fixed typo
This commit is contained in:
@@ -349,7 +349,7 @@ The adversary has to call the \ioracle oracle with a commitment $\groupelement{R
|
||||
\label{eq:Adlog}
|
||||
\end{align}
|
||||
|
||||
Assuming that $r_2 + 2^c c$ is invertable in $\field{L}$ (not equal to $0$) we can use both equations to calculate the discrete logarithm of $\groupelement{A}$. To ensure that $r_2 + 2^c c$ is invertable the reduction has to abort if $-r_2$ equals $2^c c$ with $c$ being randomly choosen in the \ioracle oracle.
|
||||
Assuming that $r_2 + 2^c c$ is invertible in $\field{L}$ (not equal to $0$) we can use both equations to calculate the discrete logarithm of $\groupelement{A}$. To ensure that $r_2 + 2^c c$ is invertible the reduction has to abort if $-r_2$ equals $2^c c$ with $c$ being randomly chosen in the \ioracle oracle.
|
||||
|
||||
\begin{figure}
|
||||
\hrule
|
||||
@@ -452,7 +452,7 @@ Game $G_0$ is defined in Figure \ref{fig:igamewithabort} by ignoring all boxes.
|
||||
|
||||
To prove (\ref{eq:advbsdlog}), we define an adversary $\adversary{B}$ attacking \sdlog that simulates $\adversary{A}$'s view on $G_2$. Adversary $\adversary{B}$ formally defined in figure \ref{fig:adversarybsdlog} is run in the \sdlog game and has access to \ioracle. \ioracle is perfectly simulated.
|
||||
|
||||
Finally, consider $\adversary{A}$ output $s^*$. If bad is not set $r_2 + 2^c c^*$ is invertable in $\field{L}$ and $(2^c s^* - r_1)(r_2 + 2^c c^*)^{-1}$ is the discrete logarithm of $\adversary{A}$ to the basis of $\adversary{B}$ as shown in (\ref{eq:Adlog}).
|
||||
Finally, consider $\adversary{A}$ output $s^*$. If bad is not set $r_2 + 2^c c^*$ is invertible in $\field{L}$ and $(2^c s^* - r_1)(r_2 + 2^c c^*)^{-1}$ is the discrete logarithm of $\adversary{A}$ to the basis of $\adversary{B}$ as shown in (\ref{eq:Adlog}).
|
||||
|
||||
\item This proves Theorem \ref{theorem:advgamez}.
|
||||
\end{proof}
|
||||
|
||||
Reference in New Issue
Block a user