Removed line numbers in figures
This commit is contained in:
@@ -15,7 +15,7 @@ This section shows that MU-\igame implies MU-UF-NMA security of the EdDSA signat
|
||||
\hrule
|
||||
\vspace{1mm}
|
||||
\large
|
||||
\begin{algorithmic}[1]
|
||||
\begin{algorithmic}
|
||||
\Statex \underline{\game \igame}
|
||||
\State \textbf{for} $i \in \{1,2,...,N\}$
|
||||
\State \quad $a_i \randomsample \{2^{n-1}, 2^{n-1} + 2^c, ..., 2^n - 2^c\}$
|
||||
@@ -24,7 +24,7 @@ This section shows that MU-\igame implies MU-UF-NMA security of the EdDSA signat
|
||||
\State \Return $\exists (\groupelement{R}^*, \ch^*) \in \pset{Q}, i \in \{1,2,...,N\} \in : \groupelement{R}^* = 2^c s^* \groupelement{B} - 2^c \ch^* \groupelement{A_i}$
|
||||
\end{algorithmic}
|
||||
\vspace{2mm}
|
||||
\begin{algorithmic}[1]
|
||||
\begin{algorithmic}
|
||||
\Statex \underline{\oracle \ioracle($\groupelement{R_i} \in \group{G}$)}
|
||||
\State $\ch_i \randomsample \{0,1\}^{2b}$
|
||||
\State $\pset{Q} \assign \pset{Q} \cup \{ (\groupelement{R}_i, \ch_i) \}$
|
||||
@@ -39,7 +39,7 @@ This section shows that MU-\igame implies MU-UF-NMA security of the EdDSA signat
|
||||
\label{theorem:adv_mu-igame}
|
||||
Let $\adversary{A}$ be an adversary against MU-\igame. Then,
|
||||
|
||||
\[ \advantage{\adversary{A}}{\text{MU-UF-NMA}}(\secparamter) = \advantage{\adversary{B}}{\text{MU-\igame}}(\secparamter) \].
|
||||
\[ \advantage{\adversary{A}}{\text{MU-UF-NMA}}(\secparamter) = \advantage{\adversary{B}}{\text{MU-\igame}}(\secparamter). \]
|
||||
\end{theorem}
|
||||
|
||||
\paragraph{\underline{Proof Overview}} Like the single-user setting the adversary has to query the random oracle to get the hash value $H(\encoded{R}|\encoded{A_i}|m)$. Again the programmability of the random oracle can be used to embed the challenge from \ioracle oracle into the answer of the random oracle. By embedding the challenge from the \ioracle oracle answer into the answer of the random oracle a valid forgery of the signature also becomes a valid solution for the MU-\igame game.
|
||||
@@ -50,7 +50,7 @@ This section shows that MU-\igame implies MU-UF-NMA security of the EdDSA signat
|
||||
\hrule
|
||||
\begin{multicols}{2}
|
||||
\large
|
||||
\begin{algorithmic}[1]
|
||||
\begin{algorithmic}
|
||||
\State \underline{\game $G_0$}
|
||||
\State \textbf{for} $i \in \{1,2,...,N\}$
|
||||
\State \quad $(h_{i_0}, h_{i_1}, ..., h_{i_{2b-1}}) \randomsample \{0,1\}^{2b}$
|
||||
@@ -60,7 +60,7 @@ This section shows that MU-\igame implies MU-UF-NMA security of the EdDSA signat
|
||||
\State \Return $\exists i \in \{1,2,...,N\}: \verify(\groupelement{A_i}, \m^*,\signature^*)$
|
||||
\end{algorithmic}
|
||||
\columnbreak
|
||||
\begin{algorithmic}[1]
|
||||
\begin{algorithmic}
|
||||
\Statex \underline{\oracle $H(m \in \{0,1\}^*)$}
|
||||
\State $\textbf{if } \sum[m] = \bot \textbf{ then}$
|
||||
\State \quad $\sum[m] \randomsample \{0,1\}^{2b}$
|
||||
@@ -87,13 +87,13 @@ This section shows that MU-\igame implies MU-UF-NMA security of the EdDSA signat
|
||||
\hrule
|
||||
\vspace{1mm}
|
||||
\large
|
||||
\begin{algorithmic}[1]
|
||||
\begin{algorithmic}
|
||||
\Statex \underline{\textbf{Adversary} $\adversary{B}^{\ioracle(\inp)}(\groupelement{A_1}, \groupelement{A_2}, ..., \groupelement{A_N})$}
|
||||
\State $(\m^*, \signature^* \assign (\encoded{R}, S)) \randomassign \adversary{A}^{H(\inp)}(\groupelement{A_1}, \groupelement{A_2}, ..., \groupelement{A_N})$
|
||||
\State \Return $S$
|
||||
\end{algorithmic}
|
||||
\vspace{2mm}
|
||||
\begin{algorithmic}[1]
|
||||
\begin{algorithmic}
|
||||
\Statex \underline{\oracle $H(m \in \{0,1\}^*)$}
|
||||
\State $\textbf{if } \sum[m] = \bot \textbf{ then}$
|
||||
\State \quad $\textbf{if } \encoded{R} | \encoded{A} | m' \assign m \wedge \groupelement{R}, \groupelement{A} \in \curve \textbf{ then}$
|
||||
|
||||
Reference in New Issue
Block a user