rixxc/masterthesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

simplified equations

Browse Source
This commit is contained in:
Aaron Kaiser
2023-07-12 22:11:02 +02:00
parent a75f324d8f
commit 8d6f37310c
10 changed files with 48 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
thesis/sections/security_of_eddsa/dlog'_implies_gamez.tex
View File

@@ -35,7 +35,7 @@ The \sdlog game is a variant of the discrete logarithm game that represents the
\label{theorem:advgamez}
Let $\adversary{A}$ be an adversary against \igame with $\group{G}$ being a cyclic group of prime order $L$, making at most $\oraclequeries$ oracle queries. Then
\[ \advantage{\group{G},\adversary{A}}{\igame}(\secparamter) \leq \advantage{\group{G},\adversary{B}}{\sdlog}(\secparamter) + \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}. \]
\[ \advantage{\group{G},\adversary{A}}{\igame}(\secparamter) \leq \advantage{\group{G},\adversary{B}}{\sdlog}(\secparamter) + \frac{\oraclequeries \lceil \frac{2^{2b} - 1}{L} \rceil}{2^{2b}}. \]
\end{theorem}
\paragraph{\underline{Proof Overview}}
@@ -109,7 +109,7 @@ The adversary must call the \ioracle oracle with a commitment $\groupelement{R}$
\item \paragraph{\underline{$G_2:$}} The game $G_2$ is aborted if the bad flag is set. For each individual \ioracle query, the $bad$ flag is set with probability at most $\frac{1}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}$. $\ch_i$ is chosen by the game after the adversary has provided the representation of $\groupelement{R_i}$ and thus the value of $r_2$. This way the adversary has no way to choose $\ch_i$ after $r_2$ and therefore cannot influence the probability of the abort being triggered. $-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})$ is the min entropy of $\ch_i \pmod L$. $\ch_i$ is chosen uniformly at random from $\{0,1\}^{2b}$ and then reduced modulo $L$ during the if condition check. By the union bound over all oracle queries $\oraclequeries$ we obtain $\Pr[bad] \leq \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}$. Since $G_1$ and $G_2$ are identical-until-bad games, we have
\[ |\Pr[G_1^{\adversary{A}} \Rightarrow 1] - \Pr[G_2^{\adversary{A}} \Rightarrow 1]| \leq \Pr[bad] \leq \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}. \]
\[ |\Pr[G_1^{\adversary{A}} \Rightarrow 1] - \Pr[G_2^{\adversary{A}} \Rightarrow 1]| \leq \Pr[bad] \leq \frac{\oraclequeries \lceil \frac{2^{2b} - 1}{L} \rceil}{2^{2b}}. \]
\item Finally, Game $G_2$ is well-prepared to show that there exists an adversary $\adversary{B}$ satisfying