You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -17,9 +17,13 @@ The verifier obtains the signed document, along with the signer's public key.
The verifier then computes the hash of the received document and the decrypt the document signature sent along using the signers public key. If both the calculated hash and decrypted hash match, the document was not tampered with and the signer is authentic.
{{< hint warning >}}
## Existential Forgery
**RSA signatures do not provide non-mutability if the signature is applied on the *raw message* instead of the message hash**. ([ref](https://crypto.stackexchange.com/questions/12768/why-hash-the-message-before-signing-it-with-rsa#:~:text=a%20valid%20signature.-,Existential%20forgery,-If%20you%20do))
**RSA signatures do not provide non-mutability if the signature is applied on the *raw message* instead of the message hash**. This is due to the mathematical properties of modular arithmetics.
An adversary can generate its own signature/mutate the original signature and decode it using the sender's public key to create a valid (message, signature) pair. The pair can be sent to any party which will associate the mutated pair with the original sender.
{{< hint warning >}}
Non-mutability is only ensured if the signatures use hashes.
