used uniform font for sets
This commit is contained in:
@@ -21,13 +21,13 @@ This section shows that MU-\igame implies MU-UF-NMA security of the EdDSA signat
|
||||
\State \quad $a_i \randomsample \{2^{n-1}, 2^{n-1} + 2^c, ..., 2^n - 2^c\}$
|
||||
\State \quad $\groupelement{A_i} \assign a_i \groupelement{B}$
|
||||
\State $s^* \randomsample \adversary{A}^{\ioracle(\inp)}(\groupelement{A_1}, \groupelement{A_2}, ..., \groupelement{A_N})$
|
||||
\State \Return $\exists (\groupelement{R}^*, \ch^*) \in Q, i \in \{1,2,...,N\} \in : \groupelement{R}^* = 2^c s^* \groupelement{B} - 2^c \ch^* \groupelement{A_i}$
|
||||
\State \Return $\exists (\groupelement{R}^*, \ch^*) \in \pset{Q}, i \in \{1,2,...,N\} \in : \groupelement{R}^* = 2^c s^* \groupelement{B} - 2^c \ch^* \groupelement{A_i}$
|
||||
\end{algorithmic}
|
||||
\vspace{2mm}
|
||||
\begin{algorithmic}[1]
|
||||
\Statex \underline{\oracle \ioracle($\groupelement{R_i} \in \group{G}$)}
|
||||
\State $\ch_i \randomsample \{0,1\}^{2b}$
|
||||
\State $Q \assign Q \cup \{ (\groupelement{R}_i, \ch_i) \}$
|
||||
\State $\pset{Q} \assign \pset{Q} \cup \{ (\groupelement{R}_i, \ch_i) \}$
|
||||
\State \Return $\ch_i$
|
||||
\end{algorithmic}
|
||||
\hrule
|
||||
|
||||
@@ -26,7 +26,7 @@ Again the programmability of the random oracle together with the \simalg algorit
|
||||
\State \quad $s_j \leftarrow 2^n + \sum_{i=c}^{n-1} 2^i h_{j_i}$
|
||||
\State \quad $\groupelement{A_j} \assign s_j \groupelement{B}$
|
||||
\State $(\m^*, \signature^*) \randomassign \adversary{A}^{H(\inp), \sign(\inp, \inp)}(\groupelement{A_1}, \groupelement{A_2},...,\groupelement{A_N})$
|
||||
\State \Return $\exists j \in \{1,2,...,N\}: \verify(\groupelement{A_j}, \m^*,\signature^*) \wedge (\groupelement{A_j}, \m^*, \signature^*) \notin Q$
|
||||
\State \Return $\exists j \in \{1,2,...,N\}: \verify(\groupelement{A_j}, \m^*,\signature^*) \wedge (\groupelement{A_j}, \m^*, \signature^*) \notin \pset{Q}$
|
||||
\end{algorithmic}
|
||||
\columnbreak
|
||||
\begin{algorithmic}[1]
|
||||
@@ -52,7 +52,7 @@ Again the programmability of the random oracle together with the \simalg algorit
|
||||
\State $S \assign (r + s\sum[\encoded{R} | \encoded{A_j} | \m]) \pmod L$
|
||||
\EndBox
|
||||
\State $\signature \assign (\encoded{R}, S)$
|
||||
\State $Q \assign Q \cup \{(\groupelement{A_j}, \m, \signature)\}$
|
||||
\State $\pset{Q} \assign \pset{Q} \cup \{(\groupelement{A_j}, \m, \signature)\}$
|
||||
\State \Return $\signature$
|
||||
\end{algorithmic}
|
||||
\end{multicols}
|
||||
@@ -75,7 +75,7 @@ Again the programmability of the random oracle together with the \simalg algorit
|
||||
\State \quad $abort$
|
||||
\State $\sum[\encoded{R} | \encoded{A_j} | \m] = \textbf{ch}$
|
||||
\State $\signature \assign (\encoded{R}, S)$
|
||||
\State $Q \assign Q \cup \{(\groupelement{A_j}, \m, \signature)\}$
|
||||
\State $\pset{Q} \assign \pset{Q} \cup \{(\groupelement{A_j}, \m, \signature)\}$
|
||||
\State \Return $\signature$
|
||||
\EndBox
|
||||
\end{algorithmic}
|
||||
@@ -126,7 +126,7 @@ Again the programmability of the random oracle together with the \simalg algorit
|
||||
\State \quad $abort$
|
||||
\State $\sum[\encoded{R} | \encoded{A_j} | m] = \textbf{ch}$
|
||||
\State $\signature \assign (\encoded{R}, S)$
|
||||
\State $Q \assign Q \cup \{(\groupelement{A_j}, \m, \signature)\}$
|
||||
\State $\pset{Q} \assign \pset{Q} \cup \{(\groupelement{A_j}, \m, \signature)\}$
|
||||
\State \Return $\signature$
|
||||
\end{algorithmic}
|
||||
\end{multicols}
|
||||
@@ -157,7 +157,7 @@ Again the programmability of the random oracle together with the \simalg algorit
|
||||
|
||||
\subsection{MU-UF-NMA $\Rightarrow$ $\text{MU-EUF-CMA}_{\text{EdDSA with lax parsing}}$ (ROM)}
|
||||
|
||||
This section shows that MU-UF-NMA security of EdDSA implies the MU-EUF-CMA security of EdDSA with lax parsing using in the random oracle model. This proof is very similar to the proof MU-SUF-CMA proof of EdDSA with strict parsing. The modification to the games are the same as in the proof above with the only modifications being in the win condition, which is $\exists j \in \{1,2,...,N\}: \verify(\groupelement{A_j}, \m^*) \wedge (\groupelement{A_j}, \m^*) \notin Q$. For this reason this proof starts at showing the existence of an adversary $\adversary{B}$ breaking MU-UF-NMA security.
|
||||
This section shows that MU-UF-NMA security of EdDSA implies the MU-EUF-CMA security of EdDSA with lax parsing using in the random oracle model. This proof is very similar to the proof MU-SUF-CMA proof of EdDSA with strict parsing. The modification to the games are the same as in the proof above with the only modifications being in the win condition, which is $\exists j \in \{1,2,...,N\}: \verify(\groupelement{A_j}, \m^*) \wedge (\groupelement{A_j}, \m^*) \notin \pset{Q}$. For this reason this proof starts at showing the existence of an adversary $\adversary{B}$ breaking MU-UF-NMA security.
|
||||
|
||||
\begin{theorem}
|
||||
\label{theorem:adv2_mu-uf-nma}
|
||||
@@ -192,7 +192,7 @@ This section shows that MU-UF-NMA security of EdDSA implies the MU-EUF-CMA secur
|
||||
\State \quad $abort$
|
||||
\State $\sum[\encoded{R} | \encoded{A_j} | m] = \textbf{ch}$
|
||||
\State $\signature \assign (\encoded{R}, S)$
|
||||
\State $Q \assign Q \cup \{(\groupelement{A_j}, \m)\}$
|
||||
\State $\pset{Q} \assign \pset{Q} \cup \{(\groupelement{A_j}, \m)\}$
|
||||
\State \Return $\signature$
|
||||
\end{algorithmic}
|
||||
\end{multicols}
|
||||
|
||||
@@ -17,7 +17,7 @@ This section shows that \somdl implies MU-\igame using the Algebraic Group Model
|
||||
\begin{algorithmic}[1]
|
||||
\Statex \underline{\game \somdl}
|
||||
\State \textbf{for} $i \in \{1,2,...,N\}$
|
||||
\State \quad $a_i \randomsample \{ 2^{n-1}, 2^{n-1} + 8, ..., 2^{n} - 8 \}$
|
||||
\State \quad $a_i \randomsample \{ 2^{n-1}, 2^{n-1} + 2^c, ..., 2^{n} - 2^c \}$
|
||||
\State \quad $\groupelement{A_i} \assign a_i \groupelement{B}$
|
||||
\State $I \assign 0$
|
||||
\State $(a'_1, a'_2, ..., a'_N) \randomassign \adversary{A}^{DL(\inp)}(\groupelement{A_1}, \groupelement{A_2}, ..., \groupelement{A_N})$
|
||||
@@ -58,7 +58,7 @@ This section shows that \somdl implies MU-\igame using the Algebraic Group Model
|
||||
\State \quad $a_i \randomsample \{2^{n-1}, 2^{n-1} + 2^c, ..., 2^n - 2^c\}$
|
||||
\State \quad $\groupelement{A_i} \assign a_i \groupelement{B}$
|
||||
\State $s^* \randomsample \adversary{A}^{\ioracle(\inp)}(\groupelement{A_1}, \groupelement{A_2}, ..., \groupelement{A_N})$
|
||||
\State \Return $\exists (\groupelement{R}^*, \ch^*) \in Q, i \in \{1,2,...,N\}: \groupelement{R}^* = 2^c s^* \groupelement{B} - 2^c \ch^* \groupelement{A_i}$
|
||||
\State \Return $\exists (\groupelement{R}^*, \ch^*) \in \pset{Q}, i \in \{1,2,...,N\}: \groupelement{R}^* = 2^c s^* \groupelement{B} - 2^c \ch^* \groupelement{A_i}$
|
||||
\end{algorithmic}
|
||||
\vspace{2mm}
|
||||
\begin{algorithmic}[1]
|
||||
@@ -74,7 +74,7 @@ This section shows that \somdl implies MU-\igame using the Algebraic Group Model
|
||||
\Comment{$G_2$}
|
||||
\EndBox
|
||||
\EndBox
|
||||
\State $Q \assign Q \cup \{ (\groupelement{R}, \ch) \}$
|
||||
\State $\pset{Q} \assign \pset{Q} \cup \{ (\groupelement{R}, \ch) \}$
|
||||
\State \Return $\ch$
|
||||
\end{algorithmic}
|
||||
\hrule
|
||||
@@ -129,7 +129,7 @@ This section shows that \somdl implies MU-\igame using the Algebraic Group Model
|
||||
\State \textbf{If} $\exists i \in \{2,3,...,N+1\}: 2^c \ch \equiv -r_i \pmod L$ \textbf{then}
|
||||
\State \quad $bad \assign true$
|
||||
\State \quad $abort$
|
||||
\State $Q \assign Q \cup \{ (\groupelement{R}, \ch) \}$
|
||||
\State $\pset{Q} \assign \pset{Q} \cup \{ (\groupelement{R}, \ch) \}$
|
||||
\State \Return $\ch$
|
||||
\end{algorithmic}
|
||||
\hrule
|
||||
|
||||
Reference in New Issue
Block a user