diff --git a/thesis/macros.tex b/thesis/macros.tex
index 0c645e6..7e245cb 100644
--- a/thesis/macros.tex
+++ b/thesis/macros.tex
@@ -17,6 +17,7 @@
 \newcommand{\group}[1]{\mathbb{#1}}
 \newcommand{\oraclequeries}{q_o}
 \newcommand{\test}{\overset{?}{=}}
+\newcommand{\ch}{\textbf{ch}}
 
 % Special Dlog
 \newcommand{\sdlog}{DLog' }
@@ -33,7 +34,7 @@
 % Security Notions
 \newcommand{\cma}{SUF-CMA }
 \newcommand{\adversary}[1]{\mathcal{#1}}
-\newcommand{\advantage}[2]{Adv_{#1}^{#2}}
+\newcommand{\advantage}[2]{\text{Adv}_{#1}^{#2}}
 \newcommand{\prone}[1]{Pr[#1 \Rightarrow 1]}
 
 % Oracle
diff --git a/thesis/sections/security_of_eddsa/dlog'_implies_gamez.tex b/thesis/sections/security_of_eddsa/dlog'_implies_gamez.tex
index b6170da..f5a6c7e 100644
--- a/thesis/sections/security_of_eddsa/dlog'_implies_gamez.tex
+++ b/thesis/sections/security_of_eddsa/dlog'_implies_gamez.tex
@@ -32,7 +32,7 @@ For an adversary $\adversary{A}$ we define its advantage in the \sdlog game as f
 	\label{theorem:advgamez}
 	Let $\adversary{A}$ be an adversary against \igame with $\group{G}$ being a cyclic group of prime order $L$, making at most $\oraclequeries$ oracle queries. Then
 	
-	\[ \advantage{\igame,\adversary{A}}{\group{G}} \leq \advantage{\sdlog,\adversary{B}}{\group{G}} - \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \]
+	\[ \advantage{\igame,\adversary{A}}{\group{G}} \leq \advantage{\sdlog,\adversary{B}}{\group{G}} - \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \].
 \end{theorem}
 
 \paragraph{\underline{Proof Overview}}
@@ -49,22 +49,22 @@ The adversary has to call the \ioracle oracle with a commitment $\groupelement{R
 			\State \quad $a \randomsample \{2^{n-1}, 2^{n-1} + 8, ..., 2^n - 8\}$
 			\State \quad $\groupelement{A} \assign a \groupelement{B}$
 			\State \quad $s^* \randomsample \adversary{A}^{\ioracle(\inp)}(\groupelement{A})$	
-			\State \quad \Return $\exists \groupelement{R}^*, chall^*: \groupelement{R}^* = 2^c (s^* \groupelement{B} - chall^* \groupelement{A}) \wedge (\groupelement{R}^*, chall^*) \in Q$		
+			\State \quad \Return $\exists \groupelement{R}^*, \ch^*: \groupelement{R}^* = 2^c (s^* \groupelement{B} - \ch^* \groupelement{A}) \wedge (\groupelement{R}^*, \ch^*) \in Q$		
 		\end{algorithmic}
 		\columnbreak
 		\begin{algorithmic}[1] 
 			\Statex \underline{\oracle \ioracle($\agmgroupelement{R_i}{r_i} \in \group{G}$)}
 			\State \quad Let $\groupelement{R}_i = r_1 \groupelement{B} + r_2 \groupelement{A}$
-			\State \quad $chall_i \randomsample \{0,1\}^{2b}$
+			\State \quad $\ch_i \randomsample \{0,1\}^{2b}$
 			\BeginBox[draw=blue]
-			\State \quad \textbf{If} $2^c chall_i \equiv -r_2 \pmod L$ \textbf{then}
+			\State \quad \textbf{If} $2^c \ch_i \equiv -r_2 \pmod L$ \textbf{then}
 			\State \qquad $bad \assign true$
 			\BeginBox[draw=red,dashed]
 			\State \qquad $abort$
 			\EndBox
 			\EndBox
-			\State \quad $Q \assign Q \cup \{ (\groupelement{R}_i, chall_i) \}$
-			\State \quad \Return $chall_i$
+			\State \quad $Q \assign Q \cup \{ (\groupelement{R}_i, \ch_i) \}$
+			\State \quad \Return $\ch_i$
 		\end{algorithmic}
 	\end{multicols}
 	\hrule
@@ -78,16 +78,16 @@ The adversary has to call the \ioracle oracle with a commitment $\groupelement{R
 	\item \paragraph{\underline{$G_0$:}} Let $G_0$ be \igame. By definition,
 	
 	% TODO: Hier Sicherheitsparameter?
-	\[ \advantage{\igame,\adversary{A}}{\group{G}} = \Pr[\igame^{\adversary{A}} \Rightarrow 1] = \Pr[G_0^{\adversary{A}} \Rightarrow 1] \]
+	\[ \advantage{\group{G}}{\igame}(\adversary{A}) = \Pr[\igame^{\adversary{A}} \Rightarrow 1] = \Pr[G_0^{\adversary{A}} \Rightarrow 1] \].
 	
-	\item \paragraph{\underline{$G_1$:}} Game $G_1$ is exactly the same as $G_0$ with the only change being the bad flag being set inside an if condition. The bad flag is set if $2^c chall_i = -r_2$. This represents cases where not all solutions from the adversary $\adversary{A}$ can be used to calculate the discrete logarithm of $\groupelement{A}$. This is just a conceptual change since the behavior of the game does not change whether the flag is set or not. Hence,
+	\item \paragraph{\underline{$G_1$:}} Game $G_1$ is exactly the same as $G_0$ with the only change being the bad flag being set inside an if condition. The bad flag is set if $2^c \ch_i = -r_2$. This represents cases where not all solutions from the adversary $\adversary{A}$ can be used to calculate the discrete logarithm of $\groupelement{A}$. This is just a conceptual change since the behavior of the game does not change whether the flag is set or not. Hence,
 	
-	\[ \Pr[G_0^{\adversary{A}} \Rightarrow 1] = \Pr[G_1^{\adversary{A}} \Rightarrow 1] \]
+	\[ \Pr[G_0^{\adversary{A}} \Rightarrow 1] = \Pr[G_1^{\adversary{A}} \Rightarrow 1] \].
 	
-	\item \paragraph{\underline{$G_2:$}} Game $G_2$ aborts if the flag bad is set. For each individual \ioracle query the bad flag is set with probability at most $\frac{1}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}$. $c_i$ is chosen by the game after the adversary has provided the representation of $\groupelement{R_i}$ and therefor the value of $r_2$. This way the adversary has no way of choosing $chall_i$ after $r_2$ and can not influence the probability of the abort being triggert. $-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})$ is the min entropy of $chall_i \pmod L$. $chall_i$ is chosen uniformly at random from $\{0,1\}^{2b}$ and then reduced modulo $L$ during the check in the if condition. At first there are $2^{2b}$ possible values for $chall_i$. After the reduction module $L$ there are $min\{2^{2b}, L\}$ possible values left for $chall_i$. In the case that the values $L$ is smaller than $2^{2b}$ (this is the case in most instantiations of EdDSA) then the $chall_i$'s are not uniformly distributed in $\field{L}$. Since an adversary could use this information the min entropy of $chall_i$ has to be concidert, which takes this into account. By the Union bound over all $\oraclequeries$ queries we obtain $\Pr[bad] \leq \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}$. Since $G_1$ and $G_2$ are identical-until-bad games, we have
+	\item \paragraph{\underline{$G_2:$}} Game $G_2$ aborts if the flag bad is set. For each individual \ioracle query the bad flag is set with probability at most $\frac{1}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}$. $c_i$ is chosen by the game after the adversary has provided the representation of $\groupelement{R_i}$ and therefor the value of $r_2$. This way the adversary has no way of choosing $\ch_i$ after $r_2$ and can not influence the probability of the abort being triggert. $-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})$ is the min entropy of $\ch_i \pmod L$. $\ch_i$ is chosen uniformly at random from $\{0,1\}^{2b}$ and then reduced modulo $L$ during the check in the if condition. At first there are $2^{2b}$ possible values for $\ch_i$. After the reduction module $L$ there are $min\{2^{2b}, L\}$ possible values left for $\ch_i$. In the case that the values $L$ is smaller than $2^{2b}$ (this is the case in most instantiations of EdDSA) then the $\ch_i$'s are not uniformly distributed in $\field{L}$. Since an adversary could use this information the min entropy of $\ch_i$ has to be concidert, which takes this into account. By the Union bound over all $\oraclequeries$ queries we obtain $\Pr[bad] \leq \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}}$. Since $G_1$ and $G_2$ are identical-until-bad games, we have
 	% TODO: Müsste das nicht floor statt ceil sein?
 	
-	\[ |\Pr[G_1^{\adversary{A}} \Rightarrow 1] - \Pr[G_2^{\adversary{A}} \Rightarrow 1]| \leq \Pr[bad] \leq \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \]
+	\[ |\Pr[G_1^{\adversary{A}} \Rightarrow 1] - \Pr[G_2^{\adversary{A}} \Rightarrow 1]| \leq \Pr[bad] \leq \frac{\oraclequeries}{2^{-\log_2(\lceil \frac{2^{2b} - 1}{L} \rceil 2^{-2b})}} \].
 	
 	\item Finally, Game $G_2$ is well prepared to show that there exists an adversary $\adversary{B}$ satisfying
 	
@@ -102,21 +102,21 @@ The adversary has to call the \ioracle oracle with a commitment $\groupelement{R
 			\begin{algorithmic}[1]
 				\Statex \underline{\textbf{Adversary} $\adversary{B}(\groupelement{A})$}
 				\State \quad $s^* \randomassign \adversary{A}^{\ioracle(\inp)}(\groupelement{A})$
-				\State \quad \textbf{If} $\nexists \agmgroupelement{R^*}{r^*}, chall^*: \groupelement{R}^* = 2^c (s^* \groupelement{B} - chall^* \groupelement{A}) \wedge (\agmgroupelement{R^*}{r^*}, chall^*) \in Q$  \textbf{then}
+				\State \quad \textbf{If} $\nexists \agmgroupelement{R^*}{r^*}, \ch^*: \groupelement{R}^* = 2^c (s^* \groupelement{B} - \ch^* \groupelement{A}) \wedge (\agmgroupelement{R^*}{r^*}, \ch^*) \in Q$  \textbf{then}
 				\State \qquad $abort$
 				\State \quad Let $R^* = r_1 \groupelement{B} + r_2 \groupelement{A}$
-				\State \quad \Return $(2^c s^* - r_1)(r_2 + 2^c chall^*)^{-1}$
+				\State \quad \Return $(2^c s^* - r_1)(r_2 + 2^c \ch^*)^{-1}$
 			\end{algorithmic}
 			\columnbreak
 			\begin{algorithmic}[1] 
 				\Statex \underline{\oracle \ioracle($\agmgroupelement{R_i}{r_i} \in \group{G}$)}
 				\State \quad Let $\groupelement{R}_i = r_1 \groupelement{B} + r_2 \groupelement{A}$
-				\State \quad $chall_i \randomsample \{0,1\}^{2b}$
-				\State \quad \textbf{If} $2^c chall_i \equiv -r_2 \pmod L$ \textbf{then}
+				\State \quad $\ch_i \randomsample \{0,1\}^{2b}$
+				\State \quad \textbf{If} $2^c \ch_i \equiv -r_2 \pmod L$ \textbf{then}
 				\State \qquad $bad \assign true$
 				\State \qquad $abort$
-				\State \quad $Q \assign Q \cup \{ (\agmgroupelement{R_i}{r_i}, chall_i) \}$
-				\State \quad \Return $chall_i$
+				\State \quad $Q \assign Q \cup \{ (\agmgroupelement{R_i}{r_i}, \ch_i) \}$
+				\State \quad \Return $\ch_i$
 			\end{algorithmic}
 		\end{multicols}
 		\hrule
@@ -126,15 +126,15 @@ The adversary has to call the \ioracle oracle with a commitment $\groupelement{R
 	
 	To prove (\ref{eq:advbsdlog}), we define an adversary $\adversary{B}$ attacking \sdlog that simulates $\adversary{A}$'s view in $G_2$. Adversary $\adversary{B}$ formally defined in figure \ref{fig:adversarybsdlog} is run in the \sdlog game and adversary $\adversary{B}$ simulates \ioracle for adversary $\adversary{A}$. \ioracle is simulated perfectly.
 	
-	Finally, consider $\adversary{A}$ output $s^*$. We know that one $R^* = 2^c s^*B - 2^c chall^*A$. We can use this together with the representation of $R^*$ to get following equation:
+	Finally, consider $\adversary{A}$ output $s^*$. We know that one $R^* = 2^c s^*B - 2^c \ch^*A$. We can use this together with the representation of $R^*$ to get following equation:
 	
 	\begin{align*}
-		r_1 \groupelement{B} + r_2 \groupelement{A} &= 2^c s^* \groupelement{B} - 2^c chall^* \groupelement{A} \\
-		(r_2 + 2^c chall^*)A &= (2^c s^* - r_1)B \\
-		A &= (2^c s^* - r_1)(r_2 + 2^c chall^*)^{-1} B
+		r_1 \groupelement{B} + r_2 \groupelement{A} &= 2^c s^* \groupelement{B} - 2^c \ch^* \groupelement{A} \\
+		(r_2 + 2^c \ch^*)A &= (2^c s^* - r_1)B \\
+		A &= (2^c s^* - r_1)(r_2 + 2^c \ch^*)^{-1} B
 	\end{align*}
 	
-	Assuming that $r_2 + 2^c chall^*$ is invertible in $\field{L}$ (i.e. not equal to $0$), which is ensured due to the abort in $G_2$, both equations can be used to calculate the discrete logarithm of $\groupelement{A}$.
+	Assuming that $r_2 + 2^c \ch^*$ is invertible in $\field{L}$ (i.e. not equal to $0$), which is ensured due to the abort in $G_2$, both equations can be used to calculate the discrete logarithm of $\groupelement{A}$.
 	
 	\item This proves Theorem \ref{theorem:advgamez}.
 \end{proof}
\ No newline at end of file
diff --git a/thesis/sections/security_of_eddsa/gamez_implies_uf-nma.tex b/thesis/sections/security_of_eddsa/gamez_implies_uf-nma.tex
index 594c35a..1428d63 100644
--- a/thesis/sections/security_of_eddsa/gamez_implies_uf-nma.tex
+++ b/thesis/sections/security_of_eddsa/gamez_implies_uf-nma.tex
@@ -11,14 +11,14 @@ This section shows that \igame implies the UF-NMA security if the EdDSA signatur
 			\State \quad $a \randomsample \{2^{n-1}, 2^{n-1} + 8, ..., 2^n - 8\}$
 			\State \quad $\groupelement{A} \assign a \groupelement{B}$
 			\State \quad $s^* \randomsample \adversary{A}^{\ioracle(\inp)}(\groupelement{A})$	
-			\State \quad \Return $\exists \groupelement{R}^*, c^*: \groupelement{R}^* = 2^c (s^* \groupelement{B} - c^* \groupelement{A}) \wedge (\groupelement{R}^*, c^*) \in Q$		
+			\State \quad \Return $\exists \groupelement{R}^*, \ch^*: \groupelement{R}^* = 2^c (s^* \groupelement{B} - \ch^* \groupelement{A}) \wedge (\groupelement{R}^*, \ch^*) \in Q$		
 		\end{algorithmic}
 		\columnbreak
 		\begin{algorithmic}[1] 
 			\Statex \underline{\oracle \ioracle($\groupelement{R_i} \in \group{G}$)}
-			\State \quad $chall_i \randomsample \{0,1\}^{2b}$
+			\State \quad $\ch_i \randomsample \{0,1\}^{2b}$
 			\State \quad $Q \assign Q \cup \{ (\groupelement{R}_i, c_i) \}$
-			\State \quad \Return $chall_i$
+			\State \quad \Return $\ch_i$
 		\end{algorithmic}
 	\end{multicols}
 	\hrule