more proofs
This commit is contained in:
@@ -6,7 +6,7 @@ This section shows that MU-\igame implies MU-UF-NMA security of the EdDSA signat
|
||||
|
||||
%TODO: Fix collision
|
||||
\begin{definition}[MU-\igame]
|
||||
Let $n$ and $n$ be positive integers. For an adversary $\adversary{A}$ we define its advantage in the MU-\igame as following:
|
||||
Let $n$ and $N$ be positive integers. For an adversary $\adversary{A}$ we define its advantage in the MU-\igame as following:
|
||||
|
||||
\[ \advantage{\adversary{A}}{\text{MU-\igame}}(\secparamter) \assign | \Pr[\text{MU-\igame}^{\adversary{A}} \Rightarrow 1] | \].
|
||||
\end{definition}
|
||||
@@ -17,11 +17,11 @@ This section shows that MU-\igame implies MU-UF-NMA security of the EdDSA signat
|
||||
\large
|
||||
\begin{algorithmic}[1]
|
||||
\Statex \underline{\game \igame}
|
||||
\State \textbf{for} $i \in \{1,2,...,n\}$
|
||||
\State \textbf{for} $i \in \{1,2,...,N\}$
|
||||
\State \quad $a_i \randomsample \{2^{n-1}, 2^{n-1} + 8, ..., 2^n - 8\}$
|
||||
\State \quad $\groupelement{A_i} \assign a_i \groupelement{B}$
|
||||
\State $s^* \randomsample \adversary{A}^{\ioracle(\inp)}(\groupelement{A_1}, \groupelement{A_2}, ..., \groupelement{A_n})$
|
||||
\State \Return $\exists (\groupelement{R}^*, \ch^*) \in Q, i \in \{1,2,...,n\} \in : \groupelement{R}^* = 2^c s^* \groupelement{B} - 2^c \ch^* \groupelement{A_i}$
|
||||
\State $s^* \randomsample \adversary{A}^{\ioracle(\inp)}(\groupelement{A_1}, \groupelement{A_2}, ..., \groupelement{A_N})$
|
||||
\State \Return $\exists (\groupelement{R}^*, \ch^*) \in Q, i \in \{1,2,...,N\} \in : \groupelement{R}^* = 2^c s^* \groupelement{B} - 2^c \ch^* \groupelement{A_i}$
|
||||
\end{algorithmic}
|
||||
\vspace{2mm}
|
||||
\begin{algorithmic}[1]
|
||||
@@ -52,12 +52,12 @@ This section shows that MU-\igame implies MU-UF-NMA security of the EdDSA signat
|
||||
\large
|
||||
\begin{algorithmic}[1]
|
||||
\State \underline{\game $G_0$}
|
||||
\State \textbf{for} $i \in \{1,2,...,n\}$
|
||||
\State \textbf{for} $i \in \{1,2,...,N\}$
|
||||
\State \quad $(h_{i_0}, h_{i_1}, ..., h_{i_{2b-1}}) \randomsample \{0,1\}^{2b}$
|
||||
\State \quad $s_i \leftarrow 2^n + \sum_{i=c}^{n-1} 2^i h_i$
|
||||
\State \quad $\groupelement{A_i} \assign s_i \groupelement{B}$
|
||||
\State $(\m^*, \signature^*) \randomassign \adversary{A}^{H(\inp)}(\groupelement{A_1}, \groupelement{A_2}, ..., \groupelement{A_n})$
|
||||
\State \Return $\exists i \in \{1,2,...,n\}: \verify(\groupelement{A_i}, \m^*,\signature^*)$
|
||||
\State $(\m^*, \signature^*) \randomassign \adversary{A}^{H(\inp)}(\groupelement{A_1}, \groupelement{A_2}, ..., \groupelement{A_N})$
|
||||
\State \Return $\exists i \in \{1,2,...,N\}: \verify(\groupelement{A_i}, \m^*,\signature^*)$
|
||||
\end{algorithmic}
|
||||
\columnbreak
|
||||
\begin{algorithmic}[1]
|
||||
@@ -88,8 +88,8 @@ This section shows that MU-\igame implies MU-UF-NMA security of the EdDSA signat
|
||||
\vspace{1mm}
|
||||
\large
|
||||
\begin{algorithmic}[1]
|
||||
\Statex \underline{\textbf{Adversary} $\adversary{B}^{\ioracle(\inp)}(\groupelement{A_1}, \groupelement{A_2}, ..., \groupelement{A_n})$}
|
||||
\State $(\m^*, \signature^* \assign (\encoded{R}, S)) \randomassign \adversary{A}^{H(\inp)}(\groupelement{A_1}, \groupelement{A_2}, ..., \groupelement{A_n})$
|
||||
\Statex \underline{\textbf{Adversary} $\adversary{B}^{\ioracle(\inp)}(\groupelement{A_1}, \groupelement{A_2}, ..., \groupelement{A_N})$}
|
||||
\State $(\m^*, \signature^* \assign (\encoded{R}, S)) \randomassign \adversary{A}^{H(\inp)}(\groupelement{A_1}, \groupelement{A_2}, ..., \groupelement{A_N})$
|
||||
\State \Return $S$
|
||||
\end{algorithmic}
|
||||
\vspace{2mm}
|
||||
|
||||
Reference in New Issue
Block a user