diff --git a/presentation/Ruhr-Universität_Bochum_logo.svg b/presentation/Ruhr-Universität_Bochum_logo.svg
new file mode 100644
index 0000000..6b8c7d0
--- /dev/null
+++ b/presentation/Ruhr-Universität_Bochum_logo.svg
@@ -0,0 +1,31 @@
+
+
+
+
+
diff --git a/presentation/TODO b/presentation/TODO
new file mode 100644
index 0000000..705879e
--- /dev/null
+++ b/presentation/TODO
@@ -0,0 +1,2 @@
+Zwischentitelfolien
+Name für SOMDL
diff --git a/presentation/beamercolorthemeRub.sty b/presentation/beamercolorthemeRub.sty
new file mode 100644
index 0000000..3463583
--- /dev/null
+++ b/presentation/beamercolorthemeRub.sty
@@ -0,0 +1,81 @@
+% Copyright 2007 by Till Tantau
+% Edited by Sebastian Jeworutzki 2012
+% This file may be distributed and/or modified
+%
+% 1. under the LaTeX Project Public License and/or
+% 2. under the GNU Public License.
+%
+% See the file doc/licenses/LICENSE for more details.
+
+\ProvidesPackage{beamercolorthemeRub}[27/09/12 15:22:18]
+
+% Paket graphicx laden
+\RequirePackage{graphicx}
+
+% Farben definieren
+\definecolor{gelbgruen}{cmyk}{0.5,0,1,0}
+\definecolor{lichtgrau}{cmyk}{0.03,0.03,0.03,0.1}
+\definecolor{saphierblau}{cmyk}{1,0.5,0,.6}
+\definecolor{alertred}{rgb}{0.80,0.12,0.12}
+
+% Farben für den Präsentationsmodus
+\mode
+
+% Farben den Strukturelementen zuordnen
+\setbeamercolor*{Title bar}{bg=white, fg=saphierblau}
+\setbeamercolor*{frametitle}{parent=Title bar}
+\setbeamercolor*{framesubtitle}{fg=saphierblau}
+
+\setbeamercolor*{block title}{bg=saphierblau,fg=white}
+\setbeamercolor*{block body}{bg=saphierblau!15,fg=black}
+\setbeamercolor{block title alerted}{bg=alertred, fg=white}
+\setbeamercolor{block body alerted}{bg=alertred!15,fg=black}
+\setbeamercolor{block title example}{bg=gelbgruen, fg=white}
+\setbeamercolor{block body example}{bg=gelbgruen!15,fg=black}
+
+
+% Titelseite
+\setbeamercolor*{title page}{fg=saphierblau}
+\setbeamercolor*{title}{fg=saphierblau}
+\setbeamercolor*{kopf}{fg=black, bg=lichtgrau}
+\setbeamercolor*{titlegraphic}{fg=saphierblau, bg=lichtgrau}
+\setbeamercolor*{date}{fg=gelbgruen}
+
+% Weitere Textelemente
+\setbeamercolor{example text}{fg=gelbgruen!50!black}
+\setbeamercolor*{alerted text}{fg=alertred}
+
+% Alle Strukturierungselemente wie Aufzählungzeichen in saphierblau
+\usecolortheme[named=saphierblau]{structure}
+
+% Farben für den „aufgeräumten Modus“
+\ifbeamer@empty
+\setbeamercolor{normal text}{fg=saphierblau,bg=white}
+\setbeamercolor*{Location bar}{fg=saphierblau,bg=white}
+\setbeamercolor*{section in head/foot}{fg=saphierblau,bg=white}
+\else
+\setbeamercolor{normal text}{fg=saphierblau,bg=lichtgrau}
+\setbeamercolor*{Location bar}{fg=saphierblau,bg=lichtgrau}
+\setbeamercolor*{section in head/foot}{fg=saphierblau,bg=lichtgrau}
+\fi
+
+% Farben für Handouts
+\mode
+% Bei Handout Hintergrundfarbe auf weiß setzten
+\setbeamercolor*{kopf}{fg=black, bg=white}
+\setbeamercolor*{titlegraphic}{fg=saphierblau, bg=white}
+\setbeamercolor{normal text}{fg=saphierblau,bg=white}
+\setbeamercolor*{Location bar}{fg=saphierblau,bg=white}
+\setbeamercolor*{section in head/foot}{fg=saphierblau,bg=white}
+\setbeamercolor*{normal text}{fg=saphierblau,bg=white} %Hintergrund
+\setbeamercolor*{Location bar}{fg=saphierblau,bg=white} %Fußzeile
+\setbeamercolor*{block title}{fg=saphierblau,bg=white}
+\setbeamercolor*{block body}{bg=white,fg=saphierblau}
+\setbeamercolor*{block title alerted}{bg=alertred, fg=white}
+\setbeamercolor*{block body alerted}{bg=alertred!15,fg=saphierblau}
+\setbeamercolor*{block title example}{bg=gelbgruen, fg=white}
+\setbeamercolor*{block body example}{bg=gelbgruen!15,fg=saphierblau}
+\setbeamercolor{structure}{fg=black}
+\setbeamercolor*{item}{fg=black!50}
+\mode
+
diff --git a/presentation/beamerfontthemeRub.sty b/presentation/beamerfontthemeRub.sty
new file mode 100644
index 0000000..d02a08f
--- /dev/null
+++ b/presentation/beamerfontthemeRub.sty
@@ -0,0 +1,64 @@
+% Copyright 2007 by Till Tantau
+% Edited by Sebastian Jeworutzki 2012
+% This file may be distributed and/or modified
+%
+% 1. under the LaTeX Project Public License and/or
+% 2. under the GNU Public License.
+%
+% See the file doc/licenses/LICENSE for more details.
+
+\ProvidesPackage{beamerfontthemeRub}[27/09/12 19:41:02]
+
+% Schriften aus dem Corporate Design laden
+
+% % ToDo: Vielleicht global verfuegbar machen?
+% % ifxetexorluatex seen at
+% % http://tex.stackexchange.com/a/47579
+\RequirePackage{ifxetex, ifluatex}
+
+\newif\ifxetexorluatex
+\ifxetex
+ \xetexorluatextrue
+\else
+ \ifluatex
+ \xetexorluatextrue
+ \else
+ \xetexorluatexfalse
+ \fi
+\fi
+
+\ifxetexorluatex
+ \RequirePackage{fontspec}
+ \setmainfont{RubFlama}
+ \setsansfont{RubFlama}
+ \setromanfont{RUB Scala TZ}
+\else
+ %\RequirePackage{rubfonts2009}
+ \RequirePackage[T1]{fontenc} %
+ \RequirePackage[utf8]{inputenc} % ToDo: Möglicherweise unerwünscht.
+\fi
+
+\mode
+
+% Schrift im Frametitle
+\setbeamerfont{section in head/foot}{size=\fontsize{6pt}{8pt}\selectfont,series=\normalfont}
+\setbeamerfont{block title}{size=\normalsize,series=\normalfont}
+\setbeamerfont{head author}{series=\normalfont,size=\fontsize{5pt}{1em}}
+\setbeamerfont{head institute}{series=\bfseries,size=\fontsize{5pt}{1em}}
+\setbeamerfont{frametitle}{size=\fontsize{14pt}{15pt}}
+
+% Title page: default
+\setbeamerfont{title}{series=\bfseries,size=\fontsize{14pt}{1.2em}}
+\setbeamerfont{subtitle}{series=\normalfont,size=\fontsize{14pt}{1.2em}}
+\setbeamerfont{date}{series=\bfseries,size=\fontsize{14pt}{1.2em}}
+\setbeamerfont{author}{series=\normalfont,size=\fontsize{8pt}{1em}}
+\setbeamerfont{institute}{series=\bfseries,size=\fontsize{8pt}{1em}}
+
+\mode
+% Bei Handout Blocküberschriften verändern
+\setbeamerfont{block title}{series=\itshape\bfseries}
+\setbeamerfont{block title alerted}{series=\bfseries}
+\setbeamerfont{block title example}{series=\itshape}
+
+\mode
+
\ No newline at end of file
diff --git a/presentation/beamericonarticle.pdf b/presentation/beamericonarticle.pdf
new file mode 100644
index 0000000..748cc74
Binary files /dev/null and b/presentation/beamericonarticle.pdf differ
diff --git a/presentation/beamericonbook.pdf b/presentation/beamericonbook.pdf
new file mode 100644
index 0000000..748cc74
Binary files /dev/null and b/presentation/beamericonbook.pdf differ
diff --git a/presentation/beamerinnerthemeRub.sty b/presentation/beamerinnerthemeRub.sty
new file mode 100644
index 0000000..c7ab7c8
--- /dev/null
+++ b/presentation/beamerinnerthemeRub.sty
@@ -0,0 +1,628 @@
+% Copyright 2007 by Till Tantau
+% Edited by: Sebastian Jeworutzki 2012
+%
+% This file may be distributed and/or modified
+%
+% 1. under the LaTeX Project Public License and/or
+% 2. under the GNU Public License.
+%
+% See the file doc/licenses/LICENSE for more details.
+
+\ProvidesPackage{beamerinnerthemeRub}[27/09/12 15:28:08]
+
+% Tikz wird benötigt
+\RequirePackage{tikz}
+
+% In den Präsentationsmodus wechseln
+\mode
+
+% Standard-Stil für die Titelseite festlegen:
+\DeclareOptionBeamer{alternativetitlepage}[normal]{\def\beamer@Rub@alternativetitlepage{#1}}
+\ExecuteOptionsBeamer{alternativetitlepage=normal}
+\ProcessOptionsBeamer
+
+%% Bild definieren:
+% Logo für die Titelseite
+\pgfdeclareimage[width=1.8cm]{logoTitle}{logo}
+
+% Bilder für das Literaturverzeichnis
+\pgfdeclareimage[width=14pt,height=12pt]{beamericonbook}{beamericonbook}
+\pgfdeclareimage[width=14pt,height=12pt]{beamericonbookshaded}{beamericonbook.20}
+\pgfaliasimage{beamericonbook.!20opaque}{beamericonbookshaded}
+\pgfaliasimage{beamericonbook.!15opaque}{beamericonbookshaded}
+\pgfaliasimage{beamericonbook.!10opaque}{beamericonbookshaded}
+\pgfaliasimage{beamericonbook.!5opaque}{beamericonbookshaded}
+\pgfaliasimage{beamericonbook.!2opaque}{beamericonbookshaded}
+\pgfdeclareimage[width=11pt,height=14pt]{beamericonarticle}{beamericonarticle}
+\pgfdeclareimage[width=11pt,height=14pt]{beamericonarticleshaded}{beamericonarticle.20}
+\pgfaliasimage{beamericonarticle.!20opaque}{beamericonarticleshaded}
+\pgfaliasimage{beamericonarticle.!15opaque}{beamericonarticleshaded}
+\pgfaliasimage{beamericonarticle.!10opaque}{beamericonarticleshaded}
+\pgfaliasimage{beamericonarticle.!5opaque}{beamericonarticleshaded}
+\pgfaliasimage{beamericonarticle.!2opaque}{beamericonarticleshaded}
+
+% Hilfsfunktion für das Sponsor-Logo
+\newcount\sponsor
+\sponsor=0
+
+\newcommand{\sponsorlogo}[2][\empty]{
+ \pgfdeclareimage[#1]{sponsor}{#2}
+ \sponsor=1
+ }
+
+% Funktion für das Titelbild Redefinieren -> Wenn diese nicht aufgerufen wird, MaxTitleImage nicht aufrufen
+\renewcommand\titlegraphic[1]{\def\inserttitlegraphicrub{#1}}
+\newcommand{\TitleImage}{\@ifundefined{inserttitlegraphicrub}{}{\MaxTitleImage}}
+
+% Funktion für das Titelbild
+% Sicherstellen, dass das Bild maximiert wird.
+\RequirePackage{calc}
+\newcommand{\MaxTitleImage}{
+ \newlength\graphicheight % Register anlegen
+ \newlength\graphicwidth
+ \setlength\graphicheight{\heightof{\includegraphics[width=\paperwidth]{\inserttitlegraphicrub}}} %Standard: an Breite orientieren und Breite messen
+ \setlength\graphicwidth{\widthof{\includegraphics[width=\paperwidth]{\inserttitlegraphicrub}}}
+ \ifdim \graphicheight<\paperheight % Sollte bei maximierter Breite, das Bild nicht hoch genug sein, an Höhe orientieren
+ \includegraphics[height=\paperheight, keepaspectratio = true]{\inserttitlegraphicrub}
+ \else
+ \includegraphics[width=\paperwidth, keepaspectratio = true]{\inserttitlegraphicrub}
+ \fi
+ }
+
+
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+% Title page
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+%% Normal
+\defbeamertemplate*{title page normal}{Rub} % Template definieren
+{ % Beginn der Definition: Normal
+\thispagestyle{empty}
+\begin{tikzpicture}[remember picture,overlay]
+ % Node mit dem weißen Hintergrund
+ \node[anchor=north west, inner sep=0pt] at (current page.north west)
+ {\begin{tikzpicture}
+ \draw[style={white, line width=0pt, fill=white}] (0,0) rectangle (0.90\paperwidth,0.9\paperheight);%8.2cm);
+ \end{tikzpicture}};
+ % Node mit dem Text
+ \node[anchor=north west, inner sep=0pt, xshift=1cm,yshift=-0.5cm] at (current page.north west) {
+ \begin{minipage}{11.5cm}
+ \begin{beamercolorbox}{title}
+ \begin{tiny}\textbf{RUHR-UNIVERSIT{\"A}T}~BOCHUM \end{tiny} \\ [1cm]
+ \usebeamerfont{title}\inserttitle\par%
+ \ifx\insertsubtitle\@empty% Falls kein Untertitel definiert wurde, nichts unternehmen
+ \else%
+ \vskip0.25em% Ansonsten Abstand und Untertitel einfügen
+ {\usebeamerfont{subtitle}\usebeamercolor[fg]{subtitle}\insertsubtitle\par}%
+ \fi%
+ \end{beamercolorbox}%
+ \vskip8pt%
+ \begin{beamercolorbox}{date}
+ \usebeamerfont{date}\insertdate
+ \end{beamercolorbox}
+ \vskip1em\par
+ \begin{beamercolorbox}{institute}
+ \usebeamerfont{institute}\insertinstitute
+ \end{beamercolorbox}
+ \begin{beamercolorbox}{author}
+ \usebeamerfont{author}\insertauthor
+ \end{beamercolorbox}
+ \vspace{2em}
+ % Sponsorlogo einfügen - sponosr ist 0, falls kein Bild angebeben wurde
+ \ifnum\sponsor>0
+ \pgfuseimage{sponsor}
+ \else
+ \fi
+ \vfill
+ \end{minipage}};
+ % Node mit dem Logo
+ \node[anchor=north west,xshift=-2.15cm, yshift=1pt, rectangle, inner sep=0pt,line width=0pt] at (current page.north east){\pgfuseimage{logoTitle}};
+\end{tikzpicture}
+} % Ende der Definition: Normal
+
+%% Alternativ
+\defbeamertemplate*{title page alternativ}{Rub}
+{ % Beginn der Definition: Alternativ
+\thispagestyle{empty}
+\begin{tikzpicture}[remember picture,overlay]
+% Erste Node: Setzt ganz oben links an, von dem Punkt aus kann dann in der zweiten tikzpicture Umgebung ausgegangen werden
+\node[anchor=north west, inner sep=0pt] at (current page.north west) {
+ \begin{tikzpicture}[remember picture,overlay]
+ % Node mit Titelgrafik.
+ \node[anchor=north west, inner sep=0pt,yshift=0cm,xshift=-2mm,line width=0pt] at (current page.north west) {\TitleImage};
+ %Logo
+ \node[anchor=north west,xshift=-2.45cm, yshift=1pt, rectangle, inner sep=0pt] at (current page.north east){\pgfuseimage{logoTitle}};
+ % Weißer Hintergrund. Das Bild wird überdeckt.
+ \draw[style={white, line width=0pt, fill=white}] (current page.south west) rectangle (\paperwidth,-52mm);
+ % Node mit dem Text
+ \node[anchor=north west, inner sep=0pt, xshift=7mm,yshift=-55mm] at (current page.north west) {
+ \begin{minipage}{\linewidth}
+ \begin{beamercolorbox}{title}
+% \pgfuseimage{wortmarkeTitle}\\[0.3cm]
+ \begin{tiny}\textbf{RUHR-UNIVERSIT{\"A}T}~BOCHUM \end{tiny} \\ [0.3cm]
+ \usebeamerfont{title}\inserttitle\par%
+ \ifx\insertsubtitle\@empty%
+ \else%
+ \vskip0.20em%
+ {\usebeamerfont{subtitle}\usebeamercolor[fg]{subtitle}\insertsubtitle\par}%
+ \fi%
+ \end{beamercolorbox}%
+ \vskip8pt%
+ \begin{beamercolorbox}{date}
+ \noindent\usebeamerfont{date}\insertdate
+ \end{beamercolorbox}
+ \vskip1em\par
+ \ifnum\sponsor=0 % Prüfen ob es ein Sponsorlogo gibt
+ \noindent\begin{minipage}{\linewidth} % wenn nein, ganze Zeile nutzen
+ \else
+ \begin{minipage}{8cm} % wenn ja, Platz fürs Logo lassen
+ \fi
+ \begin{beamercolorbox}[sep=0pt]{institute}
+ \noindent\usebeamerfont{institute}\insertinstitute
+ \end{beamercolorbox}
+ \begin{beamercolorbox}{author}
+ \noindent\usebeamerfont{author}\insertauthor
+ \end{beamercolorbox}
+ \end{minipage}
+ \vfill
+ \end{minipage}};
+\end{tikzpicture}};
+% Sponsor-Logo
+ \node[anchor=north west, xshift=-45mm, yshift=17mm, rectangle, inner sep=0pt, line width=0pt, minimum width=35mm, text height=15mm, minimum height=15mm] at (current page.south east){
+ \ifnum\sponsor>0
+ \pgfuseimage{sponsor}
+ \else
+ \fi};
+ \end{tikzpicture}
+} % Ende der Definition: Alternativ
+
+
+
+%% Alternativ mit großem Bild
+\defbeamertemplate*{title page bild}{Rub}
+{ % Beginn der Definition: Bild
+\thispagestyle{empty}
+\begin{tikzpicture}[remember picture,overlay]
+% Erste Node: Setzt ganz oben links an, von dem Punkt aus kann dann in der zweiten tikzpicture Umgebung ausgegangen werden
+\node[anchor=north west, inner sep=0pt] at (current page.north west) {
+ \begin{tikzpicture}[remember picture,overlay]
+ % Bild im Hintergrund
+ \node[anchor=north west, inner sep=0pt, xshift=-2mm] at (current page.north west) {\TitleImage};
+ % Weißer Fläche mit Text
+ \draw[style={white, line width=0pt, fill=white}] (current page.north west) rectangle (0.90\paperwidth,-45mm);
+ % Text
+ \node[anchor=north west, inner sep=0pt, xshift=.3cm,yshift=-0.5cm] at (current page.north west) {
+ \begin{minipage}{\linewidth}
+ \begin{beamercolorbox}{title}
+% \pgfuseimage{wortmarkeTitle}\\[0.3cm]
+ \begin{tiny}\textbf{RUHR-UNIVERSIT{\"A}T}~BOCHUM \end{tiny}\\ [0.3cm]
+ \usebeamerfont{title}\inserttitle\par%
+ \ifx\insertsubtitle\@empty%
+ \else%
+ \vskip0.20em%
+ {\usebeamerfont{subtitle}\usebeamercolor[fg]{subtitle}\insertsubtitle\par}%
+ \fi%
+ \end{beamercolorbox}%
+ \vskip0.5em\par
+ \begin{beamercolorbox}[sep=0pt]{date}
+ \usebeamerfont{date}\insertdate
+ \end{beamercolorbox}
+ \vskip1em\par
+ \ifnum\sponsor=0 % Prüfen ob es ein Sponsorlogo gibt
+ \begin{minipage}{\linewidth} % wenn nein, ganze Zeile nutzen
+ \else
+ \begin{minipage}{8cm} % wenn ja, Platz fürs Logo lassen
+ \fi
+ \begin{beamercolorbox}[sep=0pt]{institute}
+ \usebeamerfont{institute}\insertinstitute
+ \end{beamercolorbox}
+ \begin{beamercolorbox}{author}
+ \usebeamerfont{author}\insertauthor
+ \end{beamercolorbox}
+ \vspace{1cm}
+ \end{minipage}
+ \end{minipage}};
+
+ % Sponsor-Logo
+ \node[anchor=north west,xshift=-50mm, yshift=-29mm, rectangle, inner sep=0pt, line width=0pt, minimum width=35mm, text height=15mm, minimum height=15mm] at (current page.north east){
+ \ifnum\sponsor>0
+ \pgfuseimage{sponsor}
+ \else
+ \fi};
+
+ % Logo
+ \node[anchor=north west,xshift=-2.25cm, yshift=1pt, rectangle, inner sep=0pt, line width=0pt] at (current page.north east){\pgfuseimage{logoTitle}};
+ \end{tikzpicture}};
+ \end{tikzpicture}
+} % Ende der Definition: Bild
+
+
+%% Alternativ mit großem Bild/empty (aufgeräumter Modus)
+\defbeamertemplate*{title page bildempty}{Rub}
+{ % Beginn der Definition: Bild
+\thispagestyle{empty}
+\begin{tikzpicture}[remember picture,overlay]
+% Erste Node: Setzt ganz oben links an, von dem Punkt aus kann dann in der zweiten tikzpicture Umgebung ausgegangen werden
+\node[anchor=north west, inner sep=0pt] at (current page.north west) {
+ \begin{tikzpicture}[remember picture,overlay]
+ % Bild im Hintergrund
+ \node[anchor=north west, inner sep=0pt, xshift=-2mm] at (current page.north west) {\TitleImage};
+ % Text
+ \node[anchor=north west, inner sep=0pt, xshift=.3cm,yshift=-0.5cm] at (current page.north west) {
+ \begin{minipage}{\linewidth}
+ \begin{beamercolorbox}{title}
+% \pgfuseimage{wortmarkeTitle}\\[0.3cm]
+ \begin{tiny}\textbf{RUHR-UNIVERSIT{\"A}T}~BOCHUM \end{tiny} \\ [0.3cm]
+ \usebeamerfont{title}\inserttitle\par%
+ \ifx\insertsubtitle\@empty%
+ \else%
+ \vskip0.20em%
+ {\usebeamerfont{subtitle}\usebeamercolor[fg]{subtitle}\insertsubtitle\par}%
+ \fi%
+ \end{beamercolorbox}%
+ \begin{beamercolorbox}[sep=8pt]{date}
+ \usebeamerfont{date}\hspace{-0.5em}\insertdate
+ \end{beamercolorbox}
+ \vskip1em\par
+ \ifnum\sponsor=0 % Prüfen ob es ein Sponsorlogo gibt
+ \begin{minipage}{\linewidth} % wenn nein, ganze Zeile nutzen
+ \else
+ \begin{minipage}{8cm} % wenn ja, Platz fürs Logo lassen
+ \fi
+ \begin{beamercolorbox}[sep=-1pt]{institute}
+ \usebeamerfont{institute}\insertinstitute
+ \end{beamercolorbox}
+ \begin{beamercolorbox}{author}
+ \usebeamerfont{author}\insertauthor
+ \end{beamercolorbox}
+ \vspace{1cm}
+ \end{minipage}
+ \end{minipage}};
+
+ % Sponsor-Logo
+ \node[anchor=north west,xshift=-50mm, yshift=-29mm, rectangle, inner sep=0pt, line width=0pt, minimum width=35mm, text height=15mm, minimum height=15mm] at (current page.north east){
+ \ifnum\sponsor>0
+ \pgfuseimage{sponsor}
+ \else
+ \fi};
+
+ % Logo
+ \node[anchor=south west,xshift=3mm, yshift=3mm, rectangle, inner sep=0pt, line width=0pt] at (current page.south west){\pgfuseimage{logoTitle}};
+ \end{tikzpicture}};
+ \end{tikzpicture}
+} % Ende der Definition: Bild
+
+
+% Optionen zum Titelseitenformat ausführen
+\defbeamertemplate*{title page}{Rub}[1][]
+{
+\usebeamertemplate{title page \beamer@Rub@alternativetitlepage}% hier wird der Wert der Variable aus dem Optionsfeld eingesetzt, und somit das entsprechende Titelbild definiert
+}
+
+% Macro zum Aufruf der Titelseite (um Fußzeile zu löschen)
+\newcommand{\titleframe}{
+\setbeamertemplate{footline}{}
+\setbeamertemplate{headline}{}
+\frame{\titlepage}
+\setbeamertemplate{footline}[Rub theme]
+\setbeamertemplate{headline}[Rub theme]
+ }
+
+
+% Part page: Rub
+\defbeamertemplate*{part page}{Rub}[1][]
+{
+ \begin{centering}
+ {\usebeamerfont{part name}\usebeamercolor[fg]{part name}\partname~\insertromanpartnumber}
+ \vskip1em\par
+ \begin{beamercolorbox}[sep=8pt,center,#1]{part title}
+ \usebeamerfont{part title}\insertpart\par
+ \end{beamercolorbox}
+ \end{centering}
+}
+
+
+%
+% Table of contents
+%
+
+%\defbeamertemplateparent{sections/subsections in toc}{section in toc,subsection in toc,subsubsection in toc}
+{}
+
+%\defbeamertemplateparent{sections/subsections in toc shaded}{section in toc shaded,subsection in toc shaded,subsubsection in toc shaded}[1][20]
+%{[#1]}
+
+
+% (sub-)section in toc: Rub
+\defbeamertemplate*{section in toc}{Rub}
+{\inserttocsection\par}
+
+\defbeamertemplate*{subsection in toc}{Rub}
+{\leavevmode\leftskip=1.5em\inserttocsubsection\par}
+
+\defbeamertemplate*{subsubsection in toc}{Rub}
+{\leavevmode\normalsize\usebeamerfont{subsection in toc}\leftskip=3em%
+ \usebeamerfont{subsubsection in toc}\inserttocsubsubsection\par}
+
+
+% (sub-)section in toc shaded, Rub
+\defbeamertemplate*{section in toc shaded}{Rub}[1][20]
+{\begin{colormixin}{#1!parent.bg}\usebeamertemplate{section in toc}\end{colormixin}\unskip}
+
+\defbeamertemplate*{subsection in toc shaded}{Rub}[1][20]
+{\begin{colormixin}{#1!parent.bg}\usebeamertemplate{subsection in toc}\end{colormixin}\unskip}
+
+\defbeamertemplate*{subsubsection in toc shaded}{Rub}[1][20]
+{\begin{colormixin}{#1!parent.bg}\usebeamertemplate{subsubsection in toc}\end{colormixin}\unskip}
+
+
+
+
+
+%
+% Item
+%
+%\defbeamertemplateparent{items}{itemize items,enumerate items}
+%{}
+
+
+% Itemize items
+%\defbeamertemplateparent{itemize items}{itemize item,itemize subitem,itemize subsubitem}
+%{}
+
+
+% Itemize items, Rub
+\defbeamertemplate*{itemize item}{Rub}{\scriptsize\raise1.25pt\hbox{\donotcoloroutermaths$\blacktriangleright$}}
+\defbeamertemplate*{itemize subitem}{Rub}{\tiny\raise1.5pt\hbox{\donotcoloroutermaths$\blacktriangleright$}}
+\defbeamertemplate*{itemize subsubitem}{Rub}{\tiny\raise1.5pt\hbox{\donotcoloroutermaths$\blacktriangleright$}}
+
+
+% Enumerate items, Rub
+%\defbeamertemplateparent{enumerate items}{enumerate item,enumerate subitem,enumerate subsubitem,enumerate mini}
+%{}
+
+\defbeamertemplate*{enumerate item}{Rub}{\insertenumlabel.}
+\defbeamertemplate*{enumerate subitem}{Rub}{\insertenumlabel.\insertsubenumlabel}
+\defbeamertemplate*{enumerate subsubitem}{Rub}{\insertenumlabel.\insertsubenumlabel.\insertsubsubenumlabel}
+\defbeamertemplate*{enumerate mini template}{Rub}{\insertenumlabel}
+
+
+% Description item width
+\defbeamertemplate*{description item}{Rub}{\insertdescriptionitem}
+
+
+
+% Itemize/Enumerate body
+\defbeamertemplate*{itemize/enumerate body begin}{Rub}{}
+\defbeamertemplate*{itemize/enumerate body end}{Rub}{}
+
+\defbeamertemplate*{itemize/enumerate subbody begin}{Rub}{}
+\defbeamertemplate*{itemize/enumerate subbody end}{Rub}{}
+
+\defbeamertemplate*{itemize/enumerate subsubbody begin}{Rub}{}
+\defbeamertemplate*{itemize/enumerate subsubbody end}{Rub}{}
+
+
+
+% Alerted text
+\defbeamertemplate*{alerted text begin}{Rub}{\setbeamercolor{local structure}{parent=alerted text}}
+
+
+
+% Structured text
+% empyt Rubs
+
+
+% Bibliography items
+\defbeamertemplate*{bibliography item}{Rub}
+{\hspace{3.2mm}\lower3.5pt\hbox{\hskip2pt\pgfuseimage{beamericonarticle}\hskip1pt}}
+
+\defbeamertemplate*{bibliography entry article}{Rub}{}
+\defbeamertemplate*{bibliography entry title}{Rub}{\par}
+\defbeamertemplate*{bibliography entry location}{Rub}{\par}
+\defbeamertemplate*{bibliography entry note}{Rub}{\par}
+
+
+% Buttons
+\newdimen\beamer@dima%
+\newdimen\beamer@dimb%
+
+\defbeamertemplate*{button}{Rub}
+{%
+ \setbox\beamer@tempbox=\hbox{{\insertbuttontext}}%
+ \ht\beamer@tempbox=6pt%
+ \dp\beamer@tempbox=0pt%
+ \setbox\beamer@tempbox=\vbox{\box\beamer@tempbox\vskip2pt}%
+ \beamer@tempdim=\wd\beamer@tempbox%
+ \beamer@dima=\beamer@tempdim\advance\beamer@dima by2.2pt
+ \beamer@dimb=\beamer@tempdim\advance\beamer@dimb by4pt
+ \begin{pgfpicture}{-4pt}{0pt}{\the\beamer@tempdim}{8pt}
+ \color{bg}
+ \pgfsetlinewidth{0.8pt}
+ \pgfpathqmoveto{0pt}{0pt}
+ \pgfpathqcurveto{-2.2pt}{0pt}{-4pt}{1.8pt}{-4pt}{4pt}
+ \pgfpathqcurveto{-4pt}{6.2pt}{-2.2pt}{8pt}{0pt}{8pt}
+ \pgfpathlineto{\pgfpoint{\the\beamer@tempdim}{8pt}}
+ \pgfpathcurveto%
+ {\pgfpoint{\the\beamer@dima}{8pt}}%
+ {\pgfpoint{\the\beamer@dimb}{6.2pt}}%
+ {\pgfpoint{\the\beamer@dimb}{4pt}}
+ \pgfpathcurveto%
+ {\pgfpoint{\the\beamer@dimb}{1.8pt}}%
+ {\pgfpoint{\the\beamer@dima}{0pt}}%
+ {\pgfpoint{\the\beamer@tempdim}{0pt}}
+ \pgfpathclose
+ \pgfusepathqfill
+ \colorlet{bg}{parent.bg}
+ \usebeamercolor[fg]{button border}
+ \pgfpathqmoveto{0pt}{0pt}
+ \pgfpathqcurveto{-2.2pt}{0pt}{-4pt}{1.8pt}{-4pt}{4pt}
+ \pgfpathqcurveto{-4pt}{6.2pt}{-2.2pt}{8pt}{0pt}{8pt}
+ \pgfpathlineto{\pgfpoint{\the\beamer@tempdim}{8pt}}
+ \pgfpathcurveto%
+ {\pgfpoint{\the\beamer@dima}{8pt}}%
+ {\pgfpoint{\the\beamer@dimb}{6.2pt}}%
+ {\pgfpoint{\the\beamer@dimb}{4pt}}
+ \pgfpathcurveto%
+ {\pgfpoint{\the\beamer@dimb}{1.8pt}}%
+ {\pgfpoint{\the\beamer@dima}{0pt}}%
+ {\pgfpoint{\the\beamer@tempdim}{0pt}}
+ \pgfpathclose
+ \pgfusepathqstroke
+ \end{pgfpicture}%
+ \hskip-\beamer@tempdim%
+ \box\beamer@tempbox%
+ \kern4pt%
+}
+
+
+% Abstract
+\defbeamertemplate*{abstract title}{Rub}
+{%
+ \begin{center}%
+ \abstractname
+ \end{center}%
+}
+
+\defbeamertemplate*{abstract begin}{Rub}
+{\beamercolorbox[vmode]{abstract}\leftskip2em\rightskip2em plus 1fill\usebeamerfont*{abstract}}
+
+\defbeamertemplate*{abstract end}{Rub}
+{\medskip\endbeamercolorbox}
+
+
+% Verse
+\defbeamertemplate*{verse begin}{Rub}
+{\beamercolorbox[vmode]{verse}}
+
+\defbeamertemplate*{verse end}{Rub}
+{\endbeamercolorbox}
+
+
+% Quotation
+\defbeamertemplate*{quotation begin}{Rub}
+{\beamercolorbox[vmode]{quotation}}
+
+\defbeamertemplate*{quotation end}{Rub}
+{\endbeamercolorbox}
+
+
+% Quote
+\defbeamertemplate*{quote begin}{Rub}
+{\beamercolorbox[vmode]{quote}}
+
+\defbeamertemplate*{quote end}{Rub}
+{\endbeamercolorbox}
+
+
+% Footnotes
+\defbeamertemplate*{footnote}{Rub}
+{
+ \parindent 1em\noindent%
+ \raggedright
+ \hbox to 1.8em{\hfil\insertfootnotemark}\insertfootnotetext\par%
+}
+
+
+% Captions
+\defbeamertemplate*{caption}{Rub}
+{%
+ \raggedright
+ {%
+ \usebeamercolor[fg]{caption name}%
+ \usebeamerfont*{caption name}%
+ \insertcaptionname:%
+ }
+ \insertcaption\par
+}
+
+
+% Blocks
+\defbeamertemplate*{block begin}{Rub}
+{
+ \par\vskip\medskipamount%
+ \begin{beamercolorbox}[colsep*=.75ex]{block title}
+ \usebeamerfont*{block title}\insertblocktitle%
+ \end{beamercolorbox}%
+ {\parskip0pt\par}%
+ \ifbeamercolorempty[bg]{block title}
+ {}
+ {\ifbeamercolorempty[bg]{block body}{}{\nointerlineskip\vskip-0.5pt}}%
+ \usebeamerfont{block body}%
+ \begin{beamercolorbox}[colsep*=.75ex,vmode]{block body}%
+ \ifbeamercolorempty[bg]{block body}{\vskip-.25ex}{\vskip-.75ex}\vbox{}%
+}
+\defbeamertemplate*{block end}{Rub}
+{\end{beamercolorbox}\vskip\smallskipamount}
+
+\defbeamertemplate*{block alerted begin}{Rub}
+{
+ \par\vskip\medskipamount%
+ \begin{beamercolorbox}[colsep*=.75ex]{block title alerted}
+ \usebeamerfont*{block title alerted}\insertblocktitle%
+ \end{beamercolorbox}%
+ {\parskip0pt\par}%
+ \ifbeamercolorempty[bg]{block title alerted}
+ {}
+ {\ifbeamercolorempty[bg]{block body alerted}{}{\nointerlineskip\vskip-0.5pt}}%
+ \usebeamerfont{block body alerted}%
+ \begin{beamercolorbox}[colsep*=.75ex,vmode]{block body alerted}%
+ \ifbeamercolorempty[bg]{block body alerted}{\vskip-.25ex}{\vskip-.75ex}\vbox{}%
+}
+
+\defbeamertemplate*{block alerted end}{Rub}
+{\end{beamercolorbox}\vskip\smallskipamount}
+
+
+\defbeamertemplate*{block example begin}{Rub}
+{
+ \par\vskip\medskipamount%
+ \begin{beamercolorbox}[colsep*=.75ex]{block title example}
+ \usebeamerfont*{block title example}\insertblocktitle%
+ \end{beamercolorbox}%
+ {\parskip0pt\par}%
+ \ifbeamercolorempty[bg]{block title example}
+ {}
+ {\ifbeamercolorempty[bg]{block body example}{}{\nointerlineskip\vskip-0.5pt}}%
+ \usebeamerfont{block body example}%
+ \begin{beamercolorbox}[colsep*=.75ex,vmode]{block body example}%
+ \ifbeamercolorempty[bg]{block body example}{\vskip-.25ex}{\vskip-.75ex}\vbox{}%
+}
+\defbeamertemplate*{block example end}{Rub}
+{\end{beamercolorbox}\vskip\smallskipamount}
+
+% Theorems
+%\defbeamertemplateparent{theorems}{theorem begin,theorem end}
+%{}
+
+\defbeamertemplate*{theorem begin}{Rub}
+{%
+ \begin{\inserttheoremblockenv}
+ {%
+ \inserttheoremname
+ \ifx\inserttheoremaddition\@empty\else\ (\inserttheoremaddition)\fi%
+ }%
+}
+
+\defbeamertemplate*{theorem end}{Rub}
+{\end{\inserttheoremblockenv}}
+
+
+% Proofs
+\defbeamertemplate*{proof begin}{Rub}
+{\begin{block}{\insertproofname}}
+
+\defbeamertemplate*{proof end}{Rub}
+{\end{block}}
+
+\defbeamertemplate*{qed symbol}{Rub}
+{\openbox}
+
+
+\setbeamertemplate{sections/subsections in toc}[square]
+\setbeamertemplate{items}[square]
+
+
+\mode
+
diff --git a/presentation/beamerouterthemeRub.sty b/presentation/beamerouterthemeRub.sty
new file mode 100644
index 0000000..7aa65c3
--- /dev/null
+++ b/presentation/beamerouterthemeRub.sty
@@ -0,0 +1,104 @@
+% Copyright 2007 by Till Tantau
+% Edited by Sebastian Jeworutzki 2012
+% This file may be distributed and/or modified
+%
+% 1. under the LaTeX Project Public License and/or
+% 2. under the GNU Public License.
+%
+% See the file doc/licenses/LICENSE for more details.
+
+\ProvidesPackage{beamerouterthemeRub}[27/09/12 15:35:45]
+
+% Tikz wird benötigt
+\RequirePackage{tikz}
+
+% Einige benötigte Längenvariablen erzeugen
+\newdimen\beamer@Rubwidth
+\newdimen\beamer@headheight
+\beamer@headheight=0.17\paperheight
+
+\mode
+
+\defbeamertemplate*{frametitle}{Rub theme}
+ {%
+ \begin{tikzpicture}[remember picture, overlay]
+ % Erste Node: Setzt ganz oben links an, von dem Punkt aus kann dann in der zweiten tikzpicture Umgebung ausgegangen werden
+\node[anchor=north west, inner sep=0pt] at (current page.north west) {
+ \begin{tikzpicture}[remember picture,overlay]
+ % Wegen der Maße werden die Bilder in der picture Umgebung definiert
+ \pgfdeclareimage[height=0.13\paperheight]{logo}{logo}
+ % Weißer Hintergrund für den Frame Title
+ \draw[anchor=north west, inner sep=0pt,style={white, line width=0pt, fill=white}] (current page.north west)
+ rectangle (0.9\paperwidth,-0.16\paperheight);
+
+ % Logo oben
+ \ifbeamer@empty % Nicht im Empty-Modus ausführen
+ \else
+ \node[anchor=north east,xshift=-0.05\paperwidth, rectangle, inner sep=0pt, yshift=1pt] at (current page.north east) {\pgfuseimage{logo}};
+ % Wortmarke oben
+ \node[anchor=west,xshift=0.03\paperwidth,yshift=-0.03\paperheight, rectangle, inner sep=0pt] at (current page.north west) { \begin{tiny}\textbf{RUHR-UNIVERSIT{\"A}T}~BOCHUM\end{tiny} };
+ \fi
+ % Node mit dem Text
+ \node[anchor=north west,xshift=0.03\paperwidth,yshift=-0.06\paperheight, rectangle, inner sep=0pt] at (current page.north west) {
+ \begin{minipage}{0.82\paperwidth}
+ % Institute ist überflüssig
+ %\ifx\insertinstitute\@empty%
+ % \else%
+ % \usebeamerfont{head institute}\insertinstitute\\[0.7em]
+ % \fi%
+ % \usebeamerfont{head author}\insertauthor
+ \usebeamerfont*{frametitle}\color{saphierblau}{\textbf{\insertframetitle}}
+ \ifx\insertframesubtitle\@empty%
+ \else%
+ \newline\usebeamerfont*{framesubtitle}\color{saphierblau}{\insertframesubtitle}
+ \fi%
+ \ifbeamer@section
+ \par
+ \usebeamerfont{section in head/foot} \insertsubsectionhead
+ \fi
+ \end{minipage}};
+ \end{tikzpicture}};
+\end{tikzpicture}
+ }
+
+
+
+\defbeamertemplate*{headline}{Rub theme}
+ {%
+ % Hier ist Platz für eine Headline über dem Frametitle
+ % Beispielsweise für den aktuellen Gliederungspunkt etc..
+ }
+
+
+% Fußzeile
+\defbeamertemplate*{footline}{Rub theme}
+{
+ \ifbeamer@empty % Nicht im Empty-Modus ausführen
+ \linethickness{0pt}
+ \framelatex{
+ \begin{beamercolorbox}[leftskip=.3cm,wd=\paperwidth,ht=0.3\beamer@headheight,sep=0.1cm]{section in head/foot}
+ \usebeamerfont{section in head/foot}%
+ \hfill
+ \insertframenumber%$|$\inserttotalframenumber
+ \end{beamercolorbox}}
+ \else
+ \linethickness{0pt}
+ \framelatex{
+ \begin{beamercolorbox}[leftskip=.3cm,wd=\paperwidth,ht=0.3\beamer@headheight,sep=0.1cm]{section in head/foot}
+ \usebeamerfont{section in head/foot}%
+ \insertshortauthor~$|$~\insertshorttitle~$|$~\insertshortdate
+ \hfill
+ \insertframenumber%$|$\inserttotalframenumber
+ \hspace*{10pt}
+ \end{beamercolorbox}}
+ \fi
+}
+
+% Im Empty-Modus ausführen
+ \ifbeamer@empty
+ \fi
+
+\mode
+
+
+
diff --git a/presentation/beamerthemeRub.sty b/presentation/beamerthemeRub.sty
new file mode 100644
index 0000000..4ccbbe1
--- /dev/null
+++ b/presentation/beamerthemeRub.sty
@@ -0,0 +1,148 @@
+% Copyright 2007 by Till Tantau
+% Edited by Sebastian Jeworutzki 2012
+% This file may be distributed and/or modified
+%
+% 1. under the LaTeX Project Public License and/or
+% 2. under the GNU Public License.
+%
+% See the file doc/licenses/LICENSE for more details.
+
+\ProvidesPackage{beamerthemeRub}[27/09/12 15:37:39]
+
+
+\mode
+
+% Optionen entgegennehmen und an beamerinnertheme weitergeben, um die Art der Titelseite auszuwählen
+\DeclareOptionBeamer{height}{\PassOptionsToPackage{height=#1}{beamerouterthemesidebar}}
+\DeclareOptionBeamer{alternativetitlepage}[normal]{\PassOptionsToPackage{alternativetitlepage=#1}{beamerinnerthemeRub}}
+\DeclareOptionBeamer{print}{\PassOptionsToPackage{print=#1}{}}
+
+% Option für empty (aufgeräumten) Modus
+\newif\ifbeamer@empty
+\beamer@emptyfalse
+\DeclareOptionBeamer{empty}{\beamer@emptytrue}
+
+% Option für Gliederungspunkte unter Überschrift
+\newif\ifbeamer@section
+\beamer@sectionfalse
+\DeclareOptionBeamer{section}{\beamer@sectiontrue}
+\ProcessOptionsBeamer
+
+% Einzelne Thema-Elemente laden
+\useoutertheme{Rub}
+\useinnertheme{Rub}
+\usecolortheme{Rub}
+\usefonttheme{Rub}
+
+% Einstellungen für einzelne Elemente
+\setbeamertemplate{blocks}[]
+\setbeamercovered{transparent}
+
+% Navigationssymbole ausblenden
+\setbeamertemplate{navigation symbols}{}
+
+% Den deutschen Captiontext abkürzen
+\AtBeginDocument{%
+ \renewcommand{\figurename}{Abb.}%
+ \renewcommand{\tablename}{Tab.}%
+ }
+
+% Kleinere Bildunterschriften
+\setbeamertemplate{caption}{\small {\color{saphierblau}\insertcaptionname} \insertcaption }
+
+% Seitenränder allgemein
+\setbeamersize{text margin left=5mm,
+ text margin right=5mm}
+
+% Seiteneinrichtung für die Frame-Optionen t,b,c
+\define@key{beamerframe}{b}[true]{% bottom
+ \beamer@frametopskip=10mm plus 1fill\relax%
+ \beamer@framebottomskip=1mm\relax%
+ \beamer@frametopskipautobreak=\beamer@frametopskip\relax%
+ \beamer@framebottomskipautobreak=\beamer@framebottomskip\relax%
+ \def\beamer@initfirstlineunskip{}%
+}
+\define@key{beamerframe}{t}[true]{% top
+ \beamer@frametopskip=11mm\relax%
+ \beamer@framebottomskip=0mm plus 1fill\relax%
+ \beamer@frametopskipautobreak=0cm\relax%
+ \beamer@framebottomskipautobreak=\beamer@framebottomskip\relax%
+ \def\beamer@initfirstlineunskip{%
+ \def\beamer@firstlineitemizeunskip{%
+ % \vskip-\partopsep\vskip-\topsep\vskip-\parskip%
+ \global\let\beamer@firstlineitemizeunskip=\relax}%
+ \everypar{\global\let\beamer@firstlineitemizeunskip=\relax}}
+}
+\define@key{beamerframe}{c}[true]{% bottom
+ \beamer@frametopskip=10mm plus 1fill\relax%
+ \beamer@framebottomskip=0mm plus 1fill\relax%
+ \beamer@frametopskipautobreak=\beamer@frametopskip\relax%
+ \beamer@framebottomskipautobreak=\beamer@framebottomskip\relax%
+ \def\beamer@initfirstlineunskip{}%
+}
+
+% Tabellenlinien und farbig hinterlegt Tabellenüberschriften
+\RequirePackage{booktabs}
+
+\RequirePackage{colortbl}
+\RequirePackage{etoolbox} %provides patchcmd
+% after package colortbl is loaded
+% http://tex.stackexchange.com/questions/159378/cline-disappears-in-beamer
+\makeatletter
+\patchcmd\@cline
+ {\arrayrulewidth\hfill}% search
+ {\arrayrulewidth\hfill\kern\z@}% replace
+ {}% success
+ {\errmessage{Patching \string\@cline\space failed}}% failure
+\makeatother
+
+
+\RequirePackage{array}
+\arrayrulecolor{saphierblau}
+\newcolumntype{+}{>{\global\let\currentrowstyle\relax}}
+\newcolumntype{^}{>{\currentrowstyle}}
+\newcommand{\rowstyle}[1]{\gdef\currentrowstyle{#1}%
+#1\ignorespaces
+}
+\newcommand{\thead}{\rowstyle{\bfseries}}
+
+% Anpassung Inhaltsverzeichnis
+\def\sectionintoc{}
+\def\beamer@sectionintoc#1#2#3#4#5{%
+ \ifnum\c@tocdepth>0%
+ \ifnum#4=\beamer@showpartnumber%
+ {
+ \beamer@saveanother%
+ \gdef\beamer@todo{}%
+ \beamer@slideinframe=#1\relax%
+ \expandafter\only\beamer@tocsections{\gdef\beamer@todo{%
+ \beamer@tempcount=#5\relax%
+ \advance\beamer@tempcount by\beamer@sectionadjust%
+ \edef\inserttocsectionnumber{\the\beamer@tempcount}%
+ \def\inserttocsection{\hyperlink{Navigation#3}{#2}}%
+ \beamer@tocifnothide{\ifnum\c@section=#1\beamer@toc@cs\else\beamer@toc@os\fi}%
+ {
+ \ifbeamer@pausesections\pause\fi%
+ \ifx\beamer@toc@ooss\beamer@hidetext
+ \vskip0.5em % hier ist der Abstand zwischen den Einträgen definiert
+ \else
+ \vfill
+ \fi
+ {%
+ \hbox{\vbox{%
+ \def\beamer@breakhere{\\}%
+ \beamer@tocact{\ifnum\c@section=#1\beamer@toc@cs\else\beamer@toc@os\fi}{section in toc}}}%
+ \par%
+ }%
+ }%
+ }
+ }%
+ \beamer@restoreanother%
+ }
+ \beamer@todo%
+ \fi\fi%
+}
+
+\mode
+
+
diff --git a/presentation/curve.png b/presentation/curve.png
new file mode 100644
index 0000000..f65a6a3
Binary files /dev/null and b/presentation/curve.png differ
diff --git a/presentation/images/FIDO_logo_black_RGB.png b/presentation/images/FIDO_logo_black_RGB.png
new file mode 100644
index 0000000..51d5118
Binary files /dev/null and b/presentation/images/FIDO_logo_black_RGB.png differ
diff --git a/presentation/images/FIDO_logo_black_RGB.webp b/presentation/images/FIDO_logo_black_RGB.webp
new file mode 100644
index 0000000..f4db8f6
Binary files /dev/null and b/presentation/images/FIDO_logo_black_RGB.webp differ
diff --git a/presentation/images/SSH.png b/presentation/images/SSH.png
new file mode 100644
index 0000000..5e4300c
Binary files /dev/null and b/presentation/images/SSH.png differ
diff --git a/presentation/images/links b/presentation/images/links
new file mode 100644
index 0000000..9139f87
--- /dev/null
+++ b/presentation/images/links
@@ -0,0 +1,2 @@
+SSH: https://upload.wikimedia.org/wikipedia/commons/0/00/Unofficial_SSH_Logo.svg
+FIDO: https://fidoalliance.org/overview/legal/logo-usage/
diff --git a/presentation/images/signal.png b/presentation/images/signal.png
new file mode 100644
index 0000000..8310478
Binary files /dev/null and b/presentation/images/signal.png differ
diff --git a/presentation/images/whatsapp.png b/presentation/images/whatsapp.png
new file mode 100644
index 0000000..0778795
Binary files /dev/null and b/presentation/images/whatsapp.png differ
diff --git a/presentation/images/wireguard.png b/presentation/images/wireguard.png
new file mode 100644
index 0000000..3ceb44d
Binary files /dev/null and b/presentation/images/wireguard.png differ
diff --git a/presentation/logo.pdf b/presentation/logo.pdf
new file mode 100644
index 0000000..79eea17
Binary files /dev/null and b/presentation/logo.pdf differ
diff --git a/presentation/presentation.pdf b/presentation/presentation.pdf
new file mode 100644
index 0000000..c91c7d1
Binary files /dev/null and b/presentation/presentation.pdf differ
diff --git a/presentation/presentation.tex b/presentation/presentation.tex
new file mode 100644
index 0000000..edc9c9c
--- /dev/null
+++ b/presentation/presentation.tex
@@ -0,0 +1,1037 @@
+\documentclass{beamer}
+%Information to be included in the title page:
+\title{A formal Security Analysis of the EdDSA Signature Scheme}
+\author{Aaron Kaiser}
+\institute{Fakultät für Informatik}
+\date{2023}
+\usetheme[alternativetitlepage=bild]{Rub}
+\titlegraphic{curve.png}
+
+\usepackage[noend]{algpseudocodex}
+\usepackage{xcolor}
+\usepackage{tikz}
+\usepackage{multicol}
+\usepackage{tabularx}
+\usepackage[parfill]{parskip}
+\usepackage{float}
+\usepackage{xspace}
+\usepackage{mathtools}
+\usepackage[normalem]{ulem}
+
+\include{../thesis/macros}
+
+\begin{document}
+\frame{\titlepage}
+
+\begin{frame}
+\frametitle{Outline}
+
+\begin{enumerate}
+ \item Overview
+ \item Motivation
+ \item Related work
+ \item Preliminaries
+ \item The EdDSA signature scheme
+ \item Singe- and multi-user Proofs for EdDSA
+ \item GGM proofs of the underlying assumptions
+ \item Concrete security
+\end{enumerate}
+
+\end{frame}
+
+\begin{frame}
+ \frametitle{Overview}
+ \framesubtitle{What is this thesis about?}
+
+ \begin{enumerate}
+ \item Providing a tight security proof for the EdDSA signature scheme
+ \item Showing the security level of concrete instantiations of EdDSA
+ \end{enumerate}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Overview}
+ \framesubtitle{Results}
+
+ Results of this thesis:
+ \begin{enumerate}
+ \item EdDSA is tightly secure under Ed-DLog assumption in the single-user setting
+ \item EdDSA is tightly secure under the N-Ed-DLog-Reveal assumption in the multi-user setting
+ \item \textcolor{gray}{Ed25519 provides 125/124 bits of security in the single/multi-user setting}
+ \item \textcolor{gray}{Ed448 provides 221/220 bits of security in the single/multi-user setting}
+ \end{enumerate}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Overview}
+ \framesubtitle{Results}
+
+ Results of this thesis:
+ \begin{enumerate}
+ \item EdDSA is tightly secure under Ed-DLog assumption in the single-user setting
+ \item EdDSA is tightly secure under the N-Ed-DLog-Reveal assumption in the multi-user setting
+ \item Ed25519 provides 125/124 bits of security in the single/multi-user setting
+ \item Ed448 provides 221/220 bits of security in the single/multi-user setting
+ \end{enumerate}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Motivation}
+
+ EdDSA is everywhere...
+
+ \includegraphics[scale=0.9]{images/signal.png}
+ \includegraphics[scale=0.1]{images/whatsapp.png}
+ \includegraphics[scale=0.1]{images/wireguard.png}
+ \includegraphics[scale=0.05]{images/SSH.png}
+ \includegraphics[scale=0.1]{images/FIDO_logo_black_RGB.png}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Motivation}
+
+ No existing tight security proof since publication in 2015
+\end{frame}
+
+\begin{frame}
+ \frametitle{Related Work}
+
+ \begin{itemize}
+ \item Brendel et al. 2021 \cite{SP:BCJZ21}: First security proof for Ed25519
+ \item Chalkias et al. 2020 \cite{EPRINT:ChaGarNik20}: Analysis of different EdDSA implementations
+ \item Fuchsbauer et al. 2020 \cite{EC:FucPloSeu20}: Tight security proof for Schnorr Signatures using AGM
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Security Notions}
+ \framesubtitle{Digital Signature Scheme}
+
+ \begin{definition}
+ A digital signature scheme SIG = (\keygen,\sign,\verify) is a tuple of algorithms.
+
+ \begin{itemize}
+ \item \textbf{\keygen}: The key generation algorithm, which upon receiving the security parameter as input outputs a matching tuple of public and private key.
+ \item \textbf{\sign}: The signature algorithm, which upon receiving a secret key and a message, outputs a signature for that message.
+ \item \textbf{\verify}: The verification algorithm, which upon receiving a public key, a message and a signature, outputs $1$ if the signature gets accepted and $0$ otherwise.
+ \end{itemize}
+
+ For the digital signature scheme to be correct, it is required that $\forall (\pubkey, \privkey) \in \keygen(par), \m \in \messagespace, \signature \in \sign(\privkey, \m): \verify(\pubkey, \m, \signature) = 1$
+ \end{definition}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Security Notions}
+ \framesubtitle{$N\text{-MU-EUF-CMA}$}
+
+ \begin{figure}[h]
+ \hrule
+ \normalsize
+ \vspace{1mm}
+ \begin{algorithmic}
+ \Statex \underline{\game $N\text{-MU-EUF-CMA}$}
+ \State \textbf{for} $i \in \{1,2,...,N\}$
+ \State \quad $(\pubkey_i, \privkey_i) \randomassign \keygen(1^\secparamter)$
+ \State $(\m^*, \signature^*) \randomassign \adversary{A}^{\sign(\inp, \inp)}(\pubkey_1, \pubkey_2, ..., \pubkey_n)$
+ \State \Return $\exists i \in \{1,2,...,N\}: \verify(\pubkey_i, \m^*, \signature^*) \test 1 \wedge (\pubkey_i, \m^*) \notin M$
+ \end{algorithmic}
+ \vspace{2mm}
+ \begin{algorithmic}
+ \Statex \underline{\oracle \Osign($i \in \{1,2,...,n\}$, $\m \in \messagespace$)}
+ \State $\signature \randomassign \sign(\privkey_i, \m)$
+ \State $M \assign M \cup \{(\pubkey_i, \m)\}$
+ \State \Return $\signature$
+ \end{algorithmic}
+ \hrule
+ \caption{$N$-MU-EUF-CMA Security Game}
+ \label{game:mu-euf-cma}
+ \end{figure}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Security Notions}
+ \framesubtitle{$N\text{-MU-SUF-CMA}$}
+
+ \begin{figure}[h]
+ \hrule
+ \normalsize
+ \vspace{1mm}
+ \begin{algorithmic}
+ \Statex \underline{\game $N\text{-MU-SUF-CMA}$}
+ \State \textbf{for} $i \in \{1,2,...,N\}$
+ \State \quad $(\pubkey_i, \privkey_i) \randomassign \keygen(1^\secparamter)$
+ \State $(\m^*, \signature^*) \randomassign \adversary{A}^{\sign(\inp, \inp)}(\pubkey_1, \pubkey_2, ..., \pubkey_n)$
+ \State \Return $\exists i \in \{1,2,...,N\}: \verify(\pubkey_i, \m^*, \signature^*) \test 1 \wedge (\pubkey_i, \m^*, \signature^*) \notin M$
+ \end{algorithmic}
+ \vspace{2mm}
+ \begin{algorithmic}
+ \Statex \underline{\oracle \Osign($i \in \{1,2,...,n\}$, $\m \in \messagespace$)}
+ \State $\signature \randomassign \sign(\privkey_i, \m)$
+ \State $M \assign M \cup \{(\pubkey_i, \m, \signature)\}$
+ \State \Return $\signature$
+ \end{algorithmic}
+ \hrule
+ \caption{$N$-MU-SUF-CMA Security Game}
+ \end{figure}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Security Notions}
+ \framesubtitle{$N\text{-MU-EUF-NMA}$}
+
+ \begin{figure}[h]
+ \hrule
+ \vspace{1mm}
+ \begin{algorithmic}
+ \State \underline{\game $N\text{-MU-EUF-NMA}$}
+ \State \textbf{for} $i \in \{1,2,...,N\}$
+ \State \quad $(\pubkey_i, \privkey_i) \randomassign \keygen(1^\secparamter)$
+ \State $(\m^*, \signature^*) \randomassign \adversary{A}(\pubkey_1, \pubkey_2, \pubkey_n)$
+ \State \Return $\exists i \in \{1,2,...,N\}: \verify(\pubkey_i, \m^*, \signature^*) \test 1$
+ \end{algorithmic}
+ \hrule
+ \caption{$N$-MU-EUF-NMA Security Game}
+ \label{game:mu-uf-nma}
+ \end{figure}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Random Oracle Model (ROM)}
+
+ \begin{itemize}
+ \item Hash functions are modeled as public oracle
+ \item Oracle behaves like a true random function
+ \item Challenger can observe all inputs
+ \item Challenger can program the random oracle
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Algebraic Group Model (AGM)}
+
+ \begin{itemize}
+ \item Adversary has to provide a representation of all group elements
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Generic Group Model (GGM)}
+
+ \begin{itemize}
+ \item GGM hides all group-specific representation of group elements
+ \item Adversary works with random labels instead of actual group elements
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Standards}
+
+ \begin{itemize}
+ \item Paper by Bernstein et al. \cite{CHES:BDLSY11,EPRINT:BJLSY15}
+ \item RFC 8032 \cite{josefsson_edwards-curve_2017}
+ \item FIPS 186-5 \cite{moody_digital_2023}
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{The EdDSA Signature Scheme}
+
+ \begin{table}
+ \small
+ \begin{tabularx}{\textwidth}{@{}lX@{}}
+ \textbf{Parameter} & \textbf{Description} \\
+ \hline
+ $q$ & An odd prime power $q$. EdDSA uses an elliptic curve over the finite field $\mathbb{F}_{q}$. \\
+ $b$ & An integer $b$ with $2^{b-1} > q$. The bit size of encoded points on the twisted Edwards curve. \\
+ $Enc(\inp)$ & A $(b-1)$-bit encoding of elements in the underlying finite field. \\
+ $H(\inp)$ & A cryptographic hash function producing $2b$-bit output. \\
+ $c$ & The cofactor of the twisted Edwards curve. \\
+ $n$ & The number of bits used for the secret scalar of the public key. \\
+ $a, d$ & The curve parameter of the twisted Edwards curve. \\
+ $\groupelement{B}$ & A generator point of the prime order subgroup of $E$. \\
+ $L$ & The order of the prime order subgroup. \\
+ $H'(\inp)$ & A prehash function applied to the message prior to applying the \sign or \verify procedure.
+ \end{tabularx}
+ \caption{Parameter of the EdDSA signature scheme}
+ \end{table}
+\end{frame}
+
+\begin{frame}
+ \frametitle{The EdDSA Signature Scheme}
+
+ \begin{table}
+ \small
+ \begin{tabularx}{\textwidth}{@{}lX@{}}
+ \textbf{Parameter} & \textbf{Description} \\
+ \hline
+ $b$ & An integer $b$ with $2^{b-1} > q$. The bit size of encoded points on the twisted Edwards curve. \\
+ $H(\inp)$ & A cryptographic hash function producing $2b$-bit output. \\
+ $c$ & The cofactor of the twisted Edwards curve. \\
+ $n$ & The number of bits used for the secret scalar of the public key. \\
+ $\groupelement{B}$ & A generator point of the prime order subgroup of $E$. \\
+ $L$ & The order of the prime order subgroup. \\
+ \end{tabularx}
+ \caption{Parameter of the EdDSA signature scheme}
+ \end{table}
+\end{frame}
+
+\begin{frame}
+ \frametitle{The EdDSA Signature Scheme}
+
+ \begin{algorithmic}
+ \State \underline{\textbf{\keygen}}
+ \State $k \randomsample \{0,1\}^b$
+ \State $(h_0, h_1, ..., h_{2b-1}) \assign H(k)$
+ \State $s \leftarrow 2^n + \sum_{i=c}^{n-1} 2^i h_i$
+ \State $A \assign sB$
+ \State \Return (\encoded{$A$}, $k$)
+ \end{algorithmic}
+\end{frame}
+
+\begin{frame}
+ \frametitle{The EdDSA Signature Scheme}
+
+ \begin{algorithmic}
+ \Statex \underline{\textbf{\sign}($k$, $m$)}
+ \State $(h_0, h_1, ..., h_{2b-1}) \assign H(k)$
+ \State $s \leftarrow 2^n + \sum_{i=c}^{n-1} 2^i h_i$
+ \State $(r'_0, r'_1, ..., r'_{2b-1}) \assign H(h_b | ... | h_{2b-1} | m)$
+ \State $r \assign \sum_{i=0}^{2b-1} 2^i r'_i$
+ \State $R \assign rB$
+ \State $\ch \assign H(\encoded{R} | \encoded{A} | m)$
+ \State $S \assign (r + \ch \cdot s) \pmod L$
+ \State \Return $\sigma \assign (\encoded{R}, S)$
+ \end{algorithmic}
+\end{frame}
+
+\begin{frame}
+ \frametitle{The EdDSA Signature Scheme}
+
+ \begin{algorithmic}
+ \Statex \underline{\textbf{\sign}($k$, $m$)}
+ \BeginBox[draw=red]
+ \State $(h_0, h_1, ..., h_{2b-1}) \assign H(k)$
+ \Comment{Recover secret scalar}
+ \State $s \leftarrow 2^n + \sum_{i=c}^{n-1} 2^i h_i$
+ \EndBox
+ \State $(r'_0, r'_1, ..., r'_{2b-1}) \assign H(h_b | ... | h_{2b-1} | m)$
+ \State $r \assign \sum_{i=0}^{2b-1} 2^i r'_i$
+ \State $R \assign rB$
+ \State $\ch \assign H(\encoded{R} | \encoded{A} | m)$
+ \State $S \assign (r + \ch \cdot s) \pmod L$
+ \State \Return $\sigma \assign (\encoded{R}, S)$
+ \end{algorithmic}
+\end{frame}
+
+\begin{frame}
+ \frametitle{The EdDSA Signature Scheme}
+
+ \begin{algorithmic}
+ \Statex \underline{\textbf{\sign}($k$, $m$)}
+ \State $(h_0, h_1, ..., h_{2b-1}) \assign H(k)$
+ \State $s \leftarrow 2^n + \sum_{i=c}^{n-1} 2^i h_i$
+ \BeginBox[draw=red]
+ \State $(r'_0, r'_1, ..., r'_{2b-1}) \assign H(h_b | ... | h_{2b-1} | m)$
+ \Comment{Calculate commitment}
+ \State $r \assign \sum_{i=0}^{2b-1} 2^i r'_i$
+ \State $R \assign rB$
+ \EndBox
+ \State $\ch \assign H(\encoded{R} | \encoded{A} | m)$
+ \State $S \assign (r + \ch \cdot s) \pmod L$
+ \State \Return $\sigma \assign (\encoded{R}, S)$
+ \end{algorithmic}
+\end{frame}
+
+\begin{frame}
+ \frametitle{The EdDSA Signature Scheme}
+
+ \begin{algorithmic}
+ \Statex \underline{\textbf{\sign}($k$, $m$)}
+ \State $(h_0, h_1, ..., h_{2b-1}) \assign H(k)$
+ \State $s \leftarrow 2^n + \sum_{i=c}^{n-1} 2^i h_i$
+ \State $(r'_0, r'_1, ..., r'_{2b-1}) \assign H(h_b | ... | h_{2b-1} | m)$
+ \State $r \assign \sum_{i=0}^{2b-1} 2^i r'_i$
+ \State $R \assign rB$
+ \BeginBox[draw=red]
+ \State $\ch \assign H(\encoded{R} | \encoded{A} | m)$
+ \Comment{Calculate challenge}
+ \EndBox
+ \State $S \assign (r + \ch \cdot s) \pmod L$
+ \State \Return $\sigma \assign (\encoded{R}, S)$
+ \end{algorithmic}
+\end{frame}
+
+\begin{frame}
+ \frametitle{The EdDSA Signature Scheme}
+
+ \begin{algorithmic}
+ \Statex \underline{\textbf{\sign}($k$, $m$)}
+ \State $(h_0, h_1, ..., h_{2b-1}) \assign H(k)$
+ \State $s \leftarrow 2^n + \sum_{i=c}^{n-1} 2^i h_i$
+ \State $(r'_0, r'_1, ..., r'_{2b-1}) \assign H(h_b | ... | h_{2b-1} | m)$
+ \State $r \assign \sum_{i=0}^{2b-1} 2^i r'_i$
+ \State $R \assign rB$
+ \State $\ch \assign H(\encoded{R} | \encoded{A} | m)$
+ \BeginBox[draw=red]
+ \State $S \assign (r + \ch \cdot s) \pmod L$
+ \Comment{Calculate response}
+ \EndBox
+ \State \Return $\sigma \assign (\encoded{R}, S)$
+ \end{algorithmic}
+\end{frame}
+
+\begin{frame}
+ \frametitle{The EdDSA Signature Scheme}
+
+ \begin{algorithmic}
+ \Statex \underline{\textbf{\verify}($\encoded{A}, \sigma \assign (\encoded{R}, S), m$)}
+ \State \Return $2^c SB \test 2^c R + 2^c H(\encoded{R} | \encoded{A} | m)A$
+ \end{algorithmic}
+\end{frame}
+
+\begin{frame}
+ \frametitle{The EdDSA Signature Scheme}
+ \framesubtitle{Signature Parsing}
+
+ \begin{itemize}
+ \item Strict parsing: Reject all bitstring representations of $S > L$
+ \item Lax parsing: Allow all bitstring representations of $S$ and work with $S \pmod L$
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{The EdDSA Signature Scheme}
+ \framesubtitle{Encoding of Group Elements}
+
+ \begin{itemize}
+ \item Decoding function ensures that point is on curve
+ \item Multiple bitstrings might map to the same point on the curve
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{The EdDSA' Signature Scheme}
+
+ \begin{figure}
+ \hrule
+ \begin{multicols}{2}
+ \scriptsize
+ \begin{algorithmic}
+ \Statex \underline{\textbf{\keygen}}
+ \State $(h_0, h_1, ..., h_{2b-1}) \randomsample \{0,1\}^{2b}$
+ \State $s \leftarrow 2^n + \sum_{i=c}^{n-1} 2^i h_i$
+ \State $A \assign sB$
+ \State \Return (\encoded{$A$}, $k \assign (s, h_b | ... | h_{2b-1})$)
+ \end{algorithmic}
+ \columnbreak
+ \begin{algorithmic}
+ \Statex \underline{\textbf{\sign}($k \assign (s, h_b | ... | h_{2b-1})$, $m$)}
+ \State $(r'_0, r'_1, ..., r'_{2b-1}) \assign RF(h_b | ... | h_{2b-1} | m)$
+ \State $r \assign \sum_{i=0}^{2b-1} 2^i r'_i$
+ \State $R \assign rB$
+ \State $S \assign (r + sH(\encoded{R} | \encoded{A} | m)) \pmod L$
+ \State \Return $\sigma \assign (\encoded{R}, S)$
+ \end{algorithmic}
+ \end{multicols}
+ \hrule
+ \caption{Generic description of the algorithms \keygen, \sign and \verify used by the EdDSA' signature scheme}
+ \end{figure}
+\end{frame}
+
+\begin{frame}
+ \frametitle{The EdDSA' Signature Scheme}
+
+ \begin{theorem}
+ \label{theorem:adveddsa'}
+ Let $\adversary{A}$ be an adversary against SUF-CMA security of the EdDSA signature scheme. Then
+
+ \[ \advantage{\text{EdDSA'},\adversary{A}}{\cma}(\secparamter) \leq \advantage{\text{EdDSA},\adversary{A}}{\cma}(\secparamter) + \frac{2 (\hashqueries + 1)}{2^b}. \]
+ \end{theorem}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Single-User Security}
+
+ \begin{theorem}[Security of EdDSA with strict parsing in the single-user setting]
+ \label{theorem:eddsa_sp_su}
+ Let $\adversary{A}$ be an adversary against the SUF-CMA security of EdDSA with strict parsing, making at most $\hashqueries$ hash queries and $\oraclequeries$ oracle queries, and $\group{G}$ be a group of prime order $L$. Then,
+
+ \[ \advantage{\group{G}, \adversary{A}}{\text{SUF-CMA}}(\secparamter) \leq \advantage{\curve, n, c, L, \adversary{B}}{\sdlog} + \frac{2(\hashqueries + 1)}{2^b} + \frac{\oraclequeries \hashqueries + \oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \]
+ \end{theorem}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Single-User Security}
+
+ \begin{theorem}[Security of EdDSA with lax parsing in the single-user setting]
+ \label{theorem:eddsa_lp_su}
+ Let $\adversary{A}$ be an adversary against the EUF-CMA security of EdDSA with lax parsing, making at most $\hashqueries$ hash queries and $\oraclequeries$ oracle queries, and $\group{G}$ be a group of prime order $L$. Then,
+
+ \[ \advantage{\group{G}, \adversary{A}}{\text{EUF-CMA}}(\secparamter) \leq \advantage{\curve, n, c, L, \adversary{B}}{\sdlog} + \frac{2(\hashqueries + 1)}{2^b} + \frac{\oraclequeries \hashqueries + \oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \]
+ \end{theorem}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Single-User Security}
+
+ \[ \sdlog \overset{\text{AGM}}{\Rightarrow} \igame \overset{\text{ROM}}{\Rightarrow} \text{EUF-NMA} \overset{\text{ROM}}{\Rightarrow} \cma_{\text{EdDSA sp}} \]
+ \[ \sdlog \overset{\text{AGM}}{\Rightarrow} \igame \overset{\text{ROM}}{\Rightarrow} \text{EUF-NMA} \overset{\text{ROM}}{\Rightarrow} \text{EUF-CMA}_{\text{EdDSA lp}} \]
+\end{frame}
+
+\begin{frame}
+ \frametitle{Single-User Security}
+ \framesubtitle{$\text{EUF-NMA} \overset{\text{ROM}}{\Rightarrow} \cma_{\text{EdDSA sp}} / \text{EUF-CMA}_{\text{EdDSA lp}}$}
+
+ \begin{theorem}[\cite{SP:BCJZ21}]
+ Let $\adversary{A}$ be an adversary against $\cma$, making at most $\hashqueries$ hash queries and $\oraclequeries$ oracle queries, and let $\group{G}$ be a group of prime order $L$. Then,
+
+ \[ \advantage{\group{G}, \adversary{A}}{\text{\cma}}(\secparamter) \leq \advantage{\group{G}, \adversary{B}}{\text{EUF-NMA}}(\secparamter) + \frac{\oraclequeries \hashqueries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}. \]
+ \end{theorem}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{Single-User Security}
+ \framesubtitle{$\text{EUF-NMA} \overset{\text{ROM}}{\Rightarrow} \cma_{\text{EdDSA sp}}$}
+
+ Proof Idea:
+
+ \begin{itemize}
+ \item Simulate signatures without private key
+ \begin{enumerate}
+ \item Choose commitment and solution uniformly at random
+ \item Calculate corresponding challenge
+ \item Program random oracle to output that challenge for the signature
+ \end{enumerate}
+ \item Forward random oracle quries to challenger
+ \item A valid signature forgery in the SUF-CMA game is also a valid forgery in the UF-NMA game
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Single-User Security}
+ \framesubtitle{$\igame \overset{\text{ROM}}{\Rightarrow} \text{EUF-NMA}$}
+
+ \begin{figure}[h]
+ \hrule
+ \begin{multicols}{2}
+ \normalsize
+ \begin{algorithmic}
+ \Statex \underline{\game \igame}
+ \State $a \randomsample \{2^{n-1}, 2^{n-1} + 2^c, ..., 2^n - 2^c\}$
+ \State $\groupelement{A} \assign a \groupelement{B}$
+ \State $s^* \randomsample \adversary{A}^{\ioracle(\inp)}(\groupelement{A})$
+ \State \Return $\exists (\groupelement{R}^*, \ch^*) \in \pset{Q}: \groupelement{R}^* = 2^c s^* \groupelement{B} - 2^c \ch^* \groupelement{A}$
+ \end{algorithmic}
+ \columnbreak
+ \begin{algorithmic}
+ \Statex \underline{\oracle \ioracle($\groupelement{R_i} \in \group{G}$)}
+ \State $\ch_i \randomsample \{0,1\}^{2b}$
+ \State $\pset{Q} \assign \pset{Q} \cup \{ (\groupelement{R}_i, \ch_i) \}$
+ \State \Return $\ch_i$
+ \end{algorithmic}
+ \end{multicols}
+ \hrule
+ \caption{\igame}
+ \end{figure}
+\end{frame}
+
+
+\begin{frame}
+ \frametitle{Single-User Security}
+ \framesubtitle{$\igame \overset{\text{ROM}}{\Rightarrow} \text{EUF-NMA}$}
+
+ \begin{theorem}
+ Let $\adversary{A}$ be an adversary against $\text{EUF-NMA}$. Then,
+
+ \[ \advantage{\group{G}, \adversary{A}}{\text{EUF-NMA}}(\secparamter) = \advantage{\group{G}, \adversary{B}}{\text{\igame}}(\secparamter). \]
+ \end{theorem}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Single-User Security}
+ \framesubtitle{$\igame \overset{\text{ROM}}{\Rightarrow} \text{EUF-NMA}$}
+
+ Proof Idea:
+
+ \begin{itemize}
+ \item Forward random oracle quries to \ioracle oracle
+ \item A valid signature forgery provides a valid solution for \igame
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Single-User Security}
+ \framesubtitle{$\sdlog \overset{\text{AGM}}{\Rightarrow} \igame$}
+
+ \begin{figure}[h]
+ \hrule
+ \vspace{1mm}
+ \begin{algorithmic}
+ \Statex \underline{\game \sdlog}
+ \State $a \randomsample \{ 2^{n-1}, 2^{n-1} + 2^c, ..., 2^{n} - 2^c \}$
+ \State $\groupelement{A} \assign a \groupelement{B}$
+ \State $a' \randomassign \adversary{A}(\groupelement{A})$
+ \State \Return $a \test a'$
+ \end{algorithmic}
+ \vspace{1mm}
+ \hrule
+ \caption{\sdlog}
+ \end{figure}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Single-User Security}
+ \framesubtitle{$\sdlog \overset{\text{AGM}}{\Rightarrow} \igame$}
+
+ \begin{theorem}
+ \label{theorem:advgamez}
+ Let $\adversary{A}$ be an adversary against \igame with $\group{G}$ being a cyclic group of prime order $L$, making at most $\oraclequeries$ oracle queries. Then
+
+ \[ \advantage{\group{G},\adversary{A}}{\igame}(\secparamter) \leq \advantage{\group{G},\adversary{B}}{\sdlog}(\secparamter) + \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}. \]
+ \end{theorem}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Single-User Security}
+ \framesubtitle{$\sdlog \overset{\text{AGM}}{\Rightarrow} \igame$}
+
+ Proof Idea:
+
+ \begin{itemize}
+ \item Adversary provides a valid solution: $R^* = 2^c s^* \groupelement{B} - 2^c \ch^* \groupelement{A}$
+ \item Adversary also provides: $\groupelement{R^*} = r_1 \groupelement{B} + r_2 \groupelement{A}$
+ \item Rewrite equations: $A = (2^c s^* - r_1)(r_2 + 2^c \ch^*)^{-1} B$
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Multi-User Security}
+
+ \begin{theorem}[Security of EdDSA with strict parsing in the multi-user setting]
+ Let $\adversary{A}$ be an adversary against the $N$-MU-SUF-CMA security of EdDSA with strict parsing, receiving $N$ public keys and making at most $\hashqueries$ hash queries and $\oraclequeries$ oracle queries, and $\group{G}$ be a group of prime order $L$. Then,
+
+ \[ \advantage{\group{G}, \adversary{A}}{\text{MU-SUF-CMA}}(\secparamter) \leq \advantage{\curve, n, c, L, \adversary{B}}{\somdl} + \frac{2(\hashqueries + 1)}{2^b} + \frac{\oraclequeries \hashqueries + \oraclequeries N}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \]
+ \end{theorem}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Multi-User Security}
+
+ \begin{theorem}[Security of EdDSA with lax parsing in the multi-user setting]
+ \label{theorem:eddsa_lp_mu}
+ Let $\adversary{A}$ be an adversary against the MU-EUF-CMA security of EdDSA with lax parsing, receiving $N$ public keys and making at most $\hashqueries$ hash queries and $\oraclequeries$ oracle queries, and $\group{G}$ be a group of prime order $L$. Then,
+
+ \[ \advantage{\group{G}, \adversary{A}}{\text{MU-EUF-CMA}}(\secparamter) \leq \advantage{\curve, n, c, L, \adversary{B}}{\somdl} + \frac{2(\hashqueries + 1)}{2^b} + \frac{\oraclequeries \hashqueries + \oraclequeries N}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \]
+ \end{theorem}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Multi-User Security}
+
+ \[ \somdl \overset{\text{AGM}}{\Rightarrow} \igame \overset{\text{ROM}}{\Rightarrow} \text{MU-EUF-NMA} \overset{\text{ROM}}{\Rightarrow} \text{MU-\cma}_{\text{EdDSA sp}} \]
+ \[ \somdl \overset{\text{AGM}}{\Rightarrow} \igame \overset{\text{ROM}}{\Rightarrow} \text{MU-EUF-NMA} \overset{\text{ROM}}{\Rightarrow} \text{MU-EUF-CMA}_{\text{EdDSA lp}} \]
+\end{frame}
+
+\begin{frame}
+ \frametitle{Multi-User Security}
+ \framesubtitle{$\somdl \overset{\text{AGM}}{\Rightarrow} \igame$}
+
+ \begin{figure}[h]
+ \hrule
+ \vspace{1mm}
+ \large
+ \begin{algorithmic}
+ \Statex \underline{\game \somdl}
+ \State \textbf{for} $i \in \{1,2,...,N\}$
+ \State \quad $a_i \randomsample \{ 2^{n-1}, 2^{n-1} + 2^c, ..., 2^{n} - 2^c \}$
+ \State \quad $\groupelement{A_i} \assign a_i \groupelement{B}$
+ \State $(a'_1, a'_2, ..., a'_N) \randomassign \adversary{A}^{DL(\inp)}(\groupelement{A_1}, \groupelement{A_2}, ..., \groupelement{A_N})$
+ \State \Return $(a_1, a_2, ..., a_N) \test (a'_1, a'_2, ..., a'_N)$
+ \end{algorithmic}
+ \vspace{2mm}
+ \begin{algorithmic}
+ \Statex \underline{\oracle $DL(j \in \{1,2,...,N\})$}
+ \Comment{max. one query}
+ \vspace{1mm}
+ \State \Return $\{a_i|i \in \{1,2,...,N\}\backslash \{j\}\}$
+ \end{algorithmic}
+ \vspace{1mm}
+ \hrule
+ \caption{\somdl}
+ \label{fig:somdl}
+ \end{figure}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Multi-User Security}
+ \framesubtitle{$\somdl \overset{\text{AGM}}{\Rightarrow} \igame$}
+
+ Proof Idea:
+
+ \begin{itemize}
+ \item Similar to single-user proof
+ \item Query discrete logarithms of all but one challenge group element $A_i$
+ \item Construct a representation $\groupelement{R^*} = r_1 \groupelement{B} + r_2 \groupelement{A_i}$
+ \item Calculate discrete logarithm of $\groupelement{A_i}$
+ \end{itemize}
+\end{frame}
+
+\begin{frame}
+ \frametitle{\sdlog}
+
+ \begin{theorem}
+ \label{theorem:sdlog_ggm}
+ Let $n$ and $c$ be positive integers. Consider a twisted Edwards curve $\curve$ with a cofactor of $2^c$ and a generating set consisting of $(\groupelement{B}, \groupelement{E_2}, ..., \groupelement{E_m})$. Among these, let $\groupelement{B}$ be the generator of the largest prime order subgroup with an order of $L$. Let $\adversary{A}$ be a generic adversary making at most $\groupqueries$ group operations. Then,
+
+ \[ \advantage{\curve, n, c, L, \adversary{A}}{\sdlog} \leq \frac{(\groupqueries + 3)^2 + 1}{2^{n-1-c}}. \]
+ \end{theorem}
+\end{frame}
+
+\begin{frame}
+ \frametitle{\somdl}
+
+ \begin{theorem}
+ \label{theorem:somdl_ggm}
+ Let $n$, $N$, $c$ be positive integers. Consider a twisted Edwards curve $\curve$ with a cofactor of $2^c$ and a generating set consisting of $(\groupelement{B}, \groupelement{E_2}, ..., \groupelement{E_m})$. Among these, let $\groupelement{B}$ be the generator of the largest prime order subgroup with an order of $L$. Let $\adversary{A}$ be a generic adversary against \somdl receiving $N$ group elements as challenge and making at most $\groupqueries$ group operations queries. Then,
+
+ \[ \advantage{\curve, n, c, L, \adversary{A}}{\somdl} \leq \frac{2(\groupqueries + N + 2)^2 + 1}{2^{n-1-c}}. \]
+ \end{theorem}
+\end{frame}
+
+\begin{frame}
+ \begin{lemma}[Schwartz-Zippel lemma \cite{schwartz_fast_1980}]
+ Let $L$ be a prime number and $P \in \mathbb{F}_{L}[X_1, ..., X_n]$ be a non-zero polynomial of total degree $d \geq 0$ over a field $\mathbb{F}_{L}$. Let $S$ be a finite subset of $\mathbb{F}_{L}$ and let $x$ be selected uniformly at random from $S$. Then
+
+ \[ \Pr[P(x) = 0] \leq \frac{d}{|S|}. \]
+ \end{lemma}
+ \end{frame}
+
+\begin{frame}
+ \begin{figure}[H]
+ \hrule
+ \tiny
+ \vspace{2mm}
+ \begin{algorithmic}
+ \Statex \underline{\game \textcolor{black}{$G_0$} / \textcolor{blue}{$G_1$} /\textcolor{red}{$G_2$} / \textcolor{green}{$G_3$} / \textcolor{orange}{$G_4$}}
+ \State \textbf{for} $i \in \{1,2,...,N\}$
+ \State \quad $a_i \randomsample \{ 2^{n-1}, 2^{n-1} + 2^c, ..., 2^{n} - 2^c \}$
+ \State \quad $\groupelement{A_i} \assign a_i \groupelement{B}$
+ \State $(a'_1, a'_2, ..., a'_N) \randomassign \adversary{A}^{GOp(\inp, \inp, \inp), DL(\inp)}(Enc(\groupelement{B}), Enc(\groupelement{E_2}), ..., Enc(\groupelement{E_m}), Enc(\groupelement{A_1}), ..., Enc(\groupelement{A_N}))$
+ \State \Return $(a_1, a_2, ..., a_N) \test (a'_1, a'_2, ..., a'_N)$
+ \end{algorithmic}
+ \vspace{1mm}
+ \begin{algorithmic}
+ \Statex \underline{\oracle DL($j \in \{1,2,...,N\}$)}
+ \State \Return $\{a_i | i \in \{1,2,...,N\} \backslash \{j\}\}$
+ \end{algorithmic}
+ \vspace{1mm}
+ \begin{algorithmic}
+ \Statex \underline{\oracle GOp($x, y \in \mathbf{S}, b \in \{0,1\}$)}
+ \State \quad \Return $Enc(\sum^{-1}[x] + (-1)^b \sum^{-1}[y])$
+ \end{algorithmic}
+ \vspace{1mm}
+ \begin{algorithmic}
+ \State \underline{\textbf{Procedure} Enc($\groupelement{X} \in \curve$)}
+ \State \textbf{If } $\sum[\groupelement{X}] = \bot$ \textbf{ then}
+ \State \quad $\sum[\groupelement{X}] \randomsample \{0,1\}^{\lceil log_2(|\curve|) \rceil} \backslash \pset{S}$
+ \State \quad $\mathbf{S} \assign \pset{S} \cup \{\sum[X]\}$
+ \State \Return $\sum[\groupelement{X}]$
+ \end{algorithmic}
+ \hrule
+ \caption{$G_0$}
+ \end{figure}
+\end{frame}
+
+\begin{frame}
+ \begin{figure}[H]
+ \hrule
+ \tiny
+ \vspace{2mm}
+ \begin{algorithmic}
+ \Statex \underline{\game \textcolor{black}{$G_0$} / \textcolor{blue}{$G_1$} /\textcolor{red}{$G_2$} / \textcolor{green}{$G_3$} / \textcolor{orange}{$G_4$}}
+ \State \textbf{for} $i \in \{1,2,...,N\}$
+ \State \quad $a_i \randomsample \{ 2^{n-1}, 2^{n-1} + 2^c, ..., 2^{n} - 2^c \}$
+ \BeginBox[draw=blue]
+ \State \quad $\groupelement{A_i} \assign (a_i, 0, ..., 0)$
+ \EndBox
+ \State $(a'_1, a'_2, ..., a'_N) \randomassign \adversary{A}^{GOp(\inp, \inp, \inp), DL(\inp)}(Enc(\groupelement{B}), Enc(\groupelement{E_2}), ..., Enc(\groupelement{E_m}), Enc(\groupelement{A_1}), ..., Enc(\groupelement{A_N}))$
+ \State \Return $(a_1, a_2, ..., a_N) \test (a'_1, a'_2, ..., a'_N)$
+ \end{algorithmic}
+ \vspace{1mm}
+ \begin{algorithmic}
+ \Statex \underline{\oracle DL($j \in \{1,2,...,N\}$)}
+ \State \Return $\{a_i | i \in \{1,2,...,N\} \backslash \{j\}\}$
+ \end{algorithmic}
+ \vspace{1mm}
+ \begin{algorithmic}
+ \Statex \underline{\oracle GOp($x, y \in \mathbf{S}, b \in \{0,1\}$)}
+ \State \quad \Return $Enc(\sum^{-1}[x] + (-1)^b \sum^{-1}[y])$
+ \end{algorithmic}
+ \vspace{1mm}
+ \begin{algorithmic}
+ \BeginBox[draw=blue]
+ \State \underline{\textbf{Procedure} Enc($\groupelement{X} \in \field{L} \times \field{ord(E_2)} \times ... \times \field{ord(E_n)}$)}
+ \EndBox
+ \State \textbf{If } $\sum[\groupelement{X}] = \bot$ \textbf{ then}
+ \State \quad $\sum[\groupelement{X}] \randomsample \{0,1\}^{\lceil log_2(|\curve|) \rceil} \backslash \pset{S}$
+ \State \quad $\mathbf{S} \assign \pset{S} \cup \{\sum[X]\}$
+ \State \Return $\sum[\groupelement{X}]$
+ \end{algorithmic}
+ \hrule
+ \caption{$G_1$}
+ \end{figure}
+\end{frame}
+
+\begin{frame}
+ \begin{figure}[H]
+ \hrule
+ \tiny
+ \vspace{2mm}
+ \begin{algorithmic}
+ \Statex \underline{\game \textcolor{black}{$G_0$} / \textcolor{blue}{$G_1$} /\textcolor{red}{$G_2$} / \textcolor{green}{$G_3$} / \textcolor{orange}{$G_4$}}
+ \State \textbf{for} $i \in \{1,2,...,N\}$
+ \State \quad $a_i \randomsample \{ 2^{n-1}, 2^{n-1} + 2^c, ..., 2^{n} - 2^c \}$
+ \BeginBox[draw=red]
+ \State \quad $P_i \assign Z_i$
+ \State \quad $\groupelement{A_i} \assign (P_i, 0, ..., 0)$
+ \EndBox
+ \State $(a'_1, a'_2, ..., a'_N) \randomassign \adversary{A}^{GOp(\inp, \inp, \inp), DL(\inp)}(Enc(\groupelement{B}), Enc(\groupelement{E_2}), ..., Enc(\groupelement{E_m}), Enc(\groupelement{A_1}), ..., Enc(\groupelement{A_N}))$
+ \State \Return $(a_1, a_2, ..., a_N) \test (a'_1, a'_2, ..., a'_N)$
+ \end{algorithmic}
+ \vspace{1mm}
+ \begin{algorithmic}
+ \Statex \underline{\oracle DL($j \in \{1,2,...,N\}$)}
+ \State \Return $\{a_i | i \in \{1,2,...,N\} \backslash \{j\}\}$
+ \end{algorithmic}
+ \vspace{1mm}
+ \begin{algorithmic}
+ \Statex \underline{\oracle GOp($x, y \in \mathbf{S}, b \in \{0,1\}$)}
+ \State \quad \Return $Enc(\sum^{-1}[x] + (-1)^b \sum^{-1}[y])$
+ \end{algorithmic}
+ \vspace{1mm}
+ \begin{algorithmic}
+ \BeginBox[draw=red]
+ \State \underline{\textbf{Procedure} Enc($\groupelement{X} \in \field{L}[Z_1,...,Z_N] \times \field{ord(E_2)} \times ... \times \field{ord(E_n)}$)}
+ \State Let $X = (P, x_2, ..., x_n)$
+ \State $\pset{P} = \pset{P} \cup \{P\}$
+ \State $X \assign (P(\overset{\rightharpoonup}{a}), x_2, ..., x_n)$
+ \EndBox
+ \State \textbf{If } $\sum[\groupelement{X}] = \bot$ \textbf{ then}
+ \State \quad $\sum[\groupelement{X}] \randomsample \{0,1\}^{\lceil log_2(|\curve|) \rceil} \backslash \pset{S}$
+ \State \quad $\mathbf{S} \assign \pset{S} \cup \{\sum[X]\}$
+ \State \Return $\sum[\groupelement{X}]$
+ \end{algorithmic}
+ \hrule
+ \caption{$G_2$}
+ \end{figure}
+\end{frame}
+
+\begin{frame}
+ \begin{figure}[H]
+ \hrule
+ \vspace{2mm}
+ \begin{algorithmic}
+ \Statex \underline{\oracle DL($j \in \{1,2,...,N\}$)}
+ \BeginBox[draw=green]
+ \State \textbf{for } $P_i \in \pset{P}$
+ \Comment{$G_3$}
+ \State \quad Let $P_i = R_i + S_i, R_i \in \field{L}[Z_1,...,Z_{j-1},Z_{j+1},...,Z_N], S_i \in \field{L}[Z_j]$
+ \State \quad $\pset{R} \assign \pset{R} \cup \{R_i\}$
+ \State \textbf{if } $\exists R_i, R_j \in \pset{R}: R_i(\overset{\rightharpoonup}{a}) = R_j(\overset{\rightharpoonup}{a}) \wedge R_i \neq R_j$
+ \State \quad $bad_1 \assign true$
+ \BeginBox[draw=orange,dashed]
+ \State \quad abort
+ \Comment{$G_4$}
+ \EndBox
+ \State \textbf{for } $P_i \in \pset{P}$
+ \State \quad $\sum[R_i(\overset{\rightharpoonup}{a}) + S_i] = \sum[P_i]$
+ \State \quad $P_i \assign R_i(\overset{\rightharpoonup}{a}) + S_i$
+ \EndBox
+ \State \Return $\{a_i | i \in \{1,2,...,N\} \backslash \{j\}\}$
+ \end{algorithmic}
+ \vspace{2mm}
+ \hrule
+ \caption{$G_3 - G_4$}
+ \end{figure}
+\end{frame}
+
+\begin{frame}
+ \begin{figure}[H]
+ \hrule
+ \tiny
+ \vspace{2mm}
+ \begin{algorithmic}
+ \Statex \underline{\game \textcolor{black}{$G_4$} / \textcolor{blue}{$G_5$} /\textcolor{red}{$G_6$} / \textcolor{green}{$G_7$} / \textcolor{orange}{$G_8$}}
+ \State \textbf{for} $i \in \{1,2,...,N\}$
+ \State \quad $a_i \randomsample \{ 2^{n-1}, 2^{n-1} + 2^c, ..., 2^{n} - 2^c \}$
+ \State \quad $P_i \assign Z_i$
+ \State \quad $\groupelement{A_i} \assign (P_i, 0, ..., 0)$
+ \State $(a'_1, a'_2, ..., a'_N) \randomassign \adversary{A}^{GOp(\inp, \inp, \inp), DL(\inp)}(Enc(\groupelement{B}), Enc(\groupelement{E_2}), ..., Enc(\groupelement{E_m}), Enc(\groupelement{A_1}), ..., Enc(\groupelement{A_N}))$
+ \BeginBox[draw=blue]
+ \State \textbf{if } $\exists P_i, P_j \in \pset{P}: P_i(\overset{\rightharpoonup}{a}) = P_j(\overset{\rightharpoonup}{a}) \wedge P_i \neq P_j$
+ \Comment{$G_5$}
+ \State \quad $bad_2 \assign true$
+ \BeginBox[draw=red,dashed]
+ \State \quad abort
+ \Comment{$G_6$}
+ \EndBox
+ \EndBox
+ \State \Return $(a_1, a_2, ..., a_N) \test (a'_1, a'_2, ..., a'_N)$
+ \end{algorithmic}
+ \vspace{1mm}
+ \begin{algorithmic}
+ \Statex \underline{\oracle DL($j \in \{1,2,...,N\}$)}
+ \State ...
+ \end{algorithmic}
+ \vspace{1mm}
+ \begin{algorithmic}
+ \Statex \underline{\oracle GOp($x, y \in \mathbf{S}, b \in \{0,1\}$)}
+ \State \quad \Return $Enc(\sum^{-1}[x] + (-1)^b \sum^{-1}[y])$
+ \end{algorithmic}
+ \vspace{1mm}
+ \begin{algorithmic}
+ \State \underline{\textbf{Procedure} Enc($\groupelement{X} \in \field{L}[Z_1,...,Z_N] \times \field{ord(E_2)} \times ... \times \field{ord(E_n)}$)}
+ \State Let $X = (P, x_2, ..., x_n)$
+ \State $\pset{P} = \pset{P} \cup \{P\}$
+ \State $X \assign (P(\overset{\rightharpoonup}{a}), x_2, ..., x_n)$
+ \State \textbf{If } $\sum[\groupelement{X}] = \bot$ \textbf{ then}
+ \State \quad $\sum[\groupelement{X}] \randomsample \{0,1\}^{\lceil log_2(|\curve|) \rceil} \backslash \pset{S}$
+ \State \quad $\mathbf{S} \assign \pset{S} \cup \{\sum[X]\}$
+ \State \Return $\sum[\groupelement{X}]$
+ \end{algorithmic}
+ \hrule
+ \caption{$G_5 - G_6$}
+ \end{figure}
+\end{frame}
+
+\begin{frame}
+ \begin{figure}[H]
+ \hrule
+ \tiny
+ \vspace{2mm}
+ \begin{algorithmic}
+ \Statex \underline{\game \textcolor{black}{$G_4$} / \textcolor{blue}{$G_5$} /\textcolor{red}{$G_6$} / \textcolor{green}{$G_7$} / \textcolor{orange}{$G_8$}}
+ \State \textbf{for} $i \in \{1,2,...,N\}$
+ \State \quad $a_i \randomsample \{ 2^{n-1}, 2^{n-1} + 2^c, ..., 2^{n} - 2^c \}$
+ \State \quad $P_i \assign Z_i$
+ \State \quad $\groupelement{A_i} \assign (P_i, 0, ..., 0)$
+ \State $(a'_1, a'_2, ..., a'_N) \randomassign \adversary{A}^{GOp(\inp, \inp, \inp), DL(\inp)}(Enc(\groupelement{B}), Enc(\groupelement{E_2}), ..., Enc(\groupelement{E_m}), Enc(\groupelement{A_1}), ..., Enc(\groupelement{A_N}))$
+ \State \textbf{if } $\exists P_i, P_j \in \pset{P}: P_i(\overset{\rightharpoonup}{a}) = P_j(\overset{\rightharpoonup}{a}) \wedge P_i \neq P_j$
+ \State \quad $bad_2 \assign true$
+ \State \quad abort
+ \State \Return $(a_1, a_2, ..., a_N) \test (a'_1, a'_2, ..., a'_N)$
+ \end{algorithmic}
+ \vspace{1mm}
+ \begin{algorithmic}
+ \Statex \underline{\oracle DL($j \in \{1,2,...,N\}$)}
+ \State ...
+ \end{algorithmic}
+ \vspace{1mm}
+ \begin{algorithmic}
+ \Statex \underline{\oracle GOp($x, y \in \mathbf{S}, b \in \{0,1\}$)}
+ \State \quad \Return $Enc(\sum^{-1}[x] + (-1)^b \sum^{-1}[y])$
+ \end{algorithmic}
+ \vspace{1mm}
+ \begin{algorithmic}
+ \State \underline{\textbf{Procedure} Enc($\groupelement{X} \in \field{L}[Z_1,...,Z_N] \times \field{ord(E_2)} \times ... \times \field{ord(E_n)}$)}
+ \State Let $X = (P, x_2, ..., x_n)$
+ \State $\pset{P} = \pset{P} \cup \{P\}$
+ \State \sout{$X \assign (P(\overset{\rightharpoonup}{a}), x_2, ..., x_n)$}
+ \State \textbf{If } $\sum[\groupelement{X}] = \bot$ \textbf{ then}
+ \State \quad $\sum[\groupelement{X}] \randomsample \{0,1\}^{\lceil log_2(|\curve|) \rceil} \backslash \pset{S}$
+ \State \quad $\mathbf{S} \assign \pset{S} \cup \{\sum[X]\}$
+ \State \Return $\sum[\groupelement{X}]$
+ \end{algorithmic}
+ \hrule
+ \caption{$G_7$}
+ \end{figure}
+\end{frame}
+
+\begin{frame}
+ \begin{figure}[H]
+ \hrule
+ \tiny
+ \vspace{2mm}
+ \begin{algorithmic}
+ \Statex \underline{\game \textcolor{black}{$G_4$} / \textcolor{blue}{$G_5$} /\textcolor{red}{$G_6$} / \textcolor{green}{$G_7$} / \textcolor{orange}{$G_8$}}
+ \State \textbf{for} $i \in \{1,2,...,N\}$
+ \State \quad \sout{$a_i \randomsample \{ 2^{n-1}, 2^{n-1} + 2^c, ..., 2^{n} - 2^c \}$}
+ \State \quad $P_i \assign Z_i$
+ \State \quad $\groupelement{A_i} \assign (P_i, 0, ..., 0)$
+ \State $(a'_1, a'_2, ..., a'_N) \randomassign \adversary{A}^{GOp(\inp, \inp, \inp), DL(\inp)}(Enc(\groupelement{B}), Enc(\groupelement{E_2}), ..., Enc(\groupelement{E_m}), Enc(\groupelement{A_1}), ..., Enc(\groupelement{A_N}))$
+ \BeginBox[draw=orange]
+ \State \textbf{for } $i \in \{1,2,...,N\}$
+ \State \quad \textbf{if } $a_i = \bot$
+ \State \qquad $a_i \randomsample \{ 2^{n-1}, 2^{n-1} + 2^c, ..., 2^{n} - 2^c \}$
+ \EndBox
+ \State \textbf{if } $\exists P_i, P_j \in \pset{P}: P_i(\overset{\rightharpoonup}{a}) = P_j(\overset{\rightharpoonup}{a}) \wedge P_i \neq P_j$
+ \State \quad $bad_2 \assign true$
+ \State \quad abort
+ \State \Return $(a_1, a_2, ..., a_N) \test (a'_1, a'_2, ..., a'_N)$
+ \end{algorithmic}
+ \vspace{1mm}
+ \begin{algorithmic}
+ \Statex \underline{\oracle DL($j \in \{1,2,...,N\}$)}
+ \BeginBox[draw=orange]
+ \State \textbf{for } $i \in \{1,2,...,N\} \backslash \{j\}$
+ \State \quad $a_i \randomsample \{ 2^{n-1}, 2^{n-1} + 2^c, ..., 2^{n} - 2^c \}$
+ \EndBox
+ \State ...
+ \end{algorithmic}
+ \vspace{1mm}
+ \begin{algorithmic}
+ \Statex \underline{\oracle GOp($x, y \in \mathbf{S}, b \in \{0,1\}$)}
+ \State \quad \Return $Enc(\sum^{-1}[x] + (-1)^b \sum^{-1}[y])$
+ \end{algorithmic}
+ \vspace{1mm}
+ \begin{algorithmic}
+ \State \underline{\textbf{Procedure} Enc($\groupelement{X} \in \field{L}[Z_1,...,Z_N] \times \field{ord(E_2)} \times ... \times \field{ord(E_n)}$)}
+ \State ...
+ \end{algorithmic}
+ \hrule
+ \caption{$G_8$}
+ \end{figure}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Concrete Security}
+
+ \begin{definition}[Success Ratio \cite{AC:HofJagKil11}]
+ Let adversary $\adversary{A}$ be an adversary with runtime Time($\adversary{A}$) and advantage $\advantage{\adversary{A}}{}$. Its success ratio is defined as following:
+
+ \[ SR(\adversary{A}) = \frac{\advantage{\adversary{A}}{}}{Time(\adversary{A})}. \]
+ \end{definition}
+
+ \begin{definition}[Bit Security \cite{AC:HofJagKil11}]
+ A cryptographic scheme has $\kappa$ bit security if the success ratio of all adversaries with a runtime $Time(\adversary{A}) \leq 2^\kappa$ is upper bounded by $2^{-\kappa}$.
+ \end{definition}
+\end{frame}
+
+\begin{frame}
+ \frametitle{Concrete Security}
+ \framesubtitle{Ed25519}
+
+ \begin{align*}
+ SR(\adversary{A}) &\leq \frac{\advantage{\group{G}, \adversary{A}}{\text{SUF-CMA}}(\secparamter)}{Time(\adversary{A})} \\
+ &\leq \frac{\advantage{\curve, n, c, L, \adversary{B}}{\sdlog} + \frac{2(\hashqueries + 1)}{2^b} + \frac{\oraclequeries \hashqueries + \oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}}{Time(\adversary{A})} \\
+ &\leq \frac{\frac{(\groupqueries + 3)^2 + 1}{2^{n-1-c}} + \frac{2(\hashqueries + 1)}{2^b} + \frac{\oraclequeries \hashqueries + \oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}}{Time(\adversary{A})} \\
+ &\leq \frac{(2^{125} + 3)^2 + 1}{2^{250} 2^{125}} + \frac{2(2^{125} + 1)}{2^{256} 2^{125}} + \frac{2^{64} 2^{125} + 2^{64}}{2^{252} 2^{125}} \\
+ &\approx 2^{-125} + 2^{-316} + 2^{-189} \\
+ &\approx 2^{-125}
+ \end{align*}
+\end{frame}
+
+\begin{frame}
+ \huge
+ \centering
+ \textbf{Thank you!}\\
+ Questions?
+\end{frame}
+
+\begin{frame}
+ \bibliographystyle{ieeetr}
+ \bibliography{../thesis/cryptobib/abbrev0,../thesis/cryptobib/crypto,../thesis/citation}
+\end{frame}
+
+\end{document}