## FANDOM

570 Pages

Template:Context In a cryptographic digital signature or MAC system, forgery is the ability to create a pair consisting of a message $m$ and a signature (or MAC) $\sigma$ that is valid for $m$, where $m$ has not been signed in the past by the legitimate signer. There are three types of forgery: Existential, Selective, and Universal.[1]

## TypesEdit

### Existential forgeryEdit

Existential forgery is the creation (by an adversary) of any message/signature pair $(m, \sigma)$, where $\sigma$ was not produced by the legitimate signer. The adversary need not have any control over $m$; $m$ need not have any particular meaning; and indeed it may even be gibberish — as long as the pair $(m, \sigma)$ is valid, the adversary has succeeded in constructing an existential forgery.

Existential forgery is essentially the weakest adversarial goal, therefore the strongest schemes are those which are "existentially unforgeable".

### Selective forgeryEdit

Selective forgery is the creation (by an adversary) of a message/signature pair $(m, \sigma)$ where $m$ has been chosen by the adversary prior to the attack. $m$ may be chosen to have interesting mathematical properties with respect to the signature algorithm; however, in selective forgery, $m$ must be fixed before the start of the attack.

The ability to successfully conduct a selective forgery attack implies the ability to successfully conduct an existential forgery attack.

### Universal forgeryEdit

Universal forgery is the creation (by an adversary) of a valid signature $\sigma$ for any given message $m$. An adversary capable of universal forgery is able to sign messages he chose himself (as in selective forgery), messages chosen at random, or even specific messages provided by an opponent.

## ReferencesEdit

Template:Crypto-stub