rixxc/masterthesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Introduced some macros

Browse Source
This commit is contained in:
Aaron Kaiser
2023-02-24 10:42:26 +01:00
parent be6defc8bf
commit 438f0e0395
2 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
thesis/Abschlussarbeit.tex
View File

@@ -123,7 +123,7 @@ TODO
This section takes a closer look at the existing specifications of the EdDSA signature scheme and specifies a version which will be analyzed in this thesis.
This work will take a closer look at the UF-CMA security of the EdDSA signature scheme. EdDSA was introduced as the Ed25519 signature scheme using the twisted Edwards curve Edwards25519, which is birationally equivalent to the Weierstrass curve Curve25519 \cite{JCEng:BDLSY12}. Later in 2015 the paper "EdDSA for more Curves" by Bernstein et al. introduces a more general version of EdDSA \cite{EPRINT:BJLSY15}. The paper also introduces a variant of EdDSA using prehashing. The RFC 8032 "Edwards-Curve Digital Signature Algorithm (EdDSA)" from 2017 specifies a version of EdDSA with the inclusion of an additional input parameter \textit{context} for the Sign and Verify procedure \cite{josefsson_edwards-curve_2017}. This version was also included into the FIPS 186-5 "Digital Signature Standard (DSS)" standard \cite{moody_digital_2023}.
This work will take a closer look at the UF-CMA security of the EdDSA signature scheme. EdDSA was introduced as the Ed25519 signature scheme using the twisted Edwards curve Edwards25519, which is birationally equivalent to the Weierstrass curve Curve25519 \cite{JCEng:BDLSY12}. Later in 2015 the paper "EdDSA for more Curves" by Bernstein et al. introduces a more general version of EdDSA \cite{EPRINT:BJLSY15}. The paper also introduces a variant of EdDSA using prehashing. The RFC 8032 "Edwards-Curve Digital Signature Algorithm (EdDSA)" from 2017 specifies a version of EdDSA with the inclusion of an additional input parameter \textit{context} for the \sign and \verify procedure \cite{josefsson_edwards-curve_2017}. This version was also included into the FIPS 186-5 "Digital Signature Standard (DSS)" standard \cite{moody_digital_2023}.
In the prehashing variant of EdDSA the signature is calculated on the hash value of the message. The message is used twice during the generation of the signature. Thus the message needs to be buffered or transmitted twice during the generation of the signature. Therefore the prehashing variant offers an performance advantage on memory and bandwidth constraint devices. The context is an additional input parameter which has to be equal during generation and verification of the signature and is used to bind the signature to a given context.
@@ -170,7 +170,7 @@ The EdDSA signature scheme is defined using a twisted Edwards curve. Twisted Edw
$a, d$ & The curve parameter of the twisted Edwards curve. \\
$B$ & A generator point of the prime order subgroup of $E$. \\
$l$ & The order of the prime order subgroup. \\
$H'(\cdot)$ & A prehash function applied to the message prior to applying the sign or verify procedure.
$H'(\cdot)$ & A prehash function applied to the message prior to applying the \sign or \verify procedure.
\end{tabularx}
\end{table}
\end{center}
@@ -178,7 +178,7 @@ The EdDSA signature scheme is defined using a twisted Edwards curve. Twisted Edw
\begin{figure}
\caption{Generic description of the algorithms KeyGen, Sign and Verify used by the EdDSA signature scheme}
\caption{Generic description of the algorithms \keygen, \sign and \verify used by the EdDSA signature scheme}
\label{fig:eddsa}
\hrule
\begin{multicols}{3}
@@ -236,7 +236,7 @@ The chain of reductions can be depicted as:
In this section I will show that the UF-CMA security of EdDSA signature scheme implies the UF-NMA security of EdDSA signature scheme using the Random Oracle Model. I first start by providing an intuition for the proof followed by the detailed security proof.
\paragraph{intuition} The UF-NMA security definition is close to the security definition of UF-CMA but is missing the Sign oracle. To show that UF-NMA security implies UF-CMA security the reduction has to simulate the Sign oracle without the knowledge of the private key.
\paragraph{intuition} The UF-NMA security definition is close to the security definition of UF-CMA but is missing the \Osign oracle. To show that UF-NMA security implies UF-CMA security the reduction has to simulate the \Osign oracle without the knowledge of the private key.
The EdDSA signature scheme is based on the Schnorr signature scheme which basis is a canonical identification scheme onto which the Fiat-Shamir transformation is applied. This means EdDSA roughly follows the scheme by first calculating a commitment $R$, calculating a challenge $h$ using the hash function and then calculating the response $S$ based on commitment and challenge. The signature is the tuple of commitment and response.

10
thesis/macros.tex
View File

@@ -1,3 +1,11 @@
\newcommand{\randomsample}{\overset{{\scriptscriptstyle\$}}{\leftarrow}}
\newcommand{\assign}{:=}
\newcommand{\encoded}[1]{\underline{#1}}
\newcommand{\encoded}[1]{\underline{#1}}
% EdDSA procedures
\newcommand{\keygen}{KeyGen }
\newcommand{\sign}{Sign }
\newcommand{\verify}{Verify }
% Oracle
\newcommand{\Osign}{\textit{Sign} }