Faculty of Engineering, Multimedia University, Cyberjaya, Selangor, 63100, Malaysia.
Faculty of Computing and Informatics, Multimedia University, Cyberjaya, Selangor, 63100, Malaysia.
F1000Res. 2021 Sep 16;10:931. doi: 10.12688/f1000research.72910.1. eCollection 2021.
Digital signature schemes (DSS) are ubiquitously used for public authentication in the infrastructure of the internet, in addition to their use as a cryptographic tool to construct even more sophisticated schemes such as those that are identity-based. The security of DSS is analyzed through the existential unforgeability under chosen message attack (EUF-CMA) experiment which promises unforgeability of signatures on new messages even when the attacker has access to an arbitrary set of messages and their corresponding signatures. However, the EUF-CMA model does not account for attacks such as an attacker forging a different signature on an existing message, even though the attack could be devastating in the real world and constitutes a severe breach of the security system. Nonetheless, most of the DSS are not analyzed in this security model, which possibly makes them vulnerable to such an attack. In contrast, a better security notion known as strong EUF-CMA (sEUF-CMA) is designed to be resistant to such attacks. This review aims to identify DSS in the literature that are secure in the sEUF-CMA model. In addition, the article discusses the challenges and future directions of DSS. In our review, we consider the security of existing DSS that fit our criterion in the sEUF-CMA model; our criterion is simple as we only require the DSS to be at least secure against the minimum of existential forgery. Our findings are categorized into two classes: the direct and indirect classes of sEUF-CMA. The former is inherently sEUF-CMA without any modification while the latter requires some transformation. Our comprehensive review contributes to the security and cryptographic research community by discussing the efficiency and security of DSS that are sEUF-CMA, which aids in selecting robust DSS in future design considerations.
数字签名方案(DSS)在互联网基础设施中被广泛用于公共认证,此外,它们还被用作构建更复杂方案的加密工具,例如基于身份的方案。DSS 的安全性是通过存在性不可伪造性在选择消息攻击(EUF-CMA)实验下进行分析的,该实验保证了即使攻击者可以访问任意一组消息及其对应的签名,也可以对新消息进行签名的不可伪造性。然而,EUF-CMA 模型并没有考虑到攻击者在现有消息上伪造不同签名的攻击,尽管这种攻击在现实世界中可能是毁灭性的,并且构成了对安全系统的严重违反。尽管如此,大多数 DSS 并没有在这种安全模型中进行分析,这可能使它们容易受到这种攻击。相比之下,一种被称为强 EUF-CMA(sEUF-CMA)的更好的安全概念被设计为能够抵御这种攻击。本综述旨在确定文献中在 sEUF-CMA 模型中安全的 DSS。此外,文章还讨论了 DSS 的挑战和未来方向。在我们的综述中,我们考虑了符合 sEUF-CMA 模型安全标准的现有 DSS 的安全性;我们的标准很简单,因为我们只要求 DSS至少能够抵御最小的存在性伪造。我们的发现分为两类:sEUF-CMA 的直接类和间接类。前者本身就是 sEUF-CMA,无需任何修改,而后者则需要进行一些转换。我们的全面综述通过讨论 sEUF-CMA 的 DSS 的效率和安全性,为安全和密码学研究社区做出了贡献,这有助于在未来的设计考虑中选择健壮的 DSS。
