rixxc/masterthesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed security parameter

Browse Source
This commit is contained in:
Aaron Kaiser
2023-04-05 12:38:22 +02:00
parent 2c92ebf8bd
commit d2765beab9
6 changed files with 54 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
thesis/sections/security_of_eddsa/dlog'_implies_gamez.tex
View File

@@ -11,7 +11,7 @@ The \sdlog game is a variant of the discrete logarithm game which represents the
\begin{definition}[\sdlog]
For an adversary $\adversary{A}$ we define its advantage in the \sdlog game as following:
\[ \advantage{\adversary{A}}{\sdlog}(k) \assign | \Pr[\sdlog^{\adversary{A}} \Rightarrow 1] | \].
\[ \advantage{\adversary{A}}{\sdlog}(\secparamter) \assign | \Pr[\sdlog^{\adversary{A}} \Rightarrow 1] | \].
\end{definition}
@@ -34,7 +34,7 @@ The \sdlog game is a variant of the discrete logarithm game which represents the
\label{theorem:advgamez}
Let $\adversary{A}$ be an adversary against \igame with $\group{G}$ being a cyclic group of prime order $L$, making at most $\oraclequeries$ oracle queries. Then
\[ \advantage{\group{G},\adversary{A}}{\igame}(k) \leq \advantage{\group{G},\adversary{B}}{\sdlog}(k) - \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \].
\[ \advantage{\group{G},\adversary{A}}{\igame}(\secparamter) \leq \advantage{\group{G},\adversary{B}}{\sdlog}(\secparamter) - \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \].
\end{theorem}
\paragraph{\underline{Proof Overview}}
@@ -97,7 +97,7 @@ The adversary has to call the \ioracle oracle with a commitment $\groupelement{R
\item \paragraph{\underline{$G_0$:}} Let $G_0$ be defined in figure \ref{fig:igamewithabort} by excluding all boxes and $G_0$ be \igame. By definition,
\[ \advantage{\group{G},\adversary{A}}{\igame}(k) = \Pr[\igame^{\adversary{A}} \Rightarrow 1] = \Pr[G_0^{\adversary{A}} \Rightarrow 1] \].
\[ \advantage{\group{G},\adversary{A}}{\igame}(\secparamter) = \Pr[\igame^{\adversary{A}} \Rightarrow 1] = \Pr[G_0^{\adversary{A}} \Rightarrow 1] \].
\item \paragraph{\underline{$G_1$:}} Game $G_1$ is exactly the same as $G_0$ with the only change being the bad flag being set inside an if condition. The bad flag is set if $2^c \ch_i = -r_2$. This represents cases where not all solutions from the adversary $\adversary{A}$ can be used to calculate the discrete logarithm of $\groupelement{A}$. This is just a conceptual change since the behavior of the game does not change whether the flag is set or not. Hence,
@@ -111,7 +111,7 @@ The adversary has to call the \ioracle oracle with a commitment $\groupelement{R
\item Finally, Game $G_2$ is well prepared to show that there exists an adversary $\adversary{B}$ satisfying
\begin{align}
\Pr[G_2^{\adversary{A}} \Rightarrow 1] = \advantage{\group{G},\adversary{B}}{\sdlog}(k) \label{eq:advbsdlog}
\Pr[G_2^{\adversary{A}} \Rightarrow 1] = \advantage{\group{G},\adversary{B}}{\sdlog}(\secparamter) \label{eq:advbsdlog}
\end{align}.
\begin{figure}