rixxc/masterthesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

removed old TODO comments

Browse Source
This commit is contained in:
Aaron Kaiser
2023-03-02 11:23:26 +01:00
parent 0d5dbf0675
commit 8650907a75
1 changed files with 0 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
thesis/Abschlussarbeit.tex
View File

@@ -87,8 +87,6 @@ abstract
%Hauptteil der Arbeit
% TODO: Make citation links clickable
\section{Introduction}
Ed25519 is a signature scheme introduced by Bernstein, Duif, Lange, Schwabe, and Yang in 2012 \cite{JCEng:BDLSY12}. Ed25519 is a signature scheme defined for the Ed25519 twisted Edwards curve. In 2015 the paper "EdDSA for more curves" expanded the Ed25519 signature scheme to the more general EdDSA signature scheme \cite{EPRINT:BJLSY15}. Due to its high performance the EdDSA signature scheme is very popular and widely used in applications like TLS, SSH and the Signal protocol.
@@ -265,7 +263,6 @@ To make working with the random oracle easier in the following proofs some calls
This section takes a look at the single-user security of EdDSA. This is done by showing the \cma security of EdDSA assuming the security of a special version of the DLog problem. This special version is derived from the key generation procedure. Section \ref{sec:sdlog} provides a concrete bound on the security of this version of the DLog problem, which is a result of the special key generation algorithm used by EdDSA.
% TODO: richtige Richtung?
The proof starts by showing that the UF-NMA security of EdDSA implies \cma security of EdDSA in the Random Oracle Model. Next a intermediate game is introduced onto which the UF-NMA securtiy of EdDSA is reduced. At last, the security of the intermediate game is reduced onto the security of a special version of DLog.
The chain of reductions can be depicted as:
@@ -397,7 +394,6 @@ Game $G_0$ is defined in Figure \ref{fig:igamewithabort} by ignoring all boxes.
Let $\adversary{A}$ be an adversary that solves \igame with $\group{G}$ being a cyclic group of prime order $L$, making at most $\oraclequeries$ oracle queries. Then
% TODO: hard bezüglich ggen
% TODO: min entropy von {0,1}^{2b} mod L?
\[ \advantage{\igame}{\adversary{A}} \leq \advantage{\sdlog}{\adversary{B}} - \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \]
\end{theorem}
@@ -410,7 +406,6 @@ Game $G_0$ is defined in Figure \ref{fig:igamewithabort} by ignoring all boxes.
\[ \Pr[G_0^{\adversary{A}} \Rightarrow 1] = \Pr[G_1^{\adversary{A}} \Rightarrow 1] \]
% TODO: wählen von
\item \paragraph{\underline{$G_2:$}} Game $G_2$ aborts if the flag bad is set. For each individual \ioracle query the bad flag is set with probability at most $\frac{1}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}$. $-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})$ being the min entropy of $c \pmod L$ since $c$ is chosen from $\{0,1\}^{2b}$ uniformly at random and then reduced modulo $L$ in the check during the if condition. By the Union bound over all $\oraclequeries$ queries we obtain $\Pr[bad] = \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}$. Since $G_1$ and $G_2$ are identical-until-bad games, we have
\[ |\Pr[G_1^{\adversary{A}} \Rightarrow 1] - \Pr[G_2^{\adversary{A}} \Rightarrow 1]| \leq \Pr[bad] \leq \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \]