Ended proof sections

2023-06-14 15:31:33 +02:00
parent 0da8add51b
commit 84b6119620
4 changed files with 14 additions and 0 deletions
--- a/thesis/sections/mu_security_of_eddsa/mu-gamez_implies_mu-uf-nma.tex
+++ b/thesis/sections/mu_security_of_eddsa/mu-gamez_implies_mu-uf-nma.tex
@@ -72,6 +72,8 @@ This section shows that MU-\igame implies MU-UF-NMA security of the EdDSA signat
 \end{figure}

 \begin{proof}
+	\item Now it is argued that the \ioracle oracle can be used to simulate the hash function in a way that the answer of the MU-UF-NMA adversary can be used as an valid solution for the MU-\igame challenger.
+	
 	\item Let $G_0$ be defined in figure \ref{fig:mu-igame_implies_mu-uf-nma}. Then $G_0$ is the same as MU-UF-NMA with EdDSA. By definition,
 	
 	\[ \advantage{\text{EdDSA}, \adversary{A}}{\text{MU-UF-NMA}}(\secparamter) = \Pr[\text{MU-UF-NMA}^{\adversary{A}} \Rightarrow 1 ] = \Pr[G_0^{\adversary{A}} \Rightarrow 1]. \]
--- a/thesis/sections/mu_security_of_eddsa/mu-uf-nma_implies_mu-suf-cma.tex
+++ b/thesis/sections/mu_security_of_eddsa/mu-uf-nma_implies_mu-suf-cma.tex
@@ -83,6 +83,8 @@ This section shows that the MU-UF-NMA security of the EdDSA signature scheme imp
 \end{figure}

 \begin{proof}
+	\item Now the original MU-SUF-CMA game is manipulated in a way that makes it possible to simulate signatures without the knowledge of the secret key. During each of the game-hops the probability for an adversary to detect this change is upper bounded.
+	
 	\item \paragraph{\underline{$G_0:$}} Let $G_0$ be defined in figure \ref{fig:mu-uf-nma_implies_mu-suf-cma_games} by excluding all boxes except the black one. $G_0$ is the MU-SUF-CMA for EdDSA. By definition,
 	
 	\[ \advantage{\text{EdDSA},\adversary{A}}{\text{MU-}\cma}(\secparamter) = \Pr[\text{\text{MU-}\cma}^{\adversary{A}} \Rightarrow 1] = \Pr[G_0^{\adversary{A}} \Rightarrow 1]. \]
--- a/thesis/sections/mu_security_of_eddsa/omdl'_implies_mu-gamez.tex
+++ b/thesis/sections/mu_security_of_eddsa/omdl'_implies_mu-gamez.tex
@@ -82,6 +82,8 @@ This section shows that \somdl implies MU-\igame using the algebraic group model
 \end{figure}

 \begin{proof}
+	\item Now the individual game-hops are analyzed and the probability, that an adversary can distinguish between two games, is upper bounded.
+	
 	\item \paragraph{\underline{$G_0$:}} Let $G_0$ be defined in figure \ref{fig:omdl'_implies_mu-igame} by excluding all boxes. Clearly, $G_0$ is the MU-\igame. By definition,
 	
 	\[ \advantage{\group{G},\adversary{A}}{\text{MU-\igame}}(\secparamter) = \Pr[\text{MU-\igame}^{\adversary{A}} \Rightarrow 1] = \Pr[G_0^{\adversary{A}} \Rightarrow 1]. \]