rixxc/masterthesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Formalized schmemes

Browse Source
This commit is contained in:
Aaron Kaiser
2023-04-30 13:51:54 +02:00
parent 397abfe5fe
commit cf19ceb0fe
5 changed files with 106 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
thesis/sections/mu_security_of_eddsa/omdl'_implies_mu-gamez.tex
View File

@@ -2,7 +2,7 @@
This section shows that \somdl implies MU-\igame using the Algebraic Group Model. The section starts by introducing a special variant of the one-more discrete logarithm problem followed by an intuition of the proof and at last giving a detailed security proof.
\paragraph{\underline{Introducing \sdlog}} Similar to \sdlog being a variant of the discrete logarithm problem the \somdl is a variant of the one-more discrete logarithm problem which represents the special distribution of secret keys resulting from the key generation algorithm of the EdDSA signature scheme. The only difference to the original one-more discrete logarithm game as introduced in \cite{JC:BNPS03} is that the secret scalars are chosen from the set $\{2^{n-1}, 2^{n-1} + 8, ..., 2^{n} - 8\}$ which represents all valid secret scalars regarding the key generation algorithm. A lower bound on the hardness of the \sdlog problem is further analyzed in section \ref{sec:somdl}. The \somdl game is depicted in figure \ref{fig:somdl}.
\paragraph{\underline{Introducing \somdl}} Similar to \sdlog being a variant of the discrete logarithm problem the \somdl is a variant of the one-more discrete logarithm problem which represents the special distribution of secret keys resulting from the key generation algorithm of the EdDSA signature scheme. The only difference to the original one-more discrete logarithm game as introduced in \cite{JC:BNPS03} is that the secret scalars are chosen from the set $\{2^{n-1}, 2^{n-1} + 8, ..., 2^{n} - 8\}$ which represents all valid secret scalars regarding the key generation algorithm. A lower bound on the hardness of the \somdl problem is further analyzed in section \ref{sec:somdl}. The \somdl game is depicted in figure \ref{fig:somdl}.
\begin{definition}[\somdl]
Let $n$ and $N$ be positive integer. For an adversary $\adversary{A}$ we define its advantage in the \somdl game as following:
@@ -116,7 +116,7 @@ This section shows that \somdl implies MU-\igame using the Algebraic Group Model
\Comment{$\groupelement{A_j} = a_j \groupelement{B}$}
\State \quad $r_b \assign r_b + r_{j+1} a_j$
\State $a_i \assign (2^c s^* - r_b)(r_i + 2^c \ch^*)^{-1}$
\Comment{$\groupelement{R} = r_b \groupelement{B} + r_i \groupelement{A_i}$}
\Comment{$\groupelement{R^*} = r_b \groupelement{B} + r_i \groupelement{A_i}$}
\State \Return $(a_1, a_2, ..., a_N)$
\end{algorithmic}
\vspace{2mm}