Template:Context In a cryptographic digital signature or MAC system, forgery is the ability to create a pair consisting of a message m and a signature (or MAC) \sigma that is valid for m, where m has not been signed in the past by the legitimate signer. There are three types of forgery: Existential, Selective, and Universal.[1]


Existential forgeryEdit

Existential forgery is the creation (by an adversary) of any message/signature pair (m, \sigma), where \sigma was not produced by the legitimate signer. The adversary need not have any control over m; m need not have any particular meaning; and indeed it may even be gibberish — as long as the pair (m, \sigma) is valid, the adversary has succeeded in constructing an existential forgery.

Existential forgery is essentially the weakest adversarial goal, therefore the strongest schemes are those which are "existentially unforgeable".

Selective forgeryEdit

Selective forgery is the creation (by an adversary) of a message/signature pair (m, \sigma) where m has been chosen by the adversary prior to the attack. m may be chosen to have interesting mathematical properties with respect to the signature algorithm; however, in selective forgery, m must be fixed before the start of the attack.

The ability to successfully conduct a selective forgery attack implies the ability to successfully conduct an existential forgery attack.

Universal forgeryEdit

Universal forgery is the creation (by an adversary) of a valid signature \sigma for any given message m. An adversary capable of universal forgery is able to sign messages he chose himself (as in selective forgery), messages chosen at random, or even specific messages provided by an opponent.



Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.