Talk:Existential forgery

Sorry for being thick, but I think the current definition makes no sense at all.

First, I can always create a valid (sigma,m) where "m has not been MACed in the past by the legitimate MAC [user]". Do we not need in the definition some sigma' (the original sigma thata forger wants to forge)?

Secondly, are there any constraints on the key used? I.e. will the original user generate the same sigma given the same (gibberish) m? Or we don't care?

Thanks. 83.67.217.254 06:50, 17 November 2006 (UTC)

This article is worded in such a way that "any" seems to imply the an adversary could construct a valid signature/MAC for any message desired. This is called universal forgery. We should reword this to state "there exists a message", implying existence (existential). I will take the liberty to fix the wording, but if you feel this is in error, please correct me. --Chrismiceli (talk) 20:33, 19 May 2009 (UTC)