rixxc/masterthesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Streamlined advantage style

Browse Source
This commit is contained in:
Aaron Kaiser
2023-03-15 15:24:31 +01:00
parent fbc4da6906
commit 8217e67238
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
thesis/sections/security_of_eddsa/dlog'_implies_gamez.tex
View File

@@ -32,7 +32,7 @@ For an adversary $\adversary{A}$ we define its advantage in the \sdlog game as f
\label{theorem:advgamez} \label{theorem:advgamez}
Let $\adversary{A}$ be an adversary against \igame with $\group{G}$ being a cyclic group of prime order $L$, making at most $\oraclequeries$ oracle queries. Then Let $\adversary{A}$ be an adversary against \igame with $\group{G}$ being a cyclic group of prime order $L$, making at most $\oraclequeries$ oracle queries. Then
\[ \advantage{\igame,\adversary{A}}{\group{G}} \leq \advantage{\sdlog,\adversary{B}}{\group{G}} - \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \]. \[ \advantage{\group{G},\adversary{A}}{\igame}(k) \leq \advantage{\group{G},\adversary{B}}{\sdlog}(k) - \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \].
\end{theorem} \end{theorem}
\paragraph{\underline{Proof Overview}} \paragraph{\underline{Proof Overview}}
@@ -78,7 +78,7 @@ The adversary has to call the \ioracle oracle with a commitment $\groupelement{R
\item \paragraph{\underline{$G_0$:}} Let $G_0$ be \igame. By definition, \item \paragraph{\underline{$G_0$:}} Let $G_0$ be \igame. By definition,
% TODO: Hier Sicherheitsparameter? % TODO: Hier Sicherheitsparameter?
\[ \advantage{\group{G}}{\igame}(\adversary{A}) = \Pr[\igame^{\adversary{A}} \Rightarrow 1] = \Pr[G_0^{\adversary{A}} \Rightarrow 1] \]. \[ \advantage{\group{G},\adversary{A}}{\igame}(k) = \Pr[\igame^{\adversary{A}} \Rightarrow 1] = \Pr[G_0^{\adversary{A}} \Rightarrow 1] \].
\item \paragraph{\underline{$G_1$:}} Game $G_1$ is exactly the same as $G_0$ with the only change being the bad flag being set inside an if condition. The bad flag is set if $2^c \ch_i = -r_2$. This represents cases where not all solutions from the adversary $\adversary{A}$ can be used to calculate the discrete logarithm of $\groupelement{A}$. This is just a conceptual change since the behavior of the game does not change whether the flag is set or not. Hence, \item \paragraph{\underline{$G_1$:}} Game $G_1$ is exactly the same as $G_0$ with the only change being the bad flag being set inside an if condition. The bad flag is set if $2^c \ch_i = -r_2$. This represents cases where not all solutions from the adversary $\adversary{A}$ can be used to calculate the discrete logarithm of $\groupelement{A}$. This is just a conceptual change since the behavior of the game does not change whether the flag is set or not. Hence,
@@ -92,7 +92,7 @@ The adversary has to call the \ioracle oracle with a commitment $\groupelement{R
\item Finally, Game $G_2$ is well prepared to show that there exists an adversary $\adversary{B}$ satisfying \item Finally, Game $G_2$ is well prepared to show that there exists an adversary $\adversary{B}$ satisfying
\begin{align} \begin{align}
\Pr[G_2^{\adversary{A}} \Rightarrow 1] = \advantage{\sdlog}{\adversary{B}} \label{eq:advbsdlog} \Pr[G_2^{\adversary{A}} \Rightarrow 1] = \advantage{\group{G},\adversary{B}}{\sdlog}(k) \label{eq:advbsdlog}
\end{align} \end{align}
\begin{figure} \begin{figure}