rixxc/masterthesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed equations in theorems

Browse Source
This commit is contained in:
Aaron Kaiser
2023-05-15 09:41:48 +02:00
parent dd76d800fc
commit 66ab947000
5 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
thesis/sections/eddsa.tex
View File

@@ -172,7 +172,7 @@ The EdDSA' signature scheme is depicted in figure \ref{fig:eddsa'}. The differen
Let $\adversary{A}$ be and adversary against SUF-CMA security of the EdDSA signature scheme. Then Let $\adversary{A}$ be and adversary against SUF-CMA security of the EdDSA signature scheme. Then
%TODO: richtigre Richtung? %TODO: richtigre Richtung?
\[ \advantage{\text{EdDSA'},\adversary{A}}{\cma}(\secparamter) \leq \advantage{\text{EdDSA},\adversary{A}}{\cma}(\secparamter) - \frac{2 (\hashqueries + 1)}{2^b}. \] \[ \advantage{\text{EdDSA'},\adversary{A}}{\cma}(\secparamter) \leq \advantage{\text{EdDSA},\adversary{A}}{\cma}(\secparamter) + \frac{2 (\hashqueries + 1)}{2^b}. \]
\end{theorem} \end{theorem}
\paragraph{\underline{Proof Overview}} \paragraph{\underline{Proof Overview}}

4
thesis/sections/mu_security_of_eddsa/mu-uf-nma_implies_mu-suf-cma.tex
View File

@@ -6,7 +6,7 @@ This section shows that the MU-UF-NMA security of the EdDSA signature scheme imp
\label{theorem:adv_mu-uf-nma} \label{theorem:adv_mu-uf-nma}
Let $n$ and $N$ be positive integer and $\adversary{A}$ an adversary against MU-SUF-CMA, making at most $\hashqueries$ hash queries and $\oraclequeries$ oracle queries. Then, Let $n$ and $N$ be positive integer and $\adversary{A}$ an adversary against MU-SUF-CMA, making at most $\hashqueries$ hash queries and $\oraclequeries$ oracle queries. Then,
\[ \advantage{\adversary{A}}{\text{MU-\cma}}(\secparamter) = \advantage{\adversary{B}}{\text{MU-UF-NMA}}(\secparamter) - \frac{\oraclequeries \hashqueries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}. \] \[ \advantage{\adversary{A}}{\text{MU-\cma}}(\secparamter) \leq \advantage{\adversary{B}}{\text{MU-UF-NMA}}(\secparamter) + \frac{\oraclequeries \hashqueries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}. \]
\end{theorem} \end{theorem}
\paragraph{\underline{Proof Overview}} This proof follows closely the proof in section \ref{proof:uf-nma_implies_suf-cma}. The only difference of both security notions is the missing \Osign oracle in MU-UF-NMA. For this reason the reduction has to simulate the \Osign oracle without the knowledge of the private keys. \paragraph{\underline{Proof Overview}} This proof follows closely the proof in section \ref{proof:uf-nma_implies_suf-cma}. The only difference of both security notions is the missing \Osign oracle in MU-UF-NMA. For this reason the reduction has to simulate the \Osign oracle without the knowledge of the private keys.
@@ -163,7 +163,7 @@ This section shows that MU-UF-NMA security of EdDSA implies the MU-EUF-CMA secur
\label{theorem:adv2_mu-uf-nma} \label{theorem:adv2_mu-uf-nma}
Let $n$ and $N$ be positive integer and $\adversary{A}$ an adversary against MU-EUF-CMA, making at most $\hashqueries$ hash queries and $\oraclequeries$ oracle queries. Then, Let $n$ and $N$ be positive integer and $\adversary{A}$ an adversary against MU-EUF-CMA, making at most $\hashqueries$ hash queries and $\oraclequeries$ oracle queries. Then,
\[ \advantage{\adversary{A}}{\text{MU-EUF-CMA}}(\secparamter) = \advantage{\adversary{B}}{\text{MU-UF-NMA}}(\secparamter) - \frac{\oraclequeries \hashqueries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}. \] \[ \advantage{\adversary{A}}{\text{MU-EUF-CMA}}(\secparamter) \leq \advantage{\adversary{B}}{\text{MU-UF-NMA}}(\secparamter) + \frac{\oraclequeries \hashqueries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}. \]
\end{theorem} \end{theorem}
\paragraph{\underline{Formal Proof}} \paragraph{\underline{Formal Proof}}

2
thesis/sections/mu_security_of_eddsa/omdl'_implies_mu-gamez.tex
View File

@@ -40,7 +40,7 @@ This section shows that \somdl implies MU-\igame using the Algebraic Group Model
\label{theorem:adv_omdl'} \label{theorem:adv_omdl'}
Let $\adversary{A}$ be an adversary against \igame with $\group{G}$ being a cyclic group of prime order $L$, making at most $\oraclequeries$ oracle queries. Then Let $\adversary{A}$ be an adversary against \igame with $\group{G}$ being a cyclic group of prime order $L$, making at most $\oraclequeries$ oracle queries. Then
\[ \advantage{\group{G},\adversary{A}}{\text{MU-\igame}}(\secparamter) \leq \advantage{\group{G},\adversary{B}}{\somdl}(\secparamter) - \frac{\oraclequeries N}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \]. \[ \advantage{\group{G},\adversary{A}}{\text{MU-\igame}}(\secparamter) \leq \advantage{\group{G},\adversary{B}}{\somdl}(\secparamter) + \frac{\oraclequeries N}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \].
\end{theorem} \end{theorem}
\paragraph{\underline{Proof Overview}} In the multi-user setting the adversary gets access to not only the generator $\groupelement{B}$ and one public key $\groupelement{A}$ but rather a set of public keys $\groupelement{A_1}$ to $\groupelement{A_N}$. For this reason the representation of a group element, the adversary has to provide looks the following: $\groupelement{R} = r_1 \groupelement{B} + r_2 \groupelement{A_1} + ... + r_{N+1} \groupelement{A_N}$. Since there are multiple group elements with unknown discrete logarithms it is not possible to directly calculate the discrete logarithm of one of the public keys given a valid forgery of a signature. Upon receiving a valid solution the \textit{DL} oracle can be used to get the discrete logarithm of all the public keys except the one for which the solution is valid. This way it again possible to construct a representation looking like $\groupelement{R} = r_1 \groupelement{B} + r_2 \groupelement{A_i}$. Then it is again possible to calculate the discrete logarithm of $\groupelement{A_i}$ and win the \somdl game. \paragraph{\underline{Proof Overview}} In the multi-user setting the adversary gets access to not only the generator $\groupelement{B}$ and one public key $\groupelement{A}$ but rather a set of public keys $\groupelement{A_1}$ to $\groupelement{A_N}$. For this reason the representation of a group element, the adversary has to provide looks the following: $\groupelement{R} = r_1 \groupelement{B} + r_2 \groupelement{A_1} + ... + r_{N+1} \groupelement{A_N}$. Since there are multiple group elements with unknown discrete logarithms it is not possible to directly calculate the discrete logarithm of one of the public keys given a valid forgery of a signature. Upon receiving a valid solution the \textit{DL} oracle can be used to get the discrete logarithm of all the public keys except the one for which the solution is valid. This way it again possible to construct a representation looking like $\groupelement{R} = r_1 \groupelement{B} + r_2 \groupelement{A_i}$. Then it is again possible to calculate the discrete logarithm of $\groupelement{A_i}$ and win the \somdl game.

2
thesis/sections/security_of_eddsa/dlog'_implies_gamez.tex
View File

@@ -37,7 +37,7 @@ The \sdlog game is a variant of the discrete logarithm game which represents the
\label{theorem:advgamez} \label{theorem:advgamez}
Let $\adversary{A}$ be an adversary against \igame with $\group{G}$ being a cyclic group of prime order $L$, making at most $\oraclequeries$ oracle queries. Then Let $\adversary{A}$ be an adversary against \igame with $\group{G}$ being a cyclic group of prime order $L$, making at most $\oraclequeries$ oracle queries. Then
\[ \advantage{\group{G},\adversary{A}}{\igame}(\secparamter) \leq \advantage{\group{G},\adversary{B}}{\sdlog}(\secparamter) - \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}. \] \[ \advantage{\group{G},\adversary{A}}{\igame}(\secparamter) \leq \advantage{\group{G},\adversary{B}}{\sdlog}(\secparamter) + \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}. \]
\end{theorem} \end{theorem}
\paragraph{\underline{Proof Overview}} \paragraph{\underline{Proof Overview}}

4
thesis/sections/security_of_eddsa/uf-nma_implies_suf-cma.tex
View File

@@ -7,7 +7,7 @@ This section shows that the UF-NMA security of EdDSA implies the \cma security o
\label{theorem:adv_uf-nma} \label{theorem:adv_uf-nma}
Let $\adversary{A}$ be an adversary against $\cma$, making at most $\hashqueries$ hash queries and $\oraclequeries$ oracle queries. Then, Let $\adversary{A}$ be an adversary against $\cma$, making at most $\hashqueries$ hash queries and $\oraclequeries$ oracle queries. Then,
\[ \advantage{\adversary{A}}{\text{\cma}}(\secparamter) = \advantage{\adversary{B}}{\text{UF-NMA}}(\secparamter) - \frac{\oraclequeries \hashqueries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}. \] \[ \advantage{\adversary{A}}{\text{\cma}}(\secparamter) \leq \advantage{\adversary{B}}{\text{UF-NMA}}(\secparamter) + \frac{\oraclequeries \hashqueries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}. \]
\end{theorem} \end{theorem}
\paragraph{\underline{Proof Overview}} The UF-NMA security definition is close to the security definition of \cma but is missing the \Osign oracle. To show that UF-NMA security implies \cma security the reduction has to simulate the \Osign oracle without the knowledge of the private key. \paragraph{\underline{Proof Overview}} The UF-NMA security definition is close to the security definition of \cma but is missing the \Osign oracle. To show that UF-NMA security implies \cma security the reduction has to simulate the \Osign oracle without the knowledge of the private key.
@@ -184,7 +184,7 @@ This section shows that the UF-NMA security of EdDSA implies the EUF-CMA securit
\label{theorem:adv2_uf-nma} \label{theorem:adv2_uf-nma}
Let $\adversary{A}$ be an adversary against EUF-CMA, making at most $\hashqueries$ hash queries and $\oraclequeries$ oracle queries. Then, Let $\adversary{A}$ be an adversary against EUF-CMA, making at most $\hashqueries$ hash queries and $\oraclequeries$ oracle queries. Then,
\[ \advantage{\adversary{A}}{\text{EUF-CMA}}(\secparamter) = \advantage{\adversary{B}}{\text{UF-NMA}}(\secparamter) - \frac{\oraclequeries \hashqueries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}. \] \[ \advantage{\adversary{A}}{\text{EUF-CMA}}(\secparamter) \leq \advantage{\adversary{B}}{\text{UF-NMA}}(\secparamter) + \frac{\oraclequeries \hashqueries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}. \]
\end{theorem} \end{theorem}
\paragraph{\underline{Formal Proof}} \paragraph{\underline{Formal Proof}}