used uniform font for sets
This commit is contained in:
@@ -47,7 +47,7 @@ The proof starts by providing an algorithm which generates correctly distributed
|
||||
\State $s \leftarrow 2^n + \sum_{i=c}^{n-1} 2^i h_i$
|
||||
\State $\groupelement{A} \assign s \groupelement{B}$
|
||||
\State $(\m^*, \signature^*) \randomassign \adversary{A}^{H(\inp), \sign(\inp)}(\groupelement{A})$
|
||||
\State \Return $\verify(\groupelement{A}, \m^*,\signature^*) \wedge (\m^*, \signature^*) \notin Q$
|
||||
\State \Return $\verify(\groupelement{A}, \m^*,\signature^*) \wedge (\m^*, \signature^*) \notin \pset{Q}$
|
||||
\end{algorithmic}
|
||||
\columnbreak
|
||||
\begin{algorithmic}[1]
|
||||
@@ -73,7 +73,7 @@ The proof starts by providing an algorithm which generates correctly distributed
|
||||
\State $S \assign (r + s\sum[\encoded{R} | \encoded{A} | \m]) \pmod L$
|
||||
\EndBox
|
||||
\State $\signature \assign (\encoded{R}, S)$
|
||||
\State $Q \assign Q \cup \{(\m, \signature)\}$
|
||||
\State $\pset{Q} \assign \pset{Q} \cup \{(\m, \signature)\}$
|
||||
\State \Return $\signature$
|
||||
\end{algorithmic}
|
||||
\end{multicols}
|
||||
@@ -96,7 +96,7 @@ The proof starts by providing an algorithm which generates correctly distributed
|
||||
\State \quad $abort$
|
||||
\State $\sum[\encoded{R} | \encoded{A} | \m] = \textbf{ch}$
|
||||
\State $\signature \assign (\encoded{R}, S)$
|
||||
\State $Q \assign Q \cup \{(\m, \signature)\}$
|
||||
\State $\pset{Q} \assign \pset{Q} \cup \{(\m, \signature)\}$
|
||||
\State \Return $\signature$
|
||||
\EndBox
|
||||
\end{algorithmic}
|
||||
@@ -123,7 +123,7 @@ The proof starts by providing an algorithm which generates correctly distributed
|
||||
|
||||
\[ \Pr[G_2^{\adversary{A}} \Rightarrow 1] = \Pr[G_3^{\adversary{A}} \Rightarrow 1]. \]
|
||||
|
||||
\item Finally, Game $G_3$ is well prepared to show that there exists an adversary $\adversary{B}$ satisfying
|
||||
\item Finally, Game $G_3$ is well-prepared to show that there exists an adversary $\adversary{B}$ satisfying
|
||||
|
||||
\begin{align}
|
||||
\Pr[G_3^{\adversary{A}} \Rightarrow 1] = \advantage{\adversary{B}}{\text{UF-NMA}}(\secparamter). \label{eq:adv_uf-nma}
|
||||
@@ -147,7 +147,7 @@ The proof starts by providing an algorithm which generates correctly distributed
|
||||
\State \quad $abort$
|
||||
\State $\sum[\encoded{R} | \encoded{A} | m] = \textbf{ch}$
|
||||
\State $\signature \assign (\encoded{R}, S)$
|
||||
\State $Q \assign Q \cup \{(\m, \signature)\}$
|
||||
\State $\pset{Q} \assign \pset{Q} \cup \{(\m, \signature)\}$
|
||||
\State \Return $\signature$
|
||||
\end{algorithmic}
|
||||
\end{multicols}
|
||||
@@ -178,7 +178,7 @@ The proof starts by providing an algorithm which generates correctly distributed
|
||||
|
||||
\subsection{UF-NMA $\Rightarrow$ $\text{EUF-CMA}_{\text{EdDSA with lax parsing}}$ (ROM)}
|
||||
|
||||
This section shows that the UF-NMA security of EdDSA implies the EUF-CMA security of EdDSA with lax parsing using the random oracle model. This proof is very similar to the proof of the SUF-CMA security of EdDSA with strict parsing. The modification of the games are the same as in the proof above with the only difference being the win condition, which is $\verify(\groupelement{A}, \m^*,\signature^*) \wedge \m^* \notin Q$. For this reason this proofs starts at showing the existence of an adversary $\adversary{B}$ breaking UF-NMA security.
|
||||
This section shows that the UF-NMA security of EdDSA implies the EUF-CMA security of EdDSA with lax parsing using the random oracle model. This proof is very similar to the proof of the SUF-CMA security of EdDSA with strict parsing. The modification of the games are the same as in the proof above with the only difference being the win condition, which is $\verify(\groupelement{A}, \m^*,\signature^*) \wedge \m^* \notin \pset{Q}$. For this reason this proofs starts at showing the existence of an adversary $\adversary{B}$ breaking UF-NMA security.
|
||||
|
||||
\begin{theorem}
|
||||
\label{theorem:adv2_uf-nma}
|
||||
@@ -213,7 +213,7 @@ This section shows that the UF-NMA security of EdDSA implies the EUF-CMA securit
|
||||
\State \quad $abort$
|
||||
\State $\sum[\encoded{R} | \encoded{A} | m] = \textbf{ch}$
|
||||
\State $\signature \assign (\encoded{R}, S)$
|
||||
\State $Q \assign Q \cup \{\m\}$
|
||||
\State $\pset{Q} \assign \pset{Q} \cup \{\m\}$
|
||||
\State \Return $\signature$
|
||||
\end{algorithmic}
|
||||
\end{multicols}
|
||||
|
||||
Reference in New Issue
Block a user