Improved justification for tightness

thesis/sections/introduction.tex

@@ -12,7 +12,7 @@ In a 2020 paper, Brendel et al. showed that Ed25519 satisfies EUF-CMA and SUF-CM
 
 Tightness is a property of a security proof. A security proof is said to be tight if the probability of success of an adversary $\adversary{B}$ attacking problem B, constructed from adversary $\adversary{A}$ attacking problem A, is at most smaller than the probability of success of $\adversary{A}$ by a small constant factor.
 
-Tight security proofs are desirable because they provide a better approximation of the bit security of a signature scheme when instantiated with concrete primitives (such as groups or hash functions)\cite{SAC:ChaMenSar11}. A better approximation results in smaller parameters (such as the size of the group) yielding better bit security. This means that, with tighter security proofs, smaller primitives can be used to achieve the same level of security, and smaller primitives often result in more faster computations and therefore more efficient cryptographic schemes.
+Tight security proofs are desirable because they prove the security of multiple instantiations of a cryptographic scheme. In practice, cryptographic schemes are instantiated with primitives that are efficient in order to obtain an overall efficient scheme. If a security proof is not tight, it may not provide meaningful bounds on the security of the scheme, since it may be instantiated with efficient primitives that have parameters too small for the security proof to apply, and the use of less efficient schemes may be undesirable for performance reasons.
 
 For the Schnorr signature scheme, a tight security reduction can be achieved by using the algebraic group model and the random oracle model to directly show the EUF-CMA security under the discrete logarithm assumption, as shown by Fuchsbauer et al. \cite{EC:FucPloSeu20}.