diff --git a/thesis/macros.tex b/thesis/macros.tex index 1d5efc4..d2f72e1 100644 --- a/thesis/macros.tex +++ b/thesis/macros.tex @@ -23,14 +23,14 @@ \newcommand{\pset}[1]{\mathbf{#1}} % Special Dlog -\newcommand{\sdlog}{\text{DLog'}\xspace} -\newcommand{\somdl}{\text{OMDL'}\xspace} +\newcommand{\sdlog}{\text{Ed-DLog}\xspace} +\newcommand{\somdl}{\text{Ed-OMDL}\xspace} % SIM algotithm \newcommand{\simalg}{\textit{Sim}\xspace} % Intermediate Game -\newcommand{\igame}{\text{Game Z}\xspace} +\newcommand{\igame}{\text{IDLOG}\xspace} \newcommand{\ioracle}{\textit{Chall}\xspace} % EdDSA procedures diff --git a/thesis/sections/edggm/omdl.tex b/thesis/sections/edggm/omdl.tex index c8632aa..29e5e79 100644 --- a/thesis/sections/edggm/omdl.tex +++ b/thesis/sections/edggm/omdl.tex @@ -1 +1 @@ -\subsection{Bounds on OMDlog'} \label{sec:somdl} +\subsection{Bounds on \somdl} \label{sec:somdl} diff --git a/thesis/sections/introduction.tex b/thesis/sections/introduction.tex index 8d07d01..ce747ac 100644 --- a/thesis/sections/introduction.tex +++ b/thesis/sections/introduction.tex @@ -1,6 +1,6 @@ \section{Introduction} -The EdDSA signature scheme was first introduced in 2011 by Bernstein, Duif, Lange, Schwabe and Yang, instantiated as Ed25519 using the Edwards25519 twisted Edwards curve, in the paper "High-speed high-security signatures" \cite{CHES:BDLSY11}. In 2015 Bernstein et. al. published the paper "EdDSA fore more curves", which introduced a more general version the EdDSA signature scheme \cite{EPRINT:BJLSY15}. Due to its high performance and small signature size, the EdDSA signature scheme is very popular and widely used in applications such as TLS, SSH and the Signal protocol. From these papers came standards such as RFC 8032 \cite{josefsson_edwards-curve_2017} and FIPS 186-5 \cite{moody_digital_2023}. +The EdDSA signature scheme was first introduced in 2011 by Bernstein, Duif, Lange, Schwabe and Yang, instantiated as Ed25519 using the Edwards25519 twisted Edwards curve \cite{CHES:BDLSY11}. In 2015 Bernstein et. al. published a new paper, which introduced a more general version the EdDSA signature scheme \cite{EPRINT:BJLSY15}. Due to its high performance and small signature size, the EdDSA signature scheme is very popular and widely used in applications such as TLS, SSH and the Signal protocol. From these papers came standards such as RFC 8032 \cite{josefsson_edwards-curve_2017} and FIPS 186-5 \cite{moody_digital_2023}. The original paper focused on the performance of the signature scheme and did not provide a formal security analysis of the signature scheme. The EdDSA signature scheme is closely related to the Schnorr signature scheme. Although EdDSA is related to the Schnorr signature scheme, it contains some modifications that make the security proof of the Schnorr signature scheme inapplicable to EdDSA. Schnorr signature schemes are derived from a canonical identification scheme to which the Fiat-Schamir transformation is applied. diff --git a/thesis/sections/mu_security_of_eddsa/mu-gamez_implies_mu-uf-nma.tex b/thesis/sections/mu_security_of_eddsa/mu-gamez_implies_mu-uf-nma.tex index daa7faa..0e0236e 100644 --- a/thesis/sections/mu_security_of_eddsa/mu-gamez_implies_mu-uf-nma.tex +++ b/thesis/sections/mu_security_of_eddsa/mu-gamez_implies_mu-uf-nma.tex @@ -1,4 +1,4 @@ -\subsection{MU-\igame $\Rightarrow$ MU-UF-NMA (ROM)} +\subsection{MU-\igame $\overset{\text{ROM}}{\Rightarrow}$ MU-UF-NMA} This section shows that MU-\igame implies MU-UF-NMA security of the EdDSA signature scheme using the Random Oracle Model. The section starts by first providing an intuition of the proof followed by the detailed security proof. diff --git a/thesis/sections/mu_security_of_eddsa/mu-uf-nma_implies_mu-suf-cma.tex b/thesis/sections/mu_security_of_eddsa/mu-uf-nma_implies_mu-suf-cma.tex index 104db98..e142d9b 100644 --- a/thesis/sections/mu_security_of_eddsa/mu-uf-nma_implies_mu-suf-cma.tex +++ b/thesis/sections/mu_security_of_eddsa/mu-uf-nma_implies_mu-suf-cma.tex @@ -1,4 +1,4 @@ -\subsection{MU-UF-NMA $\Rightarrow$ $\text{MU-SUF-CMA}_{\text{EdDSA with strict parsing}}$ (ROM)} +\subsection{MU-UF-NMA $\overset{\text{ROM}}{\Rightarrow}$ $\text{MU-SUF-CMA}_{\text{EdDSA sp}}$} This section shows that the MU-UF-NMA security of the EdDSA signature scheme implies the MU-SUF-CMA security of the EdDSA signature scheme using the Random Oracle Model. The section starts with providing an intuition of the proof followed by the detailed security proof. @@ -155,7 +155,7 @@ Again the programmability of the random oracle together with the \simalg algorit \item This proves theorem \ref{theorem:adv_mu-uf-nma}. \end{proof} -\subsection{MU-UF-NMA $\Rightarrow$ $\text{MU-EUF-CMA}_{\text{EdDSA with lax parsing}}$ (ROM)} +\subsection{MU-UF-NMA $\overset{\text{ROM}}{\Rightarrow}$ $\text{MU-EUF-CMA}_{\text{EdDSA lp}}$} This section shows that MU-UF-NMA security of EdDSA implies the MU-EUF-CMA security of EdDSA with lax parsing using in the random oracle model. This proof is very similar to the proof MU-SUF-CMA proof of EdDSA with strict parsing. The modification to the games are the same as in the proof above with the only modifications being in the win condition, which is $\exists j \in \{1,2,...,N\}: \verify(\groupelement{A_j}, \m^*) \wedge (\groupelement{A_j}, \m^*) \notin \pset{Q}$. For this reason this proof starts at showing the existence of an adversary $\adversary{B}$ breaking MU-UF-NMA security. diff --git a/thesis/sections/mu_security_of_eddsa/omdl'_implies_mu-gamez.tex b/thesis/sections/mu_security_of_eddsa/omdl'_implies_mu-gamez.tex index 22632a7..5af56e0 100644 --- a/thesis/sections/mu_security_of_eddsa/omdl'_implies_mu-gamez.tex +++ b/thesis/sections/mu_security_of_eddsa/omdl'_implies_mu-gamez.tex @@ -1,4 +1,4 @@ -\subsection{\somdl $\Rightarrow$ MU-\igame (AGM)} +\subsection{\somdl $\overset{\text{AGM}}{\Rightarrow}$ MU-\igame} This section shows that \somdl implies MU-\igame using the Algebraic Group Model. The section starts by introducing a special variant of the one-more discrete logarithm problem followed by an intuition of the proof and at last giving a detailed security proof. diff --git a/thesis/sections/security_of_eddsa/dlog'_implies_gamez.tex b/thesis/sections/security_of_eddsa/dlog'_implies_gamez.tex index 444a0d6..943f21f 100644 --- a/thesis/sections/security_of_eddsa/dlog'_implies_gamez.tex +++ b/thesis/sections/security_of_eddsa/dlog'_implies_gamez.tex @@ -1,4 +1,4 @@ -\subsection{\sdlog $\Rightarrow$ \igame (AGM)} +\subsection{\sdlog $\overset{\text{AGM}}{\Rightarrow}$ \igame} \label{sec:sdlog_imlies_igame} %TODO check if all c_i's are replaced by chall_i diff --git a/thesis/sections/security_of_eddsa/gamez_implies_uf-nma.tex b/thesis/sections/security_of_eddsa/gamez_implies_uf-nma.tex index b978f95..3d4e989 100644 --- a/thesis/sections/security_of_eddsa/gamez_implies_uf-nma.tex +++ b/thesis/sections/security_of_eddsa/gamez_implies_uf-nma.tex @@ -1,4 +1,4 @@ -\subsection{\igame $\Rightarrow$ UF-NMA (ROM)} +f\subsection{\igame $\overset{\text{ROM}}{\Rightarrow}$ UF-NMA} This section shows that \igame implies the UF-NMA security of the EdDSA signature scheme using the Random Oracle Model. The section starts by first providing introducing an intermediate game \igame followed by an intuition of the proof and the detailed security proof.