Big Chemical Encyclopedia

Chemical substances, components, reactions, process design ...

Articles Figures Tables About

Security for the Signer Backwards

Definition 7.16. The set of possible secret keys, given the strategy B that the attacker used in key generation and values par, pub, auxg, and hist, is defined as follows  [Pg.175]

Definition 7.17. Let a standard fail-stop signature scheme, an attacker strategy B, and parameters par as in Definition 7.1 or 7.2, respectively, be given. [Pg.176]

This probability space is defined on tuples (pub, sk, auxg) where pub is of the form pub = (acc, pk), and the components of such tuples will [Pg.176]

Thus an outcome is called good if it guarantees that no matter what messages will be signed, the information known to the attacker will be good, and thus any successful forgery will be provable with high hkelihood. [Pg.176]

pati o dKeys) 2, where ris the second security parameter from par. [Pg.176]


Theorem 7.19 (Security backwards and forwards). In standard fail-stop signature schemes, security for the signer backwards implies security for the signer forwards. ... [Pg.177]

Proof sketch of Theorem 7.34. For Part a) of the theorem, the four parts of the security definition (Definition 7.15) are treated in Parts A to D of the following proof. However, effectiveness of authentication in Part B of the proof is immediately proved in the error-free sense, which also yields Part b) of the theorem. Similarly, in Part D of the proof, security for the signer backwards (Definition 7.17e) is proved immediately this implies security for the signer forwards according to Theorem 7.19 and is required in Part c) of the theorem. The requirement from Definition 7.17f is proved in Part E. [Pg.197]

Remark 10.11 (Security for the signer forwards). Currently, security for the signer backwards has been assumed in the one-time scheme and proved in the new scheme. If one wanted to obtain a similar theorem for security forwards, one would have to increase the parameter a in Construction 10.9 by adding log2(iV). because the attacker has more chances to come into a situation where he can make an improvable successful forgery. The same holds for the following constructions. ... [Pg.325]

Actually, not arbitrary signature schemes with fail-stop security according to Chapter 5 are considered at present, but only standard fail-stop signature schemes as defined in Chapter 7, and security for the signer backwards and error-free effectiveness of authentication, at least in the case where all parties carry out key generation correctly, are assumed. ... [Pg.345]

More precisely (similar to the definition of security for the signer backwards. Definition 7.17) ... [Pg.362]

Security for the signer will be defined in two ways. The reason is that previous definitions avoided the concept of probabilistic interactive functions in favour of better-known notions. (This could originally be done because only simple versions of key generation were considered.) Now it is simpler to make a forward definition that deals explicitly with an interactive attacker strategy that carries out authentications and one dispute. This section contains such a forward definition. The backward definition from previous publications and a proof that it is slightly (and unnecessarily) stronger than the forward definition are presented in Section 7.2.1. Nevertheless, some of the later sections are based on the backward definition. [Pg.172]

The backward definition of the security for the signer and the proof that it is slightly stronger than the forward definition. [Pg.175]


See other pages where Security for the Signer Backwards is mentioned: [Pg.175]    [Pg.176]    [Pg.177]    [Pg.196]    [Pg.199]    [Pg.353]    [Pg.175]    [Pg.176]    [Pg.177]    [Pg.196]    [Pg.199]    [Pg.353]    [Pg.175]   


SEARCH



Backwardation

Secure backwards

Secure for the signer

Security for the signer

© 2024 chempedia.info