rixxc/masterthesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

some more clarifications

Browse Source
This commit is contained in:
Aaron Kaiser
2023-03-02 11:09:20 +01:00
parent b08241b07f
commit 0d5dbf0675
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
thesis/Abschlussarbeit.tex
View File

@@ -351,6 +351,7 @@ The adversary has to call the \ioracle oracle with a commitment $\groupelement{R
Assuming that $r_2 + 2^c c$ is invertible in $\field{L}$ (not equal to $0$) we can use both equations to calculate the discrete logarithm of $\groupelement{A}$. To ensure that $r_2 + 2^c c$ is invertible the reduction has to abort if $-r_2$ equals $2^c c$ with $c$ being randomly chosen in the \ioracle oracle. Assuming that $r_2 + 2^c c$ is invertible in $\field{L}$ (not equal to $0$) we can use both equations to calculate the discrete logarithm of $\groupelement{A}$. To ensure that $r_2 + 2^c c$ is invertible the reduction has to abort if $-r_2$ equals $2^c c$ with $c$ being randomly chosen in the \ioracle oracle.
% TODO: clarify encoding of c
\begin{figure} \begin{figure}
\hrule \hrule
\begin{multicols}{2} \begin{multicols}{2}
@@ -410,7 +411,7 @@ Game $G_0$ is defined in Figure \ref{fig:igamewithabort} by ignoring all boxes.
\[ \Pr[G_0^{\adversary{A}} \Rightarrow 1] = \Pr[G_1^{\adversary{A}} \Rightarrow 1] \] \[ \Pr[G_0^{\adversary{A}} \Rightarrow 1] = \Pr[G_1^{\adversary{A}} \Rightarrow 1] \]
% TODO: wählen von % TODO: wählen von
\item \paragraph{\underline{$G_2:$}} Game $G_2$ aborts if the flag bad is set. For each individual \ioracle query the bad flag is set with probability at most $\frac{1}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}$. $-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})$ being the min entropy of $c$ since $c$ is chosen from $\{0,1\}^{2b}$ uniformly at random and then reduced modulo $L$ in the check during the if condition. By the Union bound over all $\oraclequeries$ queries we obtain $\Pr[bad] = \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}$. Since $G_1$ and $G_2$ are identical-until-bad games, we have \item \paragraph{\underline{$G_2:$}} Game $G_2$ aborts if the flag bad is set. For each individual \ioracle query the bad flag is set with probability at most $\frac{1}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}$. $-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})$ being the min entropy of $c \pmod L$ since $c$ is chosen from $\{0,1\}^{2b}$ uniformly at random and then reduced modulo $L$ in the check during the if condition. By the Union bound over all $\oraclequeries$ queries we obtain $\Pr[bad] = \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}$. Since $G_1$ and $G_2$ are identical-until-bad games, we have
\[ |\Pr[G_1^{\adversary{A}} \Rightarrow 1] - \Pr[G_2^{\adversary{A}} \Rightarrow 1]| \leq \Pr[bad] \leq \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \] \[ |\Pr[G_1^{\adversary{A}} \Rightarrow 1] - \Pr[G_2^{\adversary{A}} \Rightarrow 1]| \leq \Pr[bad] \leq \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \]