rixxc/masterthesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rewrote multi-user proofs

Browse Source
This commit is contained in:
Aaron Kaiser
2023-06-14 14:42:08 +02:00
parent d45bcef6c9
commit 0c4179df46
9 changed files with 50 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
thesis/sections/security_of_eddsa/dlog'_implies_gamez.tex
View File

@@ -158,7 +158,7 @@ The adversary must call the \ioracle oracle with a commitment $\groupelement{R}$
Assuming that $r_2 + 2^c \ch^*$ is invertible in $\field{L}$ (i.e. not equal to $0$), which is ensured due to the abort in $G_2$, both equations can be used to calculate the discrete logarithm of $\groupelement{A}$.
\item Obviously, the runtime of $\adversary{B}$ is ppt. The \ioracle just samples the challenge uniformly at random and returns it after checking the abort condition, which is ppt. After $\adversary{A}$ has provided its solution, adversary $\adversary{B}$ just does some additions, multiplications, and an inversion, which is all ppt.
\item Obviously, the runtime of $\adversary{B}$ is roughly the same as the runtime of $\adversary{A}$. The \ioracle just samples the challenge uniformly at random and returns it after checking the abort condition. After $\adversary{A}$ has provided its solution, adversary $\adversary{B}$ just does some additions, multiplications, and an inversion, which does not add much to its runtime.
\item This proves theorem \ref{theorem:advgamez}.
\end{proof}