EUF-CMA
EUF-CMA, existential unforgeability under chosen-message attack, is the standard security notion for a digital signature scheme. In the game the attacker receives a public key and an oracle that signs any messages it chooses, adaptively. The attacker wins by outputting a valid signature on any message it never queried, an existential forgery. A scheme is EUF-CMA secure if no efficient attacker wins with non-negligible probability.
Variants and use
A stronger variant, SUF-CMA (strong unforgeability), additionally forbids producing a new signature on an already-signed message, which matters where signatures must be non-malleable. NIST analyzes its post-quantum signature standards in this framework: FIPS 204 specifies ML-DSA, built with a Fiat-Shamir transform, and FIPS 205 specifies the hash-based SLH-DSA; both target EUF-CMA and, in their concrete analyses, strong unforgeability. The notion dates to the 1988 definition of Goldwasser, Micali, and Rivest.
Sources
Cite this entry
"EUF-CMA." postquantum.wiki. Updated July 11, 2026. https://postquantum.wiki/euf-cma@misc{pqwiki-euf-cma,
title = {EUF-CMA},
howpublished = {\url{https://postquantum.wiki/euf-cma}},
year = {2026},
note = {postquantum.wiki, updated 2026-07-11}
}