Minor improvement

2023-05-17 19:06:15 +02:00
parent f0c42eb088
commit f06df94438
1 changed files with 1 additions and 1 deletions
--- a/thesis/sections/related_work.tex
+++ b/thesis/sections/related_work.tex
@@ -18,4 +18,4 @@ The multi-user security of EdDSA was briefly analyzed in a paper by Bernstein af
 In 2016, Kiltz et. al. provided a tight bound on the multi-user security of Schorr signatures without the need for key-prefixing \cite{C:KilMasPan16}. The tightness was a result of the random self-reducibility property of the underlying canonical identification scheme. Again, this property cannot be achieved by the EdDSA due to the clamping introduced by the key generation algorithm.
-Instead, a different approach must be taken to abtain a tight security proof of the EdDSA signature scheme. Similar to a paper by Fuchsbauer et. al., the algebraic group model is used to directly prove the security of the EdDSA signature scheme under the discrete logarithm assumption \cite{EC:FucPloSeu20}.
+Instead, a different approach must be taken to abtain a tight security proof of the EdDSA signature scheme. Similar to a paper by Fuchsbauer et. al. \cite{EC:FucPloSeu20}, the algebraic group model is used to directly prove the security of the EdDSA signature scheme under the discrete logarithm assumption in the single-user setting and the one-more discrete logarithm assumption in the multi-user setting.
`@@ -18,4 +18,4 @@ The multi-user security of EdDSA was briefly analyzed in a paper by Bernstein af`

	`In 2016, Kiltz et. al. provided a tight bound on the multi-user security of Schorr signatures without the need for key-prefixing \cite{C:KilMasPan16}. The tightness was a result of the random self-reducibility property of the underlying canonical identification scheme. Again, this property cannot be achieved by the EdDSA due to the clamping introduced by the key generation algorithm.`	`In 2016, Kiltz et. al. provided a tight bound on the multi-user security of Schorr signatures without the need for key-prefixing \cite{C:KilMasPan16}. The tightness was a result of the random self-reducibility property of the underlying canonical identification scheme. Again, this property cannot be achieved by the EdDSA due to the clamping introduced by the key generation algorithm.`

	`Instead, a different approach must be taken to abtain a tight security proof of the EdDSA signature scheme. Similar to a paper by Fuchsbauer et. al., the algebraic group model is used to directly prove the security of the EdDSA signature scheme under the discrete logarithm assumption \cite{EC:FucPloSeu20}.`	`Instead, a different approach must be taken to abtain a tight security proof of the EdDSA signature scheme. Similar to a paper by Fuchsbauer et. al. \cite{EC:FucPloSeu20}, the algebraic group model is used to directly prove the security of the EdDSA signature scheme under the discrete logarithm assumption in the single-user setting and the one-more discrete logarithm assumption in the multi-user setting.`