rixxc/masterthesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Removed line numbers in figures

Browse Source
This commit is contained in:
Aaron Kaiser
2023-06-12 11:53:44 +02:00
parent 9ba0bc2ef3
commit 3df7ccbfe4
10 changed files with 82 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
thesis/sections/security_of_eddsa/dlog'_implies_gamez.tex
View File

@@ -18,7 +18,7 @@ The \sdlog game is a variant of the discrete logarithm game that represents the
\begin{figure}[h]
\hrule
\vspace{1mm}
\begin{algorithmic}[1]
\begin{algorithmic}
\Statex \underline{\game \sdlog}
\State $a \randomsample \{ 2^{n-1}, 2^{n-1} + 2^c, ..., 2^{n} - 2^c \}$
\State $\groupelement{A} \assign a \groupelement{B}$
@@ -46,7 +46,7 @@ The adversary must call the \ioracle oracle with a commitment $\groupelement{R}$
\hrule
\begin{multicols}{2}
\large
\begin{algorithmic}[1]
\begin{algorithmic}
\Statex \underline{\game $G_0$ / \textcolor{blue}{$G_1$} / \textcolor{red}{$G_2$}}
\State $a \randomsample \{2^{n-1}, 2^{n-1} + 8, ..., 2^n - 8\}$
\State $\groupelement{A} \assign a \groupelement{B}$
@@ -121,7 +121,7 @@ The adversary must call the \ioracle oracle with a commitment $\groupelement{R}$
\hrule
\begin{multicols}{2}
\large
\begin{algorithmic}[1]
\begin{algorithmic}
\Statex \underline{\textbf{Adversary} $\adversary{B}(\groupelement{A})$}
\State $s^* \randomassign \adversary{A}^{\ioracle(\inp)}(\groupelement{A})$
\State \textbf{If} $\nexists \agmgroupelement{R^*}{r^*}, \ch^*: \groupelement{R}^* = 2^c (s^* \groupelement{B} - \ch^* \groupelement{A}) \wedge (\agmgroupelement{R^*}{r^*}, \ch^*) \in \pset{Q}$ \textbf{then}
@@ -130,7 +130,7 @@ The adversary must call the \ioracle oracle with a commitment $\groupelement{R}$
\State \Return $(2^c s^* - r_1)(r_2 + 2^c \ch^*)^{-1}$
\end{algorithmic}
\columnbreak
\begin{algorithmic}[1]
\begin{algorithmic}
\Statex \underline{\oracle \ioracle($\agmgroupelement{R_i}{r_i} \in \group{G}$)}
\State Let $\groupelement{R}_i = r_1 \groupelement{B} + r_2 \groupelement{A}$
\State $\ch_i \randomsample \{0,1\}^{2b}$

12
thesis/sections/security_of_eddsa/gamez_implies_uf-nma.tex
View File

@@ -14,7 +14,7 @@ This section shows that \igame implies the UF-NMA security of the EdDSA signatur
\hrule
\begin{multicols}{2}
\large
\begin{algorithmic}[1]
\begin{algorithmic}
\Statex \underline{\game \igame}
\State $a \randomsample \{2^{n-1}, 2^{n-1} + 2^c, ..., 2^n - 2^c\}$
\State $\groupelement{A} \assign a \groupelement{B}$
@@ -22,7 +22,7 @@ This section shows that \igame implies the UF-NMA security of the EdDSA signatur
\State \Return $\exists (\groupelement{R}^*, \ch^*) \in \pset{Q}: \groupelement{R}^* = 2^c s^* \groupelement{B} - 2^c \ch^* \groupelement{A}$
\end{algorithmic}
\columnbreak
\begin{algorithmic}[1]
\begin{algorithmic}
\Statex \underline{\oracle \ioracle($\groupelement{R_i} \in \group{G}$)}
\State $\ch_i \randomsample \{0,1\}^{2b}$
\State $\pset{Q} \assign \pset{Q} \cup \{ (\groupelement{R}_i, \ch_i) \}$
@@ -49,7 +49,7 @@ This section shows that \igame implies the UF-NMA security of the EdDSA signatur
\hrule
\begin{multicols}{2}
\large
\begin{algorithmic}[1]
\begin{algorithmic}
\State \underline{\game $G_0$}
\State $(h_0, h_1, ..., h_{2b-1}) \randomsample \{0,1\}^{2b}$
\State $s \leftarrow 2^n + \sum_{i=c}^{n-1} 2^i h_i$
@@ -58,7 +58,7 @@ This section shows that \igame implies the UF-NMA security of the EdDSA signatur
\State \Return $\verify(\groupelement{A}, \m^*,\signature^*)$
\end{algorithmic}
\columnbreak
\begin{algorithmic}[1]
\begin{algorithmic}
\Statex \underline{\oracle $H(m \in \{0,1\}^*)$}
\State $\textbf{if } \sum[m] = \bot \textbf{ then}$
\State \quad $\sum[m] \randomsample \{0,1\}^{2b}$
@@ -88,13 +88,13 @@ This section shows that \igame implies the UF-NMA security of the EdDSA signatur
\vspace{1mm}
\begin{multicols}{2}
\large
\begin{algorithmic}[1]
\begin{algorithmic}
\Statex \underline{\textbf{Adversary} $\adversary{B}^{\ioracle(\inp)}(\groupelement{A})$}
\State $(\m^*, \signature^* \assign (\encoded{R}, S)) \randomassign \adversary{A}^{H(\inp)}(\groupelement{A})$
\State \Return $S$
\end{algorithmic}
\columnbreak
\begin{algorithmic}[1]
\begin{algorithmic}
\Statex \underline{\oracle $H(m \in \{0,1\}^*)$}
\State $\textbf{if } \sum[m] = \bot \textbf{ then}$
\State \quad $\textbf{if } \encoded{R} | \encoded{A} | m' \assign m \wedge \groupelement{R} \in \curve \textbf{ then}$

20
thesis/sections/security_of_eddsa/uf-nma_implies_suf-cma.tex
View File

@@ -24,7 +24,7 @@ This method of simulating the \Osign oracle and the resulting loss of advantage
\begin{figure}
\hrule
\vspace{1mm}
\begin{algorithmic}[1]
\begin{algorithmic}
\Statex \underline{\simalg(\groupelement{A})}
\State $\textbf{ch} \randomsample \{0,1\}^{2b}$
\State $s \randomsample \{0,1\}^{2b}$
@@ -41,7 +41,7 @@ This method of simulating the \Osign oracle and the resulting loss of advantage
\hrule
\begin{multicols}{2}
\large
\begin{algorithmic}[1]
\begin{algorithmic}
\Statex \underline{\game $G_0$ / \textcolor{blue}{$G_1$} / \textcolor{red}{$G_2$} / \textcolor{green}{$G_3$}}
\State $(h_0, h_1, ..., h_{2b-1}) \randomsample \{0,1\}^{2b}$
\State $s \leftarrow 2^n + \sum_{i=c}^{n-1} 2^i h_i$
@@ -50,7 +50,7 @@ This method of simulating the \Osign oracle and the resulting loss of advantage
\State \Return $\verify(\groupelement{A}, \m^*,\signature^*) \wedge (\m^*, \signature^*) \notin \pset{Q}$
\end{algorithmic}
\columnbreak
\begin{algorithmic}[1]
\begin{algorithmic}
\Statex \underline{\oracle \sign($\m \in \messagespace$)}
\Comment{$G_0 - G_2$}
\State $(r'_0, r'_1, ..., r'_{2b-1}) = RF(h_b | ... | h_{2b-1} | \m)$
@@ -78,14 +78,14 @@ This method of simulating the \Osign oracle and the resulting loss of advantage
\end{algorithmic}
\end{multicols}
\begin{multicols}{2}
\begin{algorithmic}[1]
\begin{algorithmic}
\Statex \underline{\oracle $H(\m \in \{0,1\}^*)$}
\State $\textbf{if } \sum[\m] = \bot \textbf{ then}$
\State \quad $\sum[\m] \randomsample \{0,1\}^{2b}$
\State \Return $\sum[\m]$
\end{algorithmic}
\columnbreak
\begin{algorithmic}[1]
\begin{algorithmic}
%TODO: Nummer vor Oracle
\BeginBox[draw=green]
\State \underline{\oracle \sign($\m \in \messagespace$)}
@@ -135,13 +135,13 @@ This method of simulating the \Osign oracle and the resulting loss of advantage
\hrule
\begin{multicols}{2}
\large
\begin{algorithmic}[1]
\begin{algorithmic}
\Statex \underline{\textbf{Adversary} $\adversary{B}^{H(\inp)}(\groupelement{A})$}
\State $(\m^*, \signature^*) \randomassign \adversary{A}^{H'(\inp), \sign(\inp)}(\groupelement{A})$
\State \Return $(\m^*, \signature^*)$
\end{algorithmic}
\columnbreak
\begin{algorithmic}[1]
\begin{algorithmic}
\Statex \underline{\oracle \sign($m \in \messagespace$)}
\State $(R,\textbf{ch},S) \randomassign \simalg(\groupelement{A})$
\State $\textbf{if } \sum[\encoded{R} | \encoded{A} | m] \neq \bot \textbf{ then}$
@@ -153,7 +153,7 @@ This method of simulating the \Osign oracle and the resulting loss of advantage
\State \Return $\signature$
\end{algorithmic}
\end{multicols}
\begin{algorithmic}[1]
\begin{algorithmic}
\Statex \underline{\oracle $H'(m \in \{0,1\}^*)$}
\State $\textbf{if } \sum[m] = \bot \textbf{ then}$
\State \quad $\sum[m] \assign H(m)$
@@ -203,7 +203,7 @@ This section shows that the UF-NMA security of EdDSA implies the EUF-CMA securit
\hrule
\begin{multicols}{2}
\large
\begin{algorithmic}[1]
\begin{algorithmic}
\Statex \underline{\textbf{Adversary} $\adversary{B}^{H(\inp)}(\groupelement{A})$}
\State $(\m^*, \signature^*) \randomassign \adversary{A}^{H'(\inp), \sign(\inp)}(\groupelement{A})$
\State \Return $(\m^*, \signature^*)$
@@ -221,7 +221,7 @@ This section shows that the UF-NMA security of EdDSA implies the EUF-CMA securit
\State \Return $\signature$
\end{algorithmic}
\end{multicols}
\begin{algorithmic}[1]
\begin{algorithmic}
\Statex \underline{\oracle $H'(m \in \{0,1\}^*)$}
\State $\textbf{if } \sum[m] = \bot \textbf{ then}$
\State \quad $\sum[m] \assign H(m)$