rixxc/masterthesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

finished first version of proofs

Browse Source
This commit is contained in:
Aaron Kaiser
2023-04-24 16:12:19 +02:00
parent f527b43068
commit 397abfe5fe
8 changed files with 95 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
thesis/sections/mu_security_of_eddsa/mu-gamez_implies_mu-uf-nma.tex
View File

@@ -8,7 +8,7 @@ This section shows that MU-\igame implies MU-UF-NMA security of the EdDSA signat
\begin{definition}[MU-\igame]
Let $n$ and $N$ be positive integers. For an adversary $\adversary{A}$ we define its advantage in the MU-\igame as following:
\[ \advantage{\adversary{A}}{\text{MU-\igame}}(\secparamter) \assign | \Pr[\text{MU-\igame}^{\adversary{A}} \Rightarrow 1] | \].
\[ \advantage{\adversary{A}}{\text{MU-\igame}}(\secparamter) \assign | \Pr[\text{MU-\igame}^{\adversary{A}} \Rightarrow 1] |. \]
\end{definition}
\begin{figure}
@@ -75,13 +75,13 @@ This section shows that MU-\igame implies MU-UF-NMA security of the EdDSA signat
\begin{proof}
\item Let $G_0$ be defined in figure \ref{fig:mu-igame_implies_mu-uf-nma} and $G_0$ be MU-UF-NMA. By definition,
\[ \advantage{\text{EdDSA}, \adversary{A}}{\text{MU-UF-NMA}}(\secparamter) = \Pr[\text{MU-UF-NMA}^{\adversary{A}} \Rightarrow 1 ] = \Pr[G_0^{\adversary{A}} \Rightarrow 1] \].
\[ \advantage{\text{EdDSA}, \adversary{A}}{\text{MU-UF-NMA}}(\secparamter) = \Pr[\text{MU-UF-NMA}^{\adversary{A}} \Rightarrow 1 ] = \Pr[G_0^{\adversary{A}} \Rightarrow 1]. \]
\item $G_0$ is well-prepared to show that there exists an adversary $\adversary{B}$ satisfying
\begin{align}
\Pr[G_0^{\adversary{A}} \Rightarrow 1] = \advantage{\group{G}, \adversary{B}}{\text{MU-\igame}}(\secparamter) \label{eq:adv_mu-igame}
\end{align}.
\Pr[G_0^{\adversary{A}} \Rightarrow 1] = \advantage{\group{G}, \adversary{B}}{\text{MU-\igame}}(\secparamter). \label{eq:adv_mu-igame}
\end{align}
\begin{figure}
\hrule
@@ -113,8 +113,8 @@ This section shows that MU-\igame implies MU-UF-NMA security of the EdDSA signat
\begin{align*}
2^c S \groupelement{B} &= 2^c \groupelement{R} + 2^c H(\encoded{R} | \encoded{A_i} | m) \groupelement{A_i} \\
2^c \groupelement{R} &= 2^c S \groupelement{B} - 2^c H(\encoded{R} | \encoded{A_i} | m) \groupelement{A_i} \\
2^c \groupelement{R} &= 2^c S \groupelement{B} - 2^c \ioracle(2^c \groupelement{R}) \groupelement{A_i} \\
\Leftrightarrow 2^c \groupelement{R} &= 2^c S \groupelement{B} - 2^c H(\encoded{R} | \encoded{A_i} | m) \groupelement{A_i} \\
\Leftrightarrow 2^c \groupelement{R} &= 2^c S \groupelement{B} - 2^c \ioracle(2^c \groupelement{R}) \groupelement{A_i} \\
\groupelement{R}' &= 2^c S \groupelement{B} - 2^c \ioracle(\groupelement{R}') \groupelement{A_i}
\end{align*}