rixxc/masterthesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed set for secret scalar

Browse Source
This commit is contained in:
Aaron Kaiser
2023-05-15 09:19:48 +02:00
parent d3e1f77e60
commit 4de5dadc5c
5 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
thesis/sections/security_of_eddsa/dlog'_implies_gamez.tex
View File

@@ -7,7 +7,7 @@ This section shows that \sdlog implies \igame using the Algebraic Group Model. T
\paragraph{\underline{Introducing \sdlog}}
The \sdlog game is a variant of the discrete logarithm game which represents the clearing and setting of bits in the secret scalar during the EdDSA key generation. The only difference to the normal discrete logarithm game is that the secret scalars are not chosen uniformly random from $\field{L}$ with $L$ being the order of the generator but rather from the set $\{2^{n-1}, 2^{n-1} + 8, ..., 2^{n} - 8\}$. This set represents all valid private keys according to the key generation algorithm. The hardness of this version of the discrete logarithm problem is further analyzed in section \ref{sec:sdlog}. The \sdlog game is depicted in figure \ref{fig:sdlog}.
The \sdlog game is a variant of the discrete logarithm game which represents the clearing and setting of bits in the secret scalar during the EdDSA key generation. The only difference to the normal discrete logarithm game is that the secret scalars are not chosen uniformly random from $\field{L}$ with $L$ being the order of the generator but rather from the set $\{2^{n-1}, 2^{n-1} + 2^c, ..., 2^{n} - 2^c\}$. This set represents all valid private keys according to the key generation algorithm. The hardness of this version of the discrete logarithm problem is further analyzed in section \ref{sec:sdlog}. The \sdlog game is depicted in figure \ref{fig:sdlog}.
\begin{definition}[\sdlog]
\label{def:sdlog}
@@ -22,7 +22,7 @@ The \sdlog game is a variant of the discrete logarithm game which represents the
\vspace{1mm}
\begin{algorithmic}[1]
\Statex \underline{\game \sdlog}
\State $a \randomsample \{ 2^{n-1}, 2^{n-1} + 8, ..., 2^{n} - 8 \}$
\State $a \randomsample \{ 2^{n-1}, 2^{n-1} + 2^c, ..., 2^{n} - 2^c \}$
\State $\groupelement{A} \assign a \groupelement{B}$
\State $a' \randomassign \adversary{A}(\groupelement{A})$
\State \Return $a \test a'$

2
thesis/sections/security_of_eddsa/gamez_implies_uf-nma.tex
View File

@@ -16,7 +16,7 @@ This section shows that \igame implies the UF-NMA security of the EdDSA signatur
\large
\begin{algorithmic}[1]
\Statex \underline{\game \igame}
\State $a \randomsample \{2^{n-1}, 2^{n-1} + 8, ..., 2^n - 8\}$
\State $a \randomsample \{2^{n-1}, 2^{n-1} + 2^c, ..., 2^n - 2^c\}$
\State $\groupelement{A} \assign a \groupelement{B}$
\State $s^* \randomsample \adversary{A}^{\ioracle(\inp)}(\groupelement{A})$
\State \Return $\exists (\groupelement{R}^*, \ch^*) \in Q: \groupelement{R}^* = 2^c s^* \groupelement{B} - 2^c \ch^* \groupelement{A}$