally equivalent to A's signing algorithm", but does not define it in terms of Games like the answer does. Do you happen to have a (cite-able) source that defines it exactly in terms of games? I am particularly interested in whether for universal forgery, the adversary needs a 100% winning chance or if there can be a negligible failure probability (from what I see, that depends on whether this negligible failure probability is allowed for the original verification algorithm as well?)

kelalaka

2/17/23, 11:48 AM

https://cseweb.ucsd.edu//~mihir/papers/relations.pdf

Score:2

Crypto

hlayhel

2/17/23, 2:26 PM

The first seminal paper to define the terms Chosen Message Attack (CMA) and existential forgery (the opposite of which is SUF and WUF) is A digital signature scheme secure against adaptive chosen-message attacks by S. Goldwasser, S. Micali, and R. L. Rivest. But the best paper to formally define SUF-CMA and WUF-CMA in the form of a game is Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm by Mihir Bellare and Chanathip Namprempre. See specifically Fig. 6:

Below the figure, you'll find a very precise definition of the concept of Unforgeability.

As far as books, I have found Dan Boneh's book A Graduate Course in Applied Cryptography to be the most elaborate when it came to game definitions. Check for example Chapter 6 Message Integrity and specifically Attack Game 6.1 (MAC Security).

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Reference for a formal definition of universal forgery and EUF-CMA

TH: การอ้างอิงสำหรับคำจำกัดความอย่างเป็นทางการของการปลอมแปลงสากลและ EUF-CMA

RO: Referință pentru o definiție formală a falsului universal și EUF-CMA

RU: Ссылка на формальное определение универсальной подделки и EUF-CMA

VI: Tài liệu tham khảo cho một định nghĩa chính thức về giả mạo phổ quát và EUF-CMA

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.