rixxc/masterthesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed security parameter

Browse Source
This commit is contained in:
Aaron Kaiser
2023-04-05 12:38:22 +02:00
parent 2c92ebf8bd
commit d2765beab9
6 changed files with 54 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
thesis/sections/eddsa.tex
View File

@@ -136,7 +136,7 @@ The EdDSA' signature scheme is depicted in figure \ref{fig:eddsa'}. The differen
TODO. Then
%TODO: richtigre Richtung?
\[ \advantage{\text{EdDSA'},\adversary{A}}{\cma}(k) \leq \advantage{\text{EdDSA},\adversary{A}}{\cma}(k) - \frac{2\hashqueries}{2^b} \]
\[ \advantage{\text{EdDSA'},\adversary{A}}{\cma}(\secparamter) \leq \advantage{\text{EdDSA},\adversary{A}}{\cma}(\secparamter) - \frac{2\hashqueries}{2^b} \]
\end{theorem}
\paragraph{\underline{Proof Overview}}
@@ -214,7 +214,7 @@ The different games used in the proof are depicted in figure \ref{fig:eddsa'game
\begin{proof}
\item \paragraph{\underline{$G_0:$}} Let $G_0$ be defined in figure \ref{fig:eddsa'games} by excluding all boxes expect the grey filled ones and $G_0$ be $\cma_{\text{EdDSA}}$. By definition,
\[ \advantage{\text{EdDSA},\adversary{A}}{\cma}(k) = \Pr[\cma_{\text{EdDSA}}^{\adversary{A}} \Rightarrow 1] = \Pr[G_0^{\adversary{A}} \Rightarrow 1] \].
\[ \advantage{\text{EdDSA},\adversary{A}}{\cma}(\secparamter) = \Pr[\cma_{\text{EdDSA}}^{\adversary{A}} \Rightarrow 1] = \Pr[G_0^{\adversary{A}} \Rightarrow 1] \].
\item \paragraph{\underline{$G_1:$}} Let $G_1$ be defined by additionally including all blue boxes and excluding the grey filled boxes. This change inlines calls to the random oracle and introduces to if conditions in the random oracle which are setting a bad flag if the condition is triggert. Since the behavior of the game does not change the changes are conceptual and the probability of winning the game is not affected. Hence,
@@ -231,7 +231,7 @@ The different games used in the proof are depicted in figure \ref{fig:eddsa'game
%TODO: Signatur von RF genauer beschreiben?
\item \paragraph{\underline{$G_4:$}} $G_4$ replaces the blue filled boxes with the orange boxes. With this change the \cma game parameterized with the EdDSA' game is obtained. This change is only conceptual since the adversary is not able to query the random oracle with the inputs used for those calls and due to the nature of the random oracle model the adversary has no information on those values. Therefor an adversary can not differentiate between the values being the result of the hash function or chosen uniformly at random. Hence,
\[ \Pr[G_3^{\adversary{A}} \Rightarrow 1] = \Pr[G_4^{\adversary{A}} \Rightarrow 1] = \advantage{\text{EdDSA'},\adversary{A}}{\cma}(k) \].
\[ \Pr[G_3^{\adversary{A}} \Rightarrow 1] = \Pr[G_4^{\adversary{A}} \Rightarrow 1] = \advantage{\text{EdDSA'},\adversary{A}}{\cma}(\secparamter) \].
\item This proves theorem \ref{theorem:adveddsa'}.
\end{proof}