rixxc/masterthesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added concrete security

Browse Source
This commit is contained in:
Aaron Kaiser
2023-06-14 09:16:26 +02:00
parent 941ad86eff
commit 0123162433
6 changed files with 150 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
thesis/Abschlussarbeit.tex
View File

@@ -111,13 +111,13 @@ The two main theorems for the single user security of $\text{EdDSA}_{\text{sp}}$
\begin{theorem}[Security of EdDSA with strict parsing in the single-user setting]
Let $\adversary{A}$ be an adversary against the SUF-CMA security of EdDSA with strict parsing, making at most $\hashqueries$ hash queries and $\oraclequeries$ oracle queries, and $\group{G}$ a group of prime order $L$. Then,
\[ \advantage{\group{G}, \adversary{A}}{\text{SUF-CMA}}(\secparamter) \leq \advantage{\group{G}, \adversary{B}}{\sdlog}(\secparamter) + \frac{2(\hashqueries + 1)}{2^b} + \frac{\oraclequeries \hashqueries + \oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \]
\[ \advantage{\group{G}, \adversary{A}}{\text{SUF-CMA}}(\secparamter) \leq \advantage{\curve, n, c, L, \adversary{B}}{\sdlog} + \frac{2(\hashqueries + 1)}{2^b} + \frac{\oraclequeries \hashqueries + \oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \]
\end{theorem}
\begin{theorem}[Security of EdDSA with lax parsing in the single-user setting]
Let $\adversary{A}$ be an adversary against the SUF-CMA security of EdDSA with lax parsing, making at most $\hashqueries$ hash queries and $\oraclequeries$ oracle queries, and $\group{G}$ a group of prime order $L$. Then,
\[ \advantage{\group{G}, \adversary{A}}{\text{EUF-CMA}}(\secparamter) \leq \advantage{\group{G}, \adversary{B}}{\sdlog}(\secparamter) + \frac{2(\hashqueries + 1)}{2^b} + \frac{\oraclequeries \hashqueries + \oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \]
\[ \advantage{\group{G}, \adversary{A}}{\text{EUF-CMA}}(\secparamter) \leq \advantage{\curve, n, c, L, \adversary{B}}{\sdlog} + \frac{2(\hashqueries + 1)}{2^b} + \frac{\oraclequeries \hashqueries + \oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \]
\end{theorem}
The proof begins by showing that the UF-NMA security of EdDSA implies the SUF-CMA/EUF-CMA security of EdDSA with different types of parsing in the random oracle model. With this step, subsequent proofs can be performed without worrying about signature generation, and a unified chain of reduction can be used to prove the security of EdDSA with both parsing variants. Next, an algebraic intermediate game \igame is introduced. This intermediate game serves as a separation for proofs in the random oracle model and those in the algebraic group model. Finally, the intermediate game \igame is reduced to the special discrete logarithm variant \sdlog.
@@ -147,9 +147,9 @@ The chain of reductions can be depicted as:
\input{sections/edggm}
\section{Concrete Security of EdDSA}
\input{sections/concrete_security}
\section{Conclusion}
\input{sections/conclusion}
\newpage