① Complete forgery, that is, an attacker can calculate the private key or find an algorithm that can generate a legal signature, so that a legal signature can be generated for any message.

(2) Selective forgery, that is, attackers can construct legal signatures for certain messages.

(3) Forgery exists, that is, an attacker can forge the signature of at least one message, but has almost no control over the message.

The concept of digital signature

In RSA public key cryptosystem, if Alice uses her private key D to calculate S≡md(mod n), and then sends S together with the message M to Bob, and Bob uses Alice's public key (n, e) to calculate m'≡ce(mod n), then there is M' = M.

Think about it, does this mean that Bob thinks that the S he received must be from Alice? Is the S in the above process equal to Alice's signature on message M? Figure 3-25 summarizes the above process.

Digital signature is a technology that uses cryptographic operations to achieve the effect of "handwritten signature". It realizes the signature and seal of digital content through some mathematical transformation.

In the ISO7498-2 standard, digital signature is defined as "some data attached to a data unit, or the encrypted conversion of the data unit, which allows the receiver of the data unit to confirm the source and integrity of the data unit and protect the data from being forged".

A digital signature scheme usually consists of a signature algorithm and a verification algorithm. In order to achieve the effect of "handwritten signature", digital signature should be unforgeable, undeniable and verifiable. The main attack on digital signature scheme is to find a way to forge a signature.